Changing Policy Settings



Hello. You have arrived at an outdated topic. Please click this link to be redirected to the updated Endpoint Protection Admin Guide.

Once you create a policy, you can change its settings to suit your business purposes. If needed, you can make temporary changes, called creating drafts, and then implement them later, called promoting to live. For more information, see Creating Policies.
Note: You cannot change Webroot default policy settings.
 
Policies control the following SecureAnywhere settings on managed endpoints.
 
SECTIONDESCRIPTION
Basic Configuration General preferences that change the behavior of the SecureAnywhere program, such as whether the program icon appears in the endpoint's system tray and whether the user can shut down the program.
Scan Schedule Allows you to run scans at different times, change the scanning behavior, or turn off automatic scanning. If you do not modify the scan schedule, SecureAnywhere launches scans automatically every day, at about the same time you installed the software.
Scan Settings Provides more control over scans, such as performing a more thorough scan.
Self Protection Provides additional protection that prevents malicious software from modifying the SecureAnywhere program settings and processes on the endpoint. If SecureAnywhere detects another product attempting to interfere with its functions, it launches a protective scan to look for threats.
Heuristics Provides threat analysis that SecureAnywhere performs when scanning endpoints. Heuristics can be adjusted for separate areas of the endpoints, including the local drive, USB drives, the Internet, the network, CD/DVDs, and when the endpoint is offline..
Realtime Shield Blocks known threats listed in Webroot's threat definitions and in Webroot's community database.
Behavior Shield Analyzes applications and processes running on the endpoints.
Core System Shield Monitors the computer system structures to ensure that malware has not tampered with them.
Web Threat Shield Protects endpoints as users surf the Internet and click links in search results.
Identity Shield Protects from identity theft and financial loss. It ensures that sensitive data is protected, while safe-guarding users from keyloggers, screen-grabbers, and other information-stealing techniques.
Firewall Monitors data traffic traveling out of computer ports. It looks for untrusted processes that try to connect to the Internet and steal personal information. The Webroot firewall works in conjunction with the Windows firewall, which monitors data traffic coming into the endpoints.
Resources Provides downloads for the DWP client, configuration files to be used as templates, and links to documentation, such as the online help.
User Interface Provides user access to the SecureAnywhere program on the endpoint.
System Cleaner Controls System Cleaner behavior, such as an automatic cleanup schedule and what types of files and traces to remove from the endpoint.

 

To change policy settings:

  1. Click the Policies tab. A list of policies displays.
  2. In the Policy Name column, find the policy you want to change and double-click it.



    The recommended Defaults window displays, with the Basic Configuration category selected.



    • The Live column shows how the setting is currently implemented on the endpoints.
    • The Draft column is where you can make changes.
  3. Under the Section column, select the category you want to edit.
  4. Under the Draft column, click in the cell to view the options, then select the appropriate setting.
    A table, containing a complete description of each setting for each section, follows this procedure.
  5. When you're done with a section, click the Save Changes button.



  6. Continue editing the policy, making sure to click Save Changes before you move to another section.
  7. If you're not ready to implement the changes, you can return to the Policy tab.
    Any policy with changes not yet implemented displays Yes in the Draft Changes column.



  8. To implement the changes, return to the Policy dialog and click Promote Draft Changes to Live.
    Note: Your changes do not take effect until you promote them.




Basic Configuration
The Basic Configuration settings control the behavior of the SecureAnywhere software on managed endpoints.
SETTINGDESCRIPTION
Show a SecureAnywhere shortcut on the desktop Provides quick access to the main interface by placing the shortcut icon on the endpoint desktop.
Show a system tray icon Provides quick access to SecureAnywhere functions by placing the Webroot icon in the endpoint system tray.
Show a splash screen on bootup Opens the Webroot splash screen when the endpoint starts.
Show SecureAnywhere in the Start Menu Lists SecureAnywhere in the Windows Startup menu items.
Show SecureAnywhere in Add/Remove Programs Lists SecureAnywhere in the Windows Add/Remove Programs panel.
Show SecureAnywhere in Windows Security/Action Center Lists SecureAnywhere in the Windows Security/Action Center, under Virus Protection information.
Hide the SecureAnywhere keycode on-screen Hides the keycode on the endpoint's My Account panel. Asterisks replace the code, except for the first four digits.
Automatically download and apply updates Downloads product updates automatically without alerting the endpoint user.
Operate background functions using fewer CPU resources Saves CPU resources by running non-scan related functions in the background.
Favor low disk usage over verbose logging (fewer details stored in logs) Saves disk resources by saving only the last four log items.
Lower resource usage when intensive applications or games are detected Suppresses SecureAnywhere functions while the user is gaming, watching videos, or using other intensive applications.
Allow SecureAnywhere to be shut down manually Shows a Shutdown command in the endpoint's system tray menu. Deselecting this option removes the Shutdown command from the menu.
Force non-critical notifications into the background Suppresses information-only messages from appearing in the system tray.
Fade out warning messages automatically Closes warning dialogs in the system tray after a few seconds. If you disable this option, the user must manually click on a message to close it.
Store Execution History details Stores data for the Execution History logs, available under Reports.
Poll interval Specifies how often the endpoint checks for updates. For example: 15 minutes, 30 minutes, 1 hour, or 2 hours.

