Heimdal Security Assistance and Support Help Center home page

Articles in this section

Next-Gen Antivirus, Firewall & MDM

Last updated

In order to have a good experience using the HEIMDAL™ Security services and the HEIMDAL™ Next-Gen Antivirus, Firewall & MDM module, we recommend you take a look at the following information:

  1. Description
  2.  Next-Gen Antivirus Management
  3. Firewall Management
  4. Ransomware Encryption Protection
  5. HEIMDAL™ Next-Gen Antivirus, Firewall & MDM on Windows Servers

 

 Description:

Heimdal™ Next-Gen Antivirus, Firewall & MDM is the reactive protection side of our product suite. It is the next-gen antivirus solution that reacts to infected files found on the system. It complements the Heimdal™ Threat Prevention - Endpoint product module, to offer all-around protection. It offers a centralized management interface across all the devices for easy corporate client management. It is flexible, easy to use and it offers a wide variety of scanning profiles to fit your corporate needs.  These are the three modules included in it:

- Next-Gen Antivirus Management

- Firewall

- Ransomware Encryption Protection

 

The three modules can be enabled in the Endpoint Settings section, as per below: 

mceclip0.png

 

The Antivirus can be found in your computer agent, where you can easily run a quick scan directly from the application:

mceclip2.png

 

You are able to go and choose for multiple types of scans to execute on the computer (only if the admin wants to):

mceclip3.png

 

Also, you can see if you have scans on the computer that happen automatically:

mceclip4.png

There is also an option to scan individual files/folders using the option "Scan with Next-Gen Antivirus ", which can be found by right-clicking on the selected file/folder.

The limit is 15 selected files/folders at a time.

qskA2Yzxts.png

 

 

Next-Gen Antivirus Management

As a standalone, Antivirus product, Heimdal™ Next-Gen Antivirus, Firewall & MDM features a complex threat scan module that is capable of detecting viruses, trojans, riskware, heuristic threats, adware, backdoor, constructors, dialers, exploits, trash, APCs. Besides the scan module that is available on each Thor installation, the Antivirus as a concept also features:

  • reporting and control dashboard (see chapter 7.1.4)
  • protection cloud (see chapter 7.1.4)
  • local quarantine location
  • VDFs (Virus Definition Files)

You can find Heimdal™ Next-Gen Antivirus, Firewall & MDM on the left side of the Dashboard, where, entering the module, you will see the below options:

  • Latest Infections View
  • Infections Type View
  • Hostname/ Infections View
  • Quarantine View
  • Exclude View
  • Scan History

mceclip1.png

 

How to exclude a file from the quarantine view? 

In order to do this, you need to navigate to Endpoint Detection > Next-Get Antivirus, Firewall & MDM > Quarantine View

Here you need to search the file that you want to exclude, select it, and from the drop-down menu to select Exclude

quarantined.png

After Exclude option has been selected, a pop-up will appear from where you can choose what type of exclusion would you like to do

pop-up.png

From this pop-up you can select to:

Local Exclude - just for that hostname on which it was detected

Global exclude for a specific Group Policy - means that you will exclude the file for all the machines from a certain GP

Global exclude - will exclude the file in all your Group Policies

Add by file name - will make the exclusion based on the name of the files

Add by Directory name / path - will make the exclusion based on the Directory name / patch of the file

Add by file path - will make the exclusion based on the patch of the file

 

Firewall View:

  • Firewall Rules

mceclip2.png

  • Firewall Alerts

mceclip3.png

 

 

Linked Articles:

  • Click here for more details about Heimdal™ Next-Gen Antivirus, Firewall & MDM module
  • Click here to find out Heimdal™ Next-Gen Antivirus, Firewall & MDM available scans
  • Click here for more details about the files you can add to your Antivirus Exclusion List

 

 

Firewall Management

This is the module that allows you to control the Windows Firewall from the Heimdal Management Portal. Also, it brings an extra layer of protection for your computer.

You can easily enable this module by entering your Settings section as you will see below:

mceclip4.png

 

 

Ransomware Encryption Protection

This new module has the purpose to detect processes that encrypt files on the endpoint with malicious intent.

mceclip5.png

 

Linked Articles:

  • Click here for more details about the Ransomware Encryption Protection module

  • Click here for more details about the Firewall Management module
  • Click here for more details about the exceptions needed behind a Firewall
  • Click here for more details about blocking TOR nodes with Heimdal Firewall
  • Click here for more details about the used PORTS in Heimdal

 

Heimdal™ Next-Gen Antivirus, Firewall & MDM on Windows Servers  

Windows Server (regardless of version) does not have the WSC (Windows Security Center) service, where Antivirus providers can register. That means, we cannot register ourselves as an AV, or can we detect if another Antivirus is installed.   

That means that the Antivirus (Defender in this case) is not registered. In conclusion, we can't detect it. Windows Defender cannot be removed by Heimdal on Windows Server. They have to be treated manually.

 

Linked Articles:

  • Click here for more details about Interference between Windows OS and Heimdal™ Privileged Access Management
  • Click here for more details about Latest Version 2.5.294 RC and 2.5.295 PROD
  • Click here for more details about the Antivirus Removal
  • Click here for more details about the function of Thor with an Antivirus Software

 

Here is a short presentation of Heimdal™ Next-Gen Antivirus, Firewall & MDM product overview: