In this section, you can:
- configure the On Access module (real-time file monitor)
- choose what items are scanned automatically on your computer
- change advanced detection options
- decide what the Antivirus should do when a piece of malware is encountered
The On demand engine uses predefined profiles for running a single scan at a specific date (manually started by you or according to the scheduling).
The On Access engine runs in the background and actively checks all the files for potential threats just before they are accessed by the running processes on the computer. To do so, the real-time scan engine will monopolize a small part of the computer processing resources to watch over the used files. This can result in a slight slowdown when accessing folders with large file numbers or when opening applications that need access to many resources.
Altering the On Access settings will directly influence both the computer and application performance and can result in lowering the security level of your computer. Running regular system scans can compensate for a more lax and permissive real-time scan engine.
Clicking on the Antivirus option allows you to tick the On Access engine on or off. Keeping the real-time monitor turned off will leave your computer exposed to viruses, spyware, malicious websites and various exploits.
This section allows you to customize the BullGuard real-time file scanner by choosing what files it will scan and defining possible exceptions to the scanning process.
Scan files: allows the On Access engine to scan all files prior to being accessed by the running programs. It also scans all files displayed in a folder when accessing it via Windows Explorer.
Only scan files loaded for execution: the real-time monitor will only scan executable files (files performing actions based on encoded instructions – exe, bat, com, dll, sys etc). It is a recommended option for slower computers or if you notice a significant slowdown in your computer's performance. Click on File types to include other extensions for files the Antivirus should scan as well.
Behavioural Detection: This feature adds another layer of defence against an ever increasing volume of malware. It will enable the Antivirus engine to detect threats not by relying on definitions files, but by closely monitoring processes and files’ access to sensitive operating system areas such as Windows registry or installation folders.
Allowing false-positive detection cases
A Behavioural scan engine may include a slightly increased rate of "false positive" detection cases. Even so, you can still run your program by allowing the blocked application from the alert pop-up message. We recommend that you report such cases in order to have them analysed and, depending on the results, whitelisted.
Click on Allow to continue using the application if you consider it was a "false positive" detection case. You can report any "false positive" cases to us and we will whitelist any legitimate programs. Otherwise, you can Quarantine the file until further notice to prevent any damage to your computer.
Exclude files from scan: allows you to indicate what files, folders or processes are exempt from being scanned by the On Access engine.
Exclude by file size: you can increase or decrease the file size you wish to have scanned from specific areas such as "Local files" (files from the hard disk installed on the computer) and "Remote files" (files shared on any local network you have access to).
Program files: this option refers to executable files alone and the default size is 30 MB.
Other files: refers to other types of files (multimedia files, documents, some application/operating system resources).
Network program files: targets shared files on the Local Area Network (LAN). To improve transfer rates between local network computers you can use lower values for the Network files. We advise you to lower them only if you have visible slowdowns when accessing shared folders or if the computer is located in a controlled environment (office local networks) where most resources are available on the LAN’s servers.
Exclude file types: specifies what file types can be skipped by the real-time monitor based on their extensions. To add extensions to the white list click on the + button. To remove them, click on the – button. This option is used mostly for the popular multimedia extensions such as jpg or mp3.
Exclude folders: the folders whitelist is used to exclude specific folders from the real-time scan engine. This option is used mostly to increase performance for applications accessing a very high number of resources. However, it can be a security risk if you can’t be sure whether the files are clean or not. If you do not trust the application provider or source, we recommend excluding that folder from the real time file scanning white list.
Clicking on the + button will open a browse window. To add a folder, you need to navigate to the folder location, select it and then click on OK. To remove a folder, select it and click on the – button.
Exclude processes: the whitelist will prevent BullGuard from scanning specific executable files.
Clicking on the + button will open a browse window. To add a process, you will need to navigate to the application location, select it and then click on OK. To remove it, select it and click on the – button.
Scan options: allows you to choose whether the real-time file monitor will scan all archive types (such as zip, rar, tar, gz etc) or packed files (program installation files such as msi packages or .exe installers).
Here you can choose whether the On Access engine will scan e-mails received in your e-mail client. BullGuard can scan both incoming (received) and outgoing (sent) e-mails from email applications such as Microsoft Outlook, Outlook Express, Windows (Live) Mail or Mozilla Thunderbird.
Add BullGuard footer to outgoing e-mails: when enabled, BullGuard will attach a short text at the end of the e-mails sent through the e-mail client, certifying that they are clean.
Here you can choose how you would like the Antivirus module to react when an infection is intercepted or discovered by the On Access module.
When dealing with an infected file, BullGuard can:
Fix the file: with this option enabled, BullGuard will first try to disinfect the file and, if it is not possible, will quarantine and delete it from its original location.
Block the file: with this option, the On Access engine will prevent all access to the infected file.
Display a pop-up: when enabled, a notification message will appear to let you know that an infected file was dealt with by the Antivirus.
Play an audio file: when enabled, BullGuard will play a specific sound whenever an infection is dealt with. Use Browse to select an audio file and Test to hear how it sounds.
Click Save to keep the settings or Cancel to discard any changes you made.
This section allows the real-time protection to block access to web pages known to be phishing sites, thus protecting you from identity theft, or known to contain malware.
Phishing is one of the techniques used in identity theft. Phishing websites impersonate legitimate ones with the sole purpose of tricking you into disclosing private information or various login details.
Scan web traffic: allows BullGuard to scan the information coming in to your computer from the Internet. This feature is designed to stop any attacker trying to exploit vulnerabilities present in your Internet browser or operating system.
Safe Browsing: enables BullGuard to check the hyperlinks present on a webpage for possible threats. It will then place an icon next to each link notifying you whether it is safe or not to access it.
Safe links that do not present any security issues will always have the green checkmark.
Unsafe links that are known to contain threats to your computer, data or private information will be marked with a red exclamation sign.
Access to any of the blacklisted websites is blocked automatically. Trying to access such a page will bring up the BullGuard warning screen notifying you that the page is known to pose threats to the system’s security such as links leading to malware hosting websites, scripts exploiting Internet browsers vulnerabilities, pages that install unwanted software without your consent, or phishing attempts.
You can also select the search engines where you would like BullGuard to scan the search results and show whether the links are safe.
The settings in the Advanced tab help you to further customise the behaviour of the real-time monitor by enabling or preventing the On Access engine to scan specific items and locations. It also affects the On Access service start-up type.
Enable Heuristic detection: an important feature of the Antivirus engine is that, by using behaviour and code pattern analysis, it helps detect newly-created viruses or new strains of older viruses. This is an essential feature of any Antivirus application as it will enable the application to detect new threats without relying only on virus definitions.
Enable Spyware detection: enables the On Access engine to scan for spyware.
Where to scan
Scan files from local hard drives: allows BullGuard to scan files located on the installed hard disks. Disabling this option will leave your computer open to infections.
Scan files from network locations: allows BullGuard to automatically scan shared network resources when accessed by your computer.
Scan files from CD/DVD, memory drives and floppy discs: allows BullGuard to scan files from removable storage media.
Scan boot sectors: enables the On Access engine to scan boot sectors for the local hard drives.
Preserve files ‘last access’ timestamp: with this option enabled, BullGuard will not modify the Last Accessed date for the files scanned by the On Access engine. The Last Accessed date is visible in the file’s General tab from the Properties window. If the option is disabled, the Last Accessed date will be changed when the file is scanned by the Antivirus real-time scanner.
When to scan
Continue to monitor files when BullGuard is closed: when enabled, this will keep the On Access engine running even if the application interface has not been started. It is a recommended safeguard for computers that are connected to a network for long periods of time.