  

Scan Schedule
SecureAnywhere runs scans automatically every day, at about the same time you installed the software. You can use the Scan Schedule settings to change the schedules and run scans at different times.
SETTINGDESCRIPTION
Enable Scheduled Scans Allows scheduled scans to run on the endpoint.
Scan Frequency Determines how often to run the scan. You can set a day of the week or select on bootup.
Time Specifies the time to run the scan:
  • Scan time options for when computer is idle are before 8:00 a.m., before noon, before 5:00 p.m., or before midnight.
  • Scan time options for when resources are available are hourly, from 12:00 a.m. to 11:00 p.m.
Scan on bootup if the computer is off at the scheduled time Launches a scheduled scan within an hour after the user turns on the computer, if the scan did not run at the normally scheduled time. If this option is disabled, SecureAnywhere ignores missed scans.
Hide the scan progress window during scheduled scans Runs scans silently in the background. If this option is disabled, a window opens and shows the scan progress.
Only notify me if an infection is found during a scheduled scan Opens an alert only if it finds a threat. If this option is disabled, a small status window opens when the scan completes, whether a threat was found or not.
Do not perform scheduled scans when on battery power Helps conserve battery power. If you want SecureAnywhere to launch scheduled scans when the endpoint is on battery power, deselect this option.
Do not perform scheduled scans when a full screen application or game is open Ignores scheduled scans when the user is viewing a full-screen application, such as a movie or a game. Deselect this option if you want scheduled scans to run anyway.
Randomize the time of scheduled scans up to one hour for distributed scanning Determines the best time for scanning, based on available system resources, and runs the scan within an hour of the scheduled time. If you want to force the scan to run at the scheduled time, deselect this option.
Perform a scheduled Quick Scan instead of a Deep Scan Runs a quick scan of memory. We recommend that you keep this option deselected, so that deep scans run for all types of malware in all locations.

 

Scan Settings
Scan settings give advanced control over scanning performance.
SETTINGDESCRIPTION
Enable Realtime Master Boot Record (MBR) Scanning Protects the endpoint against master boot record (MBR) infections. An MBR infection can modify core areas of the system so that they load before the operating system and can infect the computer. We recommend that you keep this option selected. It adds only a small amount of time to the scan.
Enable Enhanced Rootkit Detection Checks for rootkits and other malicious software hidden on disk or in protected areas. Spyware developers often use rootkits to avoid detection and removal. We recommend that you keep this option selected. It adds only a small amount of time to the scan.
Enable "right-click" scanning in Windows Explorer Enables an option for scanning the currently selected file or folder in the Windows Explorer right-click menu. This option is helpful if the user downloads a file and wants to scan it quickly. 
Update the currently scanned folder immediately as scanned Displays a full list of files as SecureAnywhere scans each one. If you want to increase scan performance slightly, deselect this option so that file names only update once per second on the panel. SecureAnywhere will still scan all files, just not take the time to show each one on the screen.
Favor low memory usage over fast scanning Reduces RAM usage in the background by using less memory during scans, but scans will also run a bit slower. Deselect this option to run faster scans and use more memory.
Favor low CPU usage over fast scanning Reduces CPU usage during scans, but scans will also run a bit slower. Deselect this option to run faster scans.
Save non-executable file details to scan logs Saves all file data to the scan log, resulting in a much larger log file. Leave this option deselected to save only executable file details to the log.
Show the "Authenticating Files" popup when a new file is scanned on-execution Opens a small dialog whenever the user runs a program for the first time. Leave this option deselected if you do not want users to see this dialog.
Scan archived files Scans compressed files in zip, rar, cab, and 7-zip archives.
Automatically reboot during cleanup without prompting Restarts the computer after running a clean-up, which is the process of removing all traces of a malware file.
Never reboot during malware cleanup Prevents the endpoint from restarting during cleanup, which is the process of removing all traces of a malware file.
Automatically remove threats found during background scans Removes threats during scans that run in the endpoint's background and sends them to quarantine.
Automatically remove threats found on the learning scan Removes threats during the first scan on the endpoint and sends them to quarantine.
Enable Enhanced Support Allows logs to be sent to Webroot customer support.
Show Infected Scan Results Shows scan results. If not enabled, the endpoint does not show scan results even if malware is detected.
Detect Possibly Unwanted Applications (PUAs) as malicious Detects PUAs and blocks them from installing.
Potentially unwanted applications (PUAs) are programs that aren't necessarily malicious but contain adware, toolbars, or other unwanted additions to your system. Generally, PUAs are not malicious but may be unsuitable for use in a business environment, and may create security concerns.
If a PUA is already on the system Webroot SecureAnywhere will detect the main program but may not be able to fully remove all aspects of it.

