Home Compliance & Certification Malware Scan Policy Screenshot Guide

Malware Scan Policy Screenshot Guide

Last updated on Sep 25, 2025

1. Purpose of this Guide

This artefact proves that your company has anti-malware solutions properly configured. Cyber Essentials requires this because attackers rely on lazy defences — if your devices aren’t scanning files, updating signatures, or running periodic sweeps, you’re leaving the drawbridge down.

2. What You Will Submit

You will need:

  • screenshot/report of your anti-malware policy.

  • The evidence should clearly show:

    • Scheduled scans (daily/weekly).

    • Real-time/on-access protection enabled.

    • Automatic updates for virus/malware signatures.

    • Mobile device protection (if applicable).

3. How to Collect / Obtain / Generate This Evidence

For StrongKeep customers (recommended):

  1. Log into your StrongKeep Dashboard.

  2. Go to Evidence Library → Malware Scan Policy.

  3. Click Generate Report.

  4. The system will fetch your anti-malware configuration (via integrated endpoint protection tool).

  5. Download the PDF or screenshot the dashboard view.

For non-integrated setups:

  • Microsoft Defender (Windows):

    1. Open Windows Security → Virus & threat protection → Manage settings.

    2. Screenshot showing real-time protection ON and scheduled scans.

  • Sophos / Trend Micro / Avast Business:

    • Go to the admin console.

    • Screenshot the policy page showing automated scans, signature updates, and real-time file protection.

  • Mobile devices (MDM-managed):

    • Open MDM console (e.g., Intune, Jamf, Workspace ONE).

    • Screenshot the profile showing enforced anti-malware protection.

4. Evidence Format

  • Accepted file types: PNG, JPG, PDF.

  • Suggested naming format:
    YourCompanyName_MalwareScanPolicy_YYYY-MM-DD.png
    Example: AcmeCorp_MalwareScanPolicy_2025-07-01.png

5. What “Good” Looks Like

  • Evidence shows all key controls (scans, updates, real-time protection).

  • Policy view or settings panel visible, not just a random “Scan complete” screen.

  • (Bonus) Logs showing last successful scan.

Why it matters: auditors want proof that you’re not only able to scan for malware but that the process is automatic, current, and continuous.

6. Tips

  • If using StrongKeep, let the platform auto-generate — it ensures consistency.

  • For third-party tools, make sure screenshots show the policy configuration, not just results.

  • Redact usernames, device IDs, or internal hostnames before submission.