Information Technology - Blog V-Soft Consulting

How Antivirus Scanning in ServiceNow Madrid Ensures Better Security

Written by Charan Sai Dasagrandhi | Aug 2, 2024 2:38:00 PM

The IT industry is facing various types of cyber threats in the form of malware and viruses. These are being programmed to cause damage to devices, prevent a user from accessing the affected files or data, or to take control of your device. IBM research estimates that “by 2020 close to 5 billion personal records will be stolen and the average total cost of a data breach is estimated to be $3.86 million”. In response to the intensity of cyber-threats the Now Platform includes an inbuilt antivirus scanning feature with its latest Madrid release.

How Antivirus Scanning in ServiceNow Madrid Works

The older versions of ServiceNow had robust security mechanisms but lacked a dedicated anti-virus scanning feature. The current release “Madrid” introduced an “Antivirus Scanning” feature which is automatically enabled in any ServiceNow instance by default and users can configure the feature per their business requirements.

Withing the Now Platform, users can attach/upload different file formats to records of tables, like video, audio, PDF, an image file, etc. While downloading these files into the workstation or personal system, at this point, chances of a virus attack are high. This attack may damage or corrupt the device and respective files. To avoid such risks, the Madrid release performs antivirus scanning on files and sends notifications to end users if the files are suspicious.

While downloading the files or attachments the antivirus program scans and alerts users by sending notifications if any of the files are affected by a virus. Based on this alert, user can decide if the file should be downloaded or not.

Figure: Antivirus Scanning in ServiceNow Madrid

Configuring ServiceNow Madrid Antivirus

ServiceNow Madrid's antivirus scanning is active by default in every instance. It will automatically scan attachments while downloading to identify any files that are infected by viruses. Users can deactivate this feature for any instance if required. To do so one has to configure this feature to ensure that the scan options are enabled across your instance. For configuring the “Antivirus Scanning” in your instance, you need an admin role or antivirus_admin, Antivirus Scanning is configured across your instance at the table level.

ServiceNow maintains the logs (information about the infected data) of entire activities of the antivirus scanning process. This antivirus function tracks and discovers all the activities that occur on infected files. If users want to download effected files without scanning, they can do so by choosing on the option: “Allow attachments to be downloaded when Antivirus scanner is unavailable”, If the option is set to off, then the files downloading is prohibited till the scanning is completed successfully. This entire process is captured as logs in antivirus activities.

Table: Options to configure Antivirus Scanning in ServiceNow Madrid

Users can also make the antivirus skip scanning of any required tables, not just the instances. To do so, exclude those tables from the scan by adding new dictionary attributes for specific tables. As an admin user, we can add and set the values of dictionary attributes to modify the behavior of the default Antivirus Scanning configuration. Options in Dictionary Attributes include:

  • By using dictionary attributes, you can skip the required tables from default Antivirus Scanning.
  • By default, ServiceNow sends email notifications when an infected file is identified, by modifying the attribute behavior we can stop system generated notifications.
  • By default, ServiceNow sends UI notifications when an infected file is identified, by modifying the attribute behavior we can stop that system generated UI notifications.

Table: Dictionary attributes for Antivirus Scanning

Reviewing Antivirus Activities Log

The Antivirus activities log dashboard lists out the files that are affected, added to quarantine, and list of actions performed on infected files. Users can review the quarantine list and take necessary actions: restore, delete and download.

Figure: Activity log displaying actions performed on quarantined files

 

Figure: Dashboard with a list of actions users can take on a quarantined file

To learn more exciting and new features of ServiceNow Madrid, keep reading.

Do you want a deeper understanding of ServiceNow Madrid? Are you concerned about the migration process? Get in touch with our ServiceNow experts for a free consultation.

About Author

Pavan Kumar has 5+ years of experience as a software developer, out of which, the past 3 years he has worked as a ServiceNow developer. He is a ServiceNow certified ServiceNow Admin, Implementation Specialist on ITSM, and ITIL® Foundation in ITSM. He is skilled in scripting languages like HTML, CSS, Bootstrap, jQuery, JavaScript, Angular JS and AJAX.  Apart from this he is trained in SQL Programming, Database design, Web API, Web Services and PHP.