 

Self Protection
Self Protection prevents malicious software from modifying the SecureAnywhere program settings and processes. If SecureAnywhere detects that another product is attempting to interfere with its functions, it launches a protective scan to look for threats. It will also update the internal self protection status to prevent incompatibilities with other software.
Note: We recommend that you leave Self Protection at the Maximum settings, unless you use other security software in addition to SecureAnywhere. If you use additional security software, adjust Self Protection to Medium or Minimum. The Maximum setting might interfere with other security software.

 

SETTINGDESCRIPTION
Enable self-protection response cloaking  Turns self-protection on and off.
Self-protection level  Sets the detection level to:
  • Minimum — Protects the integrity of the SecureAnywhere settings and databases. Recommended if the endpoint has several other security products installed.
  • Medium — Prevents other programs from disabling protection. Provides maximum possible compatibility with other security software.
  • Maximum — Provides the highest protection of the SecureAnywhere processes. We recommend that you use this setting.

 

Heuristics
With heuristics, you can set the level of threat analysis that SecureAnywhere performs when scanning managed endpoints. SecureAnywhere includes three types of heuristics: advanced, age, and popularity.
You can adjust these types of heuristics for several areas:
  • Local drive
  • USB drives
  • Internet
  • Network
  • CD/DVD
  • When your computer is offline
For each of these areas, you can set the following options:
  • Disable Heuristics — Turns off heuristic analysis for the local drive, USB drives, the Internet, the network, CD/DVDs, or when your computer is offline. Not recommended.
  • Apply advanced heuristics before Age/Popularity heuristics — Warns against new programs as well as old programs that exhibit suspicious behavior on the local drive, USB drives, the Internet, the network, CD/DVDs, or when your computer is offline.
  • Apply advanced heuristics after Age/Popularity heuristics — Warns against suspicious programs detected with Advanced Heuristics, based on Age/Popularity settings on the local drive, USB drives, the Internet, the network, CD/DVDs, or when your computer is offline.
  • Warn when new programs execute that are not known good — Warns when malicious, suspicious, or unknown programs try to execute on the local drive, USB drives, the Internet, the network, CD/DVDs, or when your computer is offline. Keep in mind that this setting may result in false detections.
     
