The Foldr server appliance allows an administrator to configure client requirements regarding the status of an antivirus product that may be installed. Using WMI the Foldr app checks antivirus status through the Security Center namespace.
Default App Behaviour
By default, the appliance will only allow a client to connect using the Windows app if the antivirus is detected as both running and up-to-date. The app determines AV status by querying Windows Security Center, and this is polled periodically when the app is running.
Should a client fails to meet the AV requirement, an alert is displayed to user:
A System notification will also be shown as below and the drive will be unmounted:
All Anti-virus configuration options are available to the administrator within Foldr Settings >> Devices & Clients >> Windows
Note that when ‘Require antivirus protection’ is set to Yes, any options configured here will over-ride any option selected in the app settings on the client. When set to Off they will be configurable on the Foldr client.
Disabling the Anti-Virus Protection Check
Should you wish to disable the AV client requirement, turn off the switch labelled ‘Require Anti-Virus Protection‘. This will allow a user to disable the AV checks within the Foldr app and to sign in and mount the drive, regardless of whether third party anti-virus software is installed or not. This would also apply to any machine running Windows Defender and it was disabled.
Update Grace Period
When a Windows computer starts up any AV product that is installed may be slightly behind in terms of it’s update definitions.
Typically, the AV software will initialise its update routine and will download any updates soon after the machine has started, or this could be configured centrally by an IT policy. This creates a window of time where the machine would be considered to be outside the scope of the default security policy and the client would be denied access if they launched the Foldr app. i.e. Windows would detect that the anti-virus product is not fully up-to-date.
To allow for this scenario, the administrator can configure an update grace period, ranging between 5 minutes and 1 day. During the grace period, the Foldr for Windows app will successfully log in and mount the drive.
Note that the client itself must still be within the Grace Period for this setting to apply
Grace Period
The Grace Period refers to when Foldr last detected that the client’s antivirus was considered up-to-date by the Foldr app itself. Note that this does NOT refer to when the AV product last updated, but when Foldr itself was run.
If the Windows app goes beyond this period, and AV is detected by the Windows Security Center as out of date it will refuse to sign in until the antivirus is updated. In order to use the ‘update grace’ period feature, a Windows client must also be inside the main ‘grace period’.
App Profiles
Client antivirus settings may be configured in a more granular manner for specific users/groups using an App Profile on the server. See here for more information