Creating a New Spyware Scan Template

Name

The name that you wish to assign to this scan template.

Comment

A description of the template.

Filtering tab

• Signature Filter: Either scan for or skip the signatures specified in Signature group(s) list. See Creating a signature group for information on creating a signature group.  If you do not wish to use this particular criteria, specify Do Not Filter.

• Criticality Filter: What user assigned criticality level -- Ignore, Low, Medium, High, Critical -- should the scanner either skip or include (at or below the specified level).  If you do not wish to use this particular criteria, specify Do Not Filter.

• Risk Filter: What user assigned risk level -- Low, Moderate, Important, Critical -- should the scanner either skip or include (at or below the specified level). If you do not wish to use this particular criteria, specify Do Not Filter.

• Low: This category of  software poses a minor risk to a network. Additional research and appropriate action should be taken if warranted; if the program was intentionally installed or does not violate company policy, it can safely be disregarded.

• Moderate: This category of software poses a medium risk to a network. This threat category should be investigated and addressed as time permits.

• Important: This category of software poses a considerable risk to a network. This threat category should be mitigated as soon as possible.

• Critical: This category of software poses a hazardous risk to a network. This is a top priority threat and should be mitigated immediately.

• Impact Area Filter: Scan for or skip signatures for the selected impact areas.  The options are:

• Confidentiality: Relates to unauthorized information disclosure. Areas of concern include corporate or personal data files and user behavior.

• Integrity: Relates to unauthorized usage of network, computer, or software resources affecting the operations of those systems by changing what they do or how they perform. Areas of concern include data that should not be altered, manipulated or destroyed in an unauthorized manner.

• Availability: Relates to making computer resources available for employees and customers to use for business purposes. Areas of concern include keeping applications, networks, computers, and data accessible to authorized users or entities.

• Non-Business: Degrades or detracts from the legitimate business use of corporate computer resources is the focus of a "non-business" impact. Areas of concern include software which does not meet business functions such as games, or inappropriate materials that violate company policy.

• Productivity: Reduces the amount of work an employee or computer system may accomplish. Areas of concern include software which diverts computer resources for its own use, or which render a user's computer functionally inoperable.

• Category Filter: Scan for or skip signatures for the selected categories. If you do not wish to use this particular criteria, specify Do Not Filter.

• Spyware, Malware, Adware, and NonBizWare: For complete definitions of these categories, see www.shavlik.com\shavlik_spyware\CategoryDefinitions.html.

• Protection: Custom signatures created by that are used to detect the current states of protection on the machines that are scanned. See What is a Protection Signature? for more information.

• Automatically remediate with: Allows you to select a remediation template to use to automatically remove the signatures associated with this scan template.

General tab

• Scan For: During the scanning process, you can choose to scan for just detected signatures or for both detected and remediated signatures.  When scanning for both detected and remediated signatures, will report on signatures that have been removed from a machine.

• Simultaneous machines scanned: Specify if you want to simultaneously scan a few machines or many machines.   can scan up to 64 machines at a time.  The more machines you scan at the same time the more network resources that are required.  Reduce this number if you are scanning over a slow link.

• Create scanner log files: If enabled, creates a log file for the scanning process.  This is especially useful if you are running into a problem and need to contact the Support group.

• Allow Alter Permissions: If enabled, enables the program to alter registry and file permissions on the scanned machines in order to detect the more sophisticated spyware signatures.

• View warnings: If enabled, enables you to view any warnings that are generated during the scanning process.

• Ignore cookies: If enabled, specifies that the scanner should not scan for spyware-related cookies. Cookies are generally considered a low risk and enabling this option will reduce the time required to perform the scan.

• XML File Location: Enables you to specify whether you want to use the default XML data file or a different XML data file.  The specified data file will be downloaded during the scanning process. This file contains the spyware information and characteristics that define whether a signature has been detected on your system.
  
  If you want to use a different data file you must specify where it is located.  The XML data file can be located anywhere accessible by the program and can be specified using a UNC location or an HTTP path.  To select a location, click the selection box to the right of the entry field.

• Network Scan: Scan the target machines using the scan engine located on the console machine. This scanning option does not use the schedulers defined on the Tools > Options > General > Scheduling dialog.

• Dissolving Service Scan: A separate instance of the spyware scan engine is copied to each target machine and each scan is performed locally on each machine. The scheduler defined on the Tools > Options > General > Scheduling dialog dictates how each scan is initiated (see General Options - Scheduling).
  
  See Spyware Scan Options for more information about Network Scan vs. Dissolving Service Scan.

Note: MSXML 2.5 or later is required on the target machines in order to perform a Dissolving Service Scan. Windows NT 4.0 and Windows 2000 Gold systems are those most likely not to have MSXML 2.5 or later.

• Maximum overall CPU utilization: If you enable Dissolving Service Scan, you can use this option to specify the average amount of CPU time you will allow to be dedicated to performing the scans on each target machine . A higher value allows the scans to be performed more quickly, but the machines are also at risk from a "misbehaving" process that could monopolize all of the available CPU time.  Reducing this value will help prevent the machines from becoming unresponsive.

E-Mail tab

This tab enables you to specify which reports should be automatically sent and to whom the reports should get sent.  The specified reports will be sent when a scan using this template is completed.

There are many different reports that can get sent. To understand what a particular report contains, click on the report in the Available Reports list and view its description immediately below the list.

To specify which reports should be automatically sent and to whom they should be sent:

Note:  New templates must be saved before you can perform these steps.

1. Select a report in the Available Reports list.

2. In the Available Contacts list, select the groups and/or individuals you want to e-mail the report to and then move those groups and/or individuals to the Report Recipients list.

3. Repeat Step 1 and Step 2 for each report you want to be automatically sent.

4. When finished, click Save.