    SETTINGDESCRIPTION
    Advanced Heuristics Analyzes new programs for suspicious actions that are typical of malware.
    • Disabled — Turns off Advanced Heuristics, leaving it vulnerable to new threats; however, it will still be protected against known threats.
    • Low — Detects programs with a high level of malicious activity. This setting ignores some suspicious behavior and allows most programs to run.
    • Medium — Balances detection versus false alarms by using our tuned heuristics in the centralized community database.
    • High — Protects against a wide range of new threats. Use this setting if you think your system is infected or at very high risk. This setting may result in false detections.
    • Maximum — Provides the highest level of protection against new threats. Use this setting if you think that your system is infected or at very high risk. This setting may result in false detections.
    Age Heuristics Analyzes new programs based on the amount of time the program has been in the community. Legitimate programs are generally used in a community for a long time, but malware often has a short life span.
    • Disabled — Turns off Age Heuristics, leaving it vulnerable to new threats; however, it will still be protected against known threats.
    • Low — Detects programs that have been created or modified very recently.
    • Medium — Detects programs that are fairly new and not trusted, preventing zero-day or zero-hour attacks. We recommend using this setting if you do not allow unpopular programs to be installed on your managed endpoints and you want extra security to prevent mutating threats.
    • High — Detects programs that have been created or modified in a relatively short time and are not trusted. This setting is recommended only if new programs are rarely installed on your managed endpoints, and if you feel that your systems are relatively constant. This setting might generate a higher level of false detections on more obscure or unpopular programs.
    • Maximum — Detects all untrusted programs that have been created or modified fairly recently. Use this setting only if your managed endpoints are in a high-risk situation, or if you think that they are currently infected.
    Popularity Heuristics Analyzes new programs based on statistics for how often the program is used in the community and how often it changes. Legitimate programs do not change quickly, but malware often mutates at a rapid pace. Malware may install as a unique copy on every computer, making it statistically unpopular.
    • Low — Detects programs that are seen for the first time. This setting is recommended if new or beta programs are frequently installed on your managed endpoints, or if endpoint users are software developers who frequently create new programs.
    • Medium — Detects unpopular and mutating programs, preventing zero-day and zero-hour attacks. We recommend using this setting if you do not allow new programs to be installed frequently on your managed endpoints and you want extra security over standard settings.
    • High — Detects programs that a significant percentage of the community has seen. This setting is recommended if you do not allow new programs on your managed endpoints and you suspect that they are currently infected.
    • Maximum —Detects programs that a large percentage of the community has seen. We recommend this setting if you think your managed endpoints are at very high risk, and you accept that you might receive false detections because of the strict heuristic rules.


Realtime Shield
The Realtime shield blocks known threats that are listed in Webroot's threat definitions and community database. If the shield detects a suspicious file, it opens an alert and prompts you to block or allow the item. If it detects a known threat, it immediately blocks and quarantines the item before it causes damage to the endpoint or steals its information.  
SETTINGDESCRIPTION
Realtime Shield Enabled Turns the Realtime shield on and off.
Enable Predictive Offline Protection from the central Webroot database Downloads a small threat definition file to your managed endpoints, protecting them even when they are offline. We recommend that you leave this setting on.
Remember actions on blocked files Remembers how the user responded to an alert, whether they allowed a file or blocked it, and will not prompt again when it encounters the same file. If this setting is deselected, SecureAnywhere opens an alert every time it encounters the file in the future.
Automatically quarantine previously blocked files Opens an alert when it encounters a threat and allows the user to block it and send it to quarantine. If this setting is off, the user must run a scan manually to remove a threat.
Automatically block files when detected on execution Blocks threats and sends them to quarantine. If this setting is off, the user must respond to alerts about detected threats.
Scan files when written or modified Scans any new or modified files that are saved to disk. If this setting is off, it ignores new file installations; however, it still alerts the user if a threat tries to launch.
Block threats automatically if no user is logged in Stops threats from executing even when managed endpoints are logged off. Threats are sent to quarantine without notification.
Show realtime event warnings Opens an alert when suspicious activity occurs.
Show realtime block modal alerts

Shows alerts when Heuristics detects malware, and prompts the user to allow or block the action.

If Heuristics is set to Warn when new programs execute that are not known good, then this setting must be set to On. Otherwise, users will not see the alert.
Show realtime block notifications Shows a tray notification if the Realtime shield detects malware. If this setting is off, there is no tray notification, but malware is blocked and the home page shows that threats were detected.

 

Behavior Shield
The Behavior shield analyzes the applications and processes running on your managed endpoints. If it detects a suspicious file, it opens an alert and prompts you to block or allow the item. If it detects a known threat, it immediately blocks and quarantines the item before it causes damage to managed endpoints or steals information.
SETTINGDESCRIPTION
Behavior Shield Enabled Turns the Behavior shield on and off
Assess the intent of new programs before allowing them to execute Watches the program's activity before allowing it to run. If it appears okay, SecureAnywhere allows it to launch and continues to monitor its activity.
Enable advanced behavior interpretation to identify complex threats Analyzes a program to examine its intent. For example, a malware program might perform suspicious activities like modifying a registry entry, then sending an email.
Track the behavior of untrusted programs for advanced threat removal Watches programs that have not yet been classified as legitimate or as malware.
Automatically perform the recommended action instead of showing warning messages Does not prompt the user to allow or block a potential threat. SecureAnywhere determines how to manage the item.
Warn if untrusted programs attempt low-level system modifications when offline Opens an alert if an unclassified program tries to make changes to your managed endpoints when they are offline. SecureAnywhere cannot check its online threat database if endpoints are disconnected from the Internet.

