Security for Storage
In the Storage Protection section of the policy settings, you can configure Security Servers as scanning service for Network-Attached Storage (NAS) devices and file-sharing solutions compliant with Internet Content Adaptation Protocol (ICAP), such as Nutanix Files and Citrix ShareFile.
Security Servers scan any files, including archives, when requested by the storage devices. Depending on settings, Security Servers take appropriate actions on infected files, such as disinfecting or denying access.
Note
Availability and functioning of this feature may differ depending on the license included in your current plan.
Security for Storage is a Bitdefender service designed to protect Network-Attached Storage (NAS) devices and file-sharing systems compliant with Internet Content Adaptation Protocol (ICAP). For supported file-sharing systems, refer to Storage Protection requirements. For details on installing Security for Storage, refer to this section.
Note
It is recommended to install and configure at least two Security Servers in your environment to act as ICAP servers. BitdefenderSecurity Servers analyze files, send verdicts to the storage systems and take appropriate actions if necessary. In case of overloading, the first Security Server redirects the surplus of data to the second one.
As best practices, install dedicated Security Servers for storage protection, separately from the Security Server used with other roles, such as antimalware scanning. For details about the Security Server installing procedure, refer to the Installing Security Server section.
The Storage Protection settings are organized into the ICAP and Exclusions sections.
ICAP
In this section of the policy you configure the following options for Security Servers:
Select the On-access Scanning check box to enable the Storage Protection module. The required settings for communication between Security Servers and the storage devices are predefined as follows:
Service name:
bdicap
.Listen port:
1344
.
Under Archive Scanning Settings, select the Scan Archive check box to enable archive scanning. Configure the maximum size and the maximum depth of the archives to be scanned.
Note
If you set the archive maximum size to 0 (zero), Security Server scans archives regardless of their size.
Under Congestion Control, choose the preferred method of managing the connections on storage devices in case of Security Server overloading:
Automatically drop new connections on storage devices if Security Server is overloaded. When one Security Server has reached a maximum number of connections, the storage device will redirect the surplus to a second Security Server.
Maximum number of connections on storage devices. The default value is set to 300 connections.
Under Scan Actions, the following options are available:
Deny access – when malware is found, Security Server sends the event to the ICAP client, which denies access to the infected file.
Disinfect - when malware is found, Security Server sends the event to the ICAP client, which removes the infected part of the file.
Once configured, you can view data about the Storage Protection module in the Network inventory, Click the name of the Security Server used as ICAP server and go to the Protection tab in the details window to see this information:
Service status:
N/A – Storage Protection is licensed, but the service is not configured yet.
Enabled – the service is enabled in the policy and functioning.
Disabled – the service is not functioning either because it has been disabled from the policy or the license key has expired.
List of the storage devices that have been scanned during the past month, with these details:
Storage device name
Storage device IP
Storage device type
The date and time of the last communication between the storage device and Security Server.
Exclusions
If you want specific objects to be excluded from scanning, select the Exclusions check box.
You can define exclusions:
By hash – you identify the excluded file by SHA-256 hash.
By wildcard – you identify the excluded file by path.
Configuring exclusions
To add an exclusion:
Select the exclusion type from the menu.
Depending on the exclusion type, specify the object to be excluded as follows:
Hash – enter SHA-256 hashes separated by comma.
Wildcard – specify an absolute or a relative pathname by using wildcard characters. The asterisk symbol (*) matches any file within a directory. A question mark (?) matches exactly one character.
Add a description for the exclusion.
Click the Add button. The new exclusion will be added to the list.
To remove a rule from the list, click the corresponding Delete button.
Importing and exporting exclusions
If you intend to reuse the exclusions in more policies, you can choose to export and import them.
To export exclusions:
Click the Export at the upper side of the exclusions table.
Save the CSV file to your computer. Depending on your browser settings, the file may download automatically, or you will be asked to save it to a location.
Each row in the CSV file corresponds to a single exclusion, having the fields in the following order:
<exclusion type>, <object to be excluded>, <description>
These are the available values for the CSV fields:
Exclusion type:
1
, for for SHA-256 hash2
, for for wildcardObject to be excluded:
A hash value or a path name
Description
A text to help identify the exclusion.
Example of exclusions in the CSV file:
2,*/file.txt,text 2,*/image.jpg,image 1,e4b0c44298fc1c19afbf4c8996fb9227ae41e4649b934ca991b7852b855,hash
To import exclusions:
Click Import. The Import Policy Exclusions window opens.
Click Add and then select the CSV file.
Click Save. The table is populated with the valid exclusions. If the CSV file contains invalid exclusions, a warning informs you of the corresponding row numbers.
Editing exclusions
To edit an exclusion:
Click the exclusion name in the Path column or the description.
Edit the exclusion.
Press Enter when finished.