Best practices for creating Datto AV policies
When creating a new Datto AV policy, your goal should be to achieve maximum protection while minimizing the resource utilization impact on the endpoint.
This article provides optimal settings and use cases for each section of the Datto AV policy configuration page.
NOTE For a comprehensive overview of the Policies page, refer to our Working with the Policies page.
Antivirus tab - Security Profile
Setting name | Recommended configuration |
---|---|
Alert Only | When first enabling a Datto AV policy, enabling Alert Only mode allows you to monitor results without quarantining any files. This prevents false positives from being quarantined. You can create exclusions to fine-tune the policy. |
Protect & Quarantine | After fine-tuning the policy in Alert Only mode, enable Protect & Quarantine. This enables Real-time Protection Scans automatically. |
Disable | Click to disable real-time protection scans and scheduled scans. Only use this option for diagnosis and testing. No files will be detected or quarantined. |
Real-time Protection Scan
Setting name | Recommended configuration |
---|---|
Enable Real-time Protection Scans | Enabled: Real-time protection provides on-access monitoring of newly-created files and processes. It is a critical component and provides protection for every situation. |
Enable Scan Archives | Disabled: Archives are files such as ISO or compressed files. Real-time protection of archive files can help protect your endpoints from malware that uses compression to evade detection. |
Scan storage devices on local networks |
Disabled: Scanning these drives does provide protection, but it is not necessary when the network shares are protected by antivirus solutions. Using Datto AV to scan network drives diverts resources from the host to scan the network files. |
Enable Behavior Based Malware Detection |
Enabled: Considerations:
|
Exclusions
Setting name | Recommended configuration |
---|---|
Include Universal AV Exclusion | Disabled: This feature is only necessary if you have created a Universal AV Exclusion list. |
Add Exclusion | None: These features are only necessary when a known, safe object continues to trigger alerts. Exclusions must be formatted as a full path and are not case-sensitive. |
Scheduled File Scan Settings
Files
Setting name | Recommended configuration |
---|---|
Scan Recommended File Types Only | Enabled: During a scheduled scan, Datto AV will scan file extensions of known malware and traditional objects. Scanning all file types may create additional load on the endpoint while the amount of additional protection will be limited. Some situations may benefit from scanning all file types, such as a file host that typically has limited resource utilization, or a server that does not have other controls to limit the file types that can be saved. |
Scan Archives | Disabled: Real-time scanning will analyze archive files when accessed by any process. Scanning archives with scheduled scans does not limit the number of files, file size, or nested folders, which can significantly impact resources on the endpoint. |
Schedule Full Scan & Schedule Quick Scan
Setting name | Recommended configuration |
---|---|
Schedule Full Scan | Disabled: Full scans are not necessary under normal conditions with real-time scanning. Full scans will analyze all objects in all directories. Specific situations may benefit from full scans, such as a server that hosts personally identifiable information (PII) or other sensitive information and which can support high resource utilization without disrupting business. |
Schedule Quick Scan | Enabled: Schedule quick scans daily at a time of low system usage. Quick scans provide a low-resource way to scan folders that are frequently leveraged by a majority of malware. Quick scans can detect malware that has yet to be opened by a malicious process. |
Logging
Setting name | Recommended configuration |
---|---|
Enable Debug Logging | Disabled: However, this feature is useful for troubleshooting and the Support team may request this to be enabled when troubleshooting AV issues. |