 

Core System Shield
The Core System shield monitors system structures of your managed endpoints and makes sure malware has not tampered with them. If the shield detects a suspicious file trying to make changes, it opens an alert and prompts the user to block or allow the item. If it detects a known threat, it immediately blocks and quarantines the item before it causes damage or steals information.
SETTINGDESCRIPTION
Core System Shield Enabled Turns the Core System shield on and off.
Assess system modifications before they are allowed to take place Intercepts any activity that attempts to make system changes on your managed endpoints, such as a new service installation.
Detect and repair broken system components Locates corrupted components, such as a broken Layered Service Provider (LSP) chain or a virus-infected file, then restores the component or file to its original state.
Prevent untrusted programs from modifying kernel memory Stops unclassified programs from changing the kernel memory.
Prevent untrusted programs from modifying system processes Stops unclassified programs from changing system processes.
Verify the integrity of the LSP chain and other system structures Monitors the Layered Service Provider (LSP) chain and other system structures to make sure malware does not corrupt them.
Prevent any program from modifying the HOSTS file Stops spyware from attempting to add or change the IP address for a website in the Hosts file, and opens an alert for the user to block or allow the changes.

 

Web Threat Shield
The Web Threat shield protects your endpoints as users surf the Internet. If it detects a website that might be a threat, it opens an alert for users to block the site or continue despite the warning.
When they use a search engine, this shield analyzes all the links on the search results page, then displays an image next to each link that signifies whether it's a trusted site, shown by a green checkmark, or a potential risk, shown by a red X.
SETTINGDESCRIPTION
Enable Web Shield

Turns the Web Threat shield on and off.

This setting is turned On by default, which is the setting we recommend.

Activate browser extensions

Browser extensions provide blocking protection against malicious websites, realtime anti-phishing protection, and safety ratings when using search engines. Each function can be enabled or disabled separately using the individual controls for each function described in this table.

To completely disable and remove extensions from each supported browser, change the setting to Off.  This setting is turned On by default, which is the setting we recommend.

Block malicious websites

Any URLs and IPs you enter in a browser are checked and a block page displays for known malicious sites.

This setting is turned On by default, which is the setting we recommend.

Enable real-time anti-phising

Protects against zero-day phishing sites. Zero-day phishing sites are sites that have never been seen before, and their related viruses do not yet have a definition.

This setting is turned On by default, which is the setting we recommend.

Show safety ratings when using search engines

Search result are annotated with an icon and tooltip, indicating the likelihood that a site is malicious.

This setting is turned On by default, which is the setting we recommend.

Enable web filtering driver

Provides additional protection against malicious connections, and in cases where the browser extensions are disabled.

This setting is turned On by default, which is the setting we recommend.

Suppress the user's ability to bypass blocked websites

Prevents users from bypassing the block page presented when a malicious website is detected.

This setting is turned On by default, which is the setting we recommend.

Suppress the user's ability to request website review

Prevents users from submitting website reviews from the block page when a malicious website is detected.

This setting is turned On by default, which is the setting we recommend.

 

Identity Shield
The Identity shield protects sensitive data that might be exposed during online transactions. You can change the behavior of the Identity shield and control what it blocks.
SETTINGDESCRIPTION
Identity Shield Enabled Turns the Identity shield on and off.
Look for identity threats online Analyzes websites as users browse the Internet or open links. If the shield detects malicious content, it blocks the site and opens an alert.
Analyze websites for phishing threats Analyzes websites for phishing threats as users browse the Internet or open links. If the shield detects a phishing threat, it blocks the site and opens an alert.
Verify websites when visited to determine legitimacy Analyzes the IP address of each website to determine if it has been redirected or is on our blacklist. If the shield detects an illegitimate website, it blocks the site and opens an alert.
Verify the DNS/IP resolution of websites to detect Man-in-the-Middle attacks Looks for servers that could be redirecting users to a malicious website, such as a man-in-the-middle attack. If the shield detects a man-in-the-middle attack, it blocks the threat and opens an alert.
Block websites from creating high risk tracking information Blocks third-party cookies from installing on your managed endpoints if the cookies originate from malicious tracking websites.
Prevent programs from accessing protected credentials Blocks programs from accessing login credentials, for example, when you type your name and password or when you request a website to remember them.
Warn before blocking untrusted programs from accessing protected data Opens an alert any time malware attempts to access data, instead of blocking known malware automatically.
Allow trusted screen capture programs access to protected screen contents Allows screen capture programs, no matter what content is displayed on the screen.
Enable Identity Shield compatibility mode Allows certain applications to run that the Identity shield might block during normal operations. You can enable this option if you notice problems with an application's functions after SecureAnywhere was installed on the endpoint. With this compatibility mode enabled, the endpoint is still protected by the Identity shield's core functionality.
Enable keylogging protection in non-Latin systems Allows endpoints with non-Latin systems, such as Japanese and Chinese, to be protected from keyloggers.

