~ Semi-Automatic – Default settings for this policy are for maintenance to repeat from Monday to Sunday at 12:00 AM, applications configured for Automatic Update, and Windows Updates configured for Automatic Install.

~ Manual – When this policy is selected, the Schedule and Repeat On options are disabled. Applications are configured for Manual Update and the Windows Updates are not configured.

~ Scheduled – Default settings for this policy are for maintenance to repeat from Monday to Sunday at 12:00 AM, applications configured for Schedule Update, and only certain Windows Updates configured for Automatic Install. Patch Scan Frequency is set to Download And Keep Windows Updates Ready When Available.

~ Custom – Default settings for this policy are set for maintenance to repeat from Monday to Sunday at 12:00 AM, applications configured in a combination of Automatic, Manual, Schedule and Version Freeze update, and only certain Windows Updates configured for Automatic Install. Patch Scan Frequency is set to Download And Keep Windows Updates Ready When Available.

~ Version Freeze – When this policy is selected, the Schedule and Repeat On options are disabled. Applications are configured for Version Freeze and all Windows Updates are Denied. Once the app has been installed on the computer, the app will not be updated to the current version.

~ Time – Select the preferred time from the drop-down list or enter a specific time to initiate maintenance.

~ Repeat on – Select the days when the maintenance will repeat.

~ When machine boots, start Maintenance Mode after X min – You can set the maximum time up to 60 minutes.

~ Time – Select the preferred time from the drop-down list or enter a specific time to initiate maintenance.

~ Date – Select the date when the maintenance will repeat every month. Pick a date between 1 to 28.

~ Proxy Server Information – specify the values for Address and Port.

~ User Authentication – if your proxy requires authentication, check My Proxy Server Requires Authorization. Select or specify values for Authentication Type, Username, Password, and Domain.

~ Critical Update – A widely released fix for a specific problem that addresses a critical, non-security-related bug

~ Security Update – A widely released fix for a product-specific, security-related vulnerability. Security vulnerabilities are rated by their severity as critical, important, moderate, or low.

~ Definition Update – A widely released and frequent software update that contains additions to a product’s definition database often used to detect objects that have specific attributes such as malicious code, phishing websites, or junk mail.

~ Update Rollup – A tested, cumulative set of hotfixes, security updates, critical updates, and updates packaged together for easy deployment. A rollup generally targets a specific area (such as security), or a component of a product (such as Internet Information Services (IIS)).

~ Service pack – A tested, cumulative set of all hotfixes, security updates, critical updates, and updates. Additionally, service packs may contain additional fixes for problems that are found internally since the release of the product. Service packs may also contain a limited number of customer-requested design changes or features.

~ Tool – A utility or feature that helps complete a task or set of tasks.

~ Feature pack – New product functionality that is first distributed outside the context of a product release and that is typically included in the next full product release.

~ Updates – A widely released fix for a specific problem that addresses a non-critical, non-security-related bug.

~ Drivers* – Software that controls the lower level input and output of a device.

~ Microsoft – Updates for Microsoft applications.

~ Upgrades – Feature updates to Windows Operating Systems.

~ Automatic Install – Select this option to automatically install category patches.

~ Automatically Install Deferral – Select this option to delay updates that are set to Automatic Install until up to X days from the date of the release of the update.

~ Denied – Select this option to deny installation of the category patches.

~ Force auto-reboot prior to installation if user is logged on – Enable this option to force auto-reboot a computer when the machine goes into maintenance if a user is logged on. When selected, the user will receive a notification that the computer is scheduled for maintenance.

~ Allow user to defer reboot (if required) once update is completed

* Never reboot automatically – Enable this option to prevent the computer from automatically rebooting after an update has been completed.

* Defer reboot up to X times – Enable this option to allow users to defer rebooting of the computer up to a maximum of 5 times.

~ Once every 24 hours

~ Once every 12 hours

~ Once every 6 hours

> Semi-Annual Channel (Targeted) – Select this option to install the updates on select computers to evaluate the major release prior to deployment for the whole organization.

> Semi-Annual Channel – Select this option install the updates for all computers.

> Anti-Virus Settings

~ Enable Active Protection – Select to activate real-time protection for all computers using this policy.

* Allow user to switch off Active Protection – Select to allow users to switch off Active Protection.

* Show Active Protection Alert – Select to display Active protection alerts.

> Cleanup Action – Select the default action for infected files

~ Clean/Quarantine – When a threat is detected, attempt to disinfect the file and quarantine if unsuccessful. If the file could not be disinfected, it will be quarantined and will not be deleted.

~ Clean/Delete – When a threat is detected, attempt to disinfect the file and delete if unsuccessful. If the file could not be disinfected, it will be deleted from the computer.

~ Delete items from quarantine that are older than X days. Specify the number of days to retain items in quarantine. The default is 3 days. The maximum is 365 days.

> Scan Schedule – Enable the type of scan to schedule for this policy.

~ Quick Scan – Click the Edit icon for Quick Scan. Configure the following options and click Update.

* Enable Quick Scan – select the checkbox to enable Quick Scan.

* Start – specify the start time.

* Stop – specify the end time. The maximum duration between the Start time and Stop time is 23.59 hours. The scan ends if all the files are scanned before the Stop time. If the scan is not complete before the Stop time, it is aborted at the Stop time. Alternatively, select When scan is complete to ensure that scan is completed.

* Days – select the days when the scheduled Quick Scan will take place.

~ Deep Scan – Click the Edit icon for Deep Scan. Configure the following options and click Update.

* Enable Deep scan – select the checkbox to enable Deep Scan.

* Start – specify the start time.

* Stop – specify the end time. The maximum duration between the Start time and Stop time is 23.59 hours. The scan ends if all the files are scanned before the Stop time. If the scan is not complete before the Stop time, it is aborted at the Stop time. Alternatively, select When scan is complete to ensure that scan is completed.

* Days – select the days when the scheduled Deep Scan will take place.

> Scan Options

~ Randomize scheduled scan start times by x minutes – specify the number of minutes. The scheduled scan start time is randomized to reduce the impact on network traffic. This might impact the network traffic if the scan for multiple systems start at the same time.

~ Do not perform quick scan – select this option if you do not want to perform quick scan on startup.

~ Perform quick scan approximately x minutes after start-up – specify the number of minutes after start-up when Anti-Virus must perform a quick scan.

~ Prompt user to perform quick scan – select the option to prompt user to perform a quick scan.

> Advanced Options

~ Enable rootkit detection – detects if the computer is infected with a rootkit.

~ Scan inside archives – scans the contents of a zip file. Select for the scan to include archive files, such as .RAR and .ZIP files. When a .RAR file is found to contain an infected file, the .RAR file will be quarantined. If a .ZIP file is found to contain an infected file, the infected file is quarantined and replaced by a .TXT file with text indicating that it was infected and that it has been quarantined. Specify the File Size Limit.

~ Exclude removable drives (e.g USB) – excludes the removable drives from the scan process. Any external hard disks, USB drives etc will not be scanned.

~ Scan Registry – scans the registry for threats.

~ Scan Running Processes – scans all running processes on the computers.

~ Restore Defaults – click Restore Defaults if you want to restore all the default settings for the Advanced Options.

> Scan Exceptions

> USB Devices

~ Scan USB drives upon insertion – select this option to scan USB drives upon insertion and select one of the following options:

* Interrupt active scan for USB scan – select this option to interrupt an active scan to scan the USB drive when it is inserted. Once the active scan is interrupted, it will not resume automatically and must be restarted manually.

* Do not perform a scan if another scan is already in progress – select this option to ensure that an active scan is not interrupted when a USB drive is inserted. The USB drive must be manually scanned once the active scan is complete.

~ Suppress USB scan in progress dialogue – select this option to hide indications that Anti-Virus is scanning USB drives when they are inserted; no Anti-Virus interface will open, and the system tray icon will not display tooltips indicating a scan in progress. Users will be notified at the end of a scan if a virus was found, but if no viruses were detected there will be no notification that the scan occurred.

> Remove Anti-Virus – Click Uninstall Anti-Virus to remove Anti-Virus from all the computers on this policy.

> Firewall Protection Settings

~ Enable Firewall Protection – select the checkbox to enable Firewall Protection.

* Allow users to disable firewall – select this option to allow users to disable the firewall at the computer.

* Enable Firewall Logging – select this option to log all actions related to the Firewall.

> Firewall Rules – Configure settings for Program Rules, Network Rules, Advanced Rule, Intrusion Rules, and Trusted Zones.

~ Program Rules

* Name – name of the rule.

* Program – name of the program, including full path and extension.

* Trusted Zone Inbound – the action to be taken for inbound communication to the program in a Trusted Zone (Allow or Block).

* Trusted Zone Outbound – the action to be taken for outbound communication from the program in a Trusted Zone (Allow or Block).

* Untrusted Zone Inbound – the action to be taken for inbound communication to the program in an Untrusted Zone (Allow or Block).

* Untrusted Zone Outbound – the action to be taken for inbound communication from the program in an Untrusted Zone (Allow or Block).

> Network Rules

> Advanced Rules

~ Name – name of the rule.

~ Program – name of the program and path.

~ Action – the action taken by the Firewall for communication from the specified application, port or protocol (Allow or Block).

~ Direction – the direction of communication (Both, In or Out).

~ Protocol – Select the protocol and click Add.

~ Local Port – details of the local port.

~ Remote Port – details of the remote port.

> Trusted Zones

~ Name – name of the Trusted Zone.

~ Description – description of the Trusted Zone.

~ Type – type of the Trusted Zone (IP Address or Network).

> User Actions

~ Show taskbar icon – select the checkbox to display Faronics Anti-Virus icon on the taskbar at the computer(s). If this checkbox is not selected, Faronics Anti-Virus will be hidden to the user.

~ Allow manual scanning – select the checkbox to allow users to manually initiate Anti-Virus scanning at the computer(s).

~ Allow user to take action on scan results – select the checkbox to allow the computer user to take action on the scan results.

~ Allow user to abort a scan initiated locally – select the checkbox to allow users to abort the scan initiated locally at the computer.

> Cache Server

~ Use Anti-Virus Cache Server – select the checkbox if you have set up an Anti-Virus Cache Server on your network that downloads and distributes virus definitions to all computers.

* Server Name – specify the name of the Anti-Virus Cache Server.

* Server IP – specify the IP address of the Anti-Virus Cache Server.

~ Connect to Web Server if there is no communication with the Anti-Virus Cache Server in the last x hours – select this option if the managed computers must connect to the Web Server through the Internet if the Anti-Virus Cache Server is not accessible for some reason.

> Windows Security Center

~ Integrate into Windows Security Center – select the checkbox to integrate Anti-Virus into the Windows Security Center. Windows Security Center will notify you via the System Tray if Anti-Virus is active or inactive.

> Log Actions – select the checkbox to enable Log Actions.