Cyber Essentials Malware Protection

Cyber essentials requires that malware protection mechanisms are implemented and all devices using one of the three protection mechanisms:

Anti-malware Software

Where anti-malware software is used:

• the software must be kept up to date, with signature files updated at least daily.
• the software must be configured to scan files automatically upon access (this includes when files are downloaded and opened, and when they are accessed from a network folder).
• the software must scan web pages automatically when they are accessed through a web browser (whether by other software or by the browser itself).
• the software must prevent connections to malicious websites on the Internet (unless there is a clear, documented business need and the business understands and accepts the associated risk).

Application Allow Listing

Where application allow listing is used it must be configured so that only approved applications, restricted by code signing, can be executed on devices. Where application allow lists are used the organization must:

• actively approve applications before deploying them to devices
• maintain a current list of approved applications
• prevent users from being  able to install any application that is unsigned or has an invalid signature. 

Application Sandbox

Application sandboxing runs all code of unknown origin within a ‘sandbox’. The application sandbox must prevents access to other resources unless permission is explicitly granted by the user. This includes:

• other sandboxed applications
• data stores, such as those holding documents and photos
• sensitive peripherals, such as the camera, microphone and GPS
• local network access