 

Firewall
The Webroot firewall monitors data traffic traveling out of endpoint ports. It looks for untrusted processes that try to connect to the Internet and steal personal information. It works with the Windows firewall, which monitors data traffic coming into your managed endpoints. With both the Webroot and Windows firewall turned on, network data has complete inbound and outbound protection.
The Webroot firewall is preconfigured to filter traffic on your managed endpoints. It works in the background without disrupting normal activities. If the firewall detects unrecognized traffic, it opens an alert. You can either block the traffic or allow it to proceed.
SETTINGDESCRIPTION
Enabled Turns the Firewall on and off.
Firewall level
  • Default Allow — Allows all processes to connect to the Internet, unless explicitly blocked.
  • Warn unknown and infected — Warns if any new, untrusted processes connect to the Internet, if the endpoint is infected.
  • Warn unknown — Warns if a new, untrusted process connects to the Internet.
  • Default Block — Warns if any process connects to the Internet, unless explicitly blocked.
Show firewall management warnings Controls the alert shown by SecureAnywhere when the Windows firewall is off:
  • On — The user sees an alert when SecureAnywhere detects that the Windows firewall is off.
  • Off — No alert appears when the Windows firewall is off.
Show firewall process warnings
Controls the firewall alerts. If this is setting is Off, no firewall alerts appear. This option works in conjunction with the Firewall Level settings.
For example:
  • If Show firewall process warnings and Default Block options are both set to On, the endpoint user sees an alert if a new process tries to connect.
  • If Show Firewall process warnings is set to Off, no alert appears to the endpoint user and the process is allowed.
 
User Interface
Gives administrative control over the SecureAnywhere interface on the endpoints using this policy.
SETTINGDESCRIPTION
 GUI Blocks or allows endpoint user access to the main SecureAnywhere interface. If users try to open SecureAnywhere when this option is set to Hide, a message tells them to contact the administrator to access the interface.
Note: This option does not also hide the Webroot system tray icon.
 
System Cleaner
System Cleaner removes traces of the end user's web browsing history, files that show computer use, and unnecessary files that consume valuable disk space, such as files in the Recycle Bin or Windows temporary files. The System Cleaner does not run automatically; you need to schedule cleanups and select the items you want removed.
Note: Cleanups remove unnecessary files and traces, not malware threats. Malware are removed during scans. You can think of the System Cleaner as the housekeeper for a computer, while the Scanner serves as the security guard.

 

SETTINGDESCRIPTION
Manage System Cleaner centrally Enables the administrator to change System Cleaner settings, as follows:
  • On — The System Cleaner settings are shown in the panel and are available to change.
  • Off — No settings appear in this panel.
Scheduled Cleanup (Monday through Sunday)
Sets the days of the week, anything from one to seven, to automatically run the System Cleaner.
Cleanup at specific time of day - hour
Sets the hour of the day the System Cleaner runs on the endpoints.
Cleanup at specific time of day - minute
Sets the time in 15-minute increments that the System Cleaner runs on the endpoints.
Run on bootup if the system was off at the scheduled time
Launches a missed scheduled cleanup when the endpoint powers on. This is applicable only if the endpoint was off during a scheduled cleanup. Otherwise, skips the missed cleanup.
Enable Windows Explorer right click secure file erasing
Includes an option for permanently erasing a file or folder in Windows Explorer on the endpoint. A menu item appears when the user right-clicks on a file or folder:
Windows Desktop 
Recycle Bin
Removes all files from the Recycle Bin in Windows Explorer. 
Recent document history
Clears the history of recently opened files, which is accessible from the Windows Start menu. The cleanup does not delete the actual files.
Start Menu click history
Clears the history of shortcuts to programs that end users recently opened using the Start menu.
Run history
Clears the history of commands recently entered into the Run dialog, which is accessible from the Start menu.
After the cleanup, the end user may need to restart the computer to completely remove items from the Run dialog.
Search history
Clears the history of files or other information that the end user searched for on the computer. This history displays when the end user starts entering a new search that starts with the same characters. The cleanup does not delete the actual files.
Start Menu order history
Reverts the list of programs and documents in the Start menu back to alphabetical order, which is the default setting. After the cleanup runs, the list reverts back to alphabetical order after a system re-boot.
Windows System 
Clipboard contents
Clears the contents from the Clipboard, where Windows stores data used in either the Copy or Cut function from any Windows program.
Windows Temporary folder
Deletes all files and folders in the Windows temporary folder, but not files that are in use by an open program. This folder is typically: C:\Windows\Temp.
System Temporary folder
Deletes all files and folders in the system temporary folder, but not files that are in use by an open program. This folder is typically in: C:\Documents and Settings\[username]\Local Settings\Temp.
Windows Update Temporary folder
Deletes all files and subfolders in this folder, but not files that are in use by an open program. Windows uses these files when a Windows Update runs. These files are typically in C:\Windows\Software\Distribution\Download.
Windows Registry Streams
Clears the history of recent changes made to the Windows registry. This option does not delete the registry changes themselves.
Default logon user history
Deletes the Windows registry entry that stores the last name used to log on to your computer. When the registry entry is deleted, end users must enter their user names each time they turn on or restart the computer. This cleanup option does not affect computers that use the default Welcome screen.
Memory dump files
Deletes the memory dump file (memory.dmp) that Windows creates with certain Windows errors. The file contains information about what happened when the error occurred.
CD burning storage folder
Deletes the Windows project files, created when the Windows built-in function is used to copy files to a CD. These project files are typically stored in one of the following directories:
C:\Documents and Settings\[username]\Local Settings\Application Data\Microsoft\CDBurning
or
C:\Users\[username]\AppData\Local\Microsoft\Windows\Burn\Burn
Flash cookies Deletes bits of data created by Adobe Flash, which can be a privacy concern because they track user preferences. Flash cookies are not actually cookies, and are not controlled through the cookie privacy controls in a browser.
Internet Explorer 
Address bar history Removes the list of recently visited websites, which is stored as part of Internet Explorer’s AutoComplete feature. You see this list when you click the arrow on the right side of the Address drop-down list at the top of the Internet Explorer browser.
Cookies Deletes all cookies from the endpoint. Be aware that if you remove all cookie files, the end user must re-enter passwords, shopping cart items, and other entries that these cookies stored.
Temporary Internet Files Deletes copies of stored web pages that the end user visited recently. This cache improves performance by helping web pages open faster, but can consume a lot of space on the hard drive.
URL history Deletes the History list of recently visited websites of the Internet Explorer toolbar. 
Setup Log  Deletes log files created during Internet Explorer updates.
Microsoft Download Folder  Deletes the contents in the folder that stores files last downloaded using Internet Explorer.
MediaPlayer Bar History Removes the list of audio and video files recently opened with the media player in Internet Explorer. The cleanup does not delete the files themselves. 
Autocomplete form information Deletes data that Internet Explorer stores when the end user entered information into fields on websites. This is part of Internet Explorer’s AutoComplete feature. 
Clean index.dat (cleaned on reboot) Marks files in the index.dat file for deletion, then clears those files after the system reboots. The index.dat file is a growing Windows repository of web addresses, search queries, and recently opened files. This option works when you also select one or more of the following options: Cookies, Temporary Internet Files, or URL History. Index.dat functions like an active database. It is only cleaned after you reboot Windows.
Secure File Removal
Control the level of security to apply when removing files Removes files permanently in a shredding process, which overwrites them with random characters. This shredding feature is a convenient way to make sure no one can ever access the endpoint's files with a recovery tool.

By default, file removal is set to Normal, which means items are deleted permanently, bypassing the Recycle Bin. However, with the Normal setting, data recovery utilities could restore the files. If you want to make sure files can never be recovered, select Maximum. Medium overwrites files with three passes, whereas Maximum overwrites files with seven passes and cleans the space around the files. Also be aware that cleanup operations take longer when you select Medium or Maximum.