Cyber Essentials
DashboardSign Out

Lesson 8.1 — Malware protection: choosing the right protection method for your organisation

This lesson introduces the Cyber Essentials malware protection control.

What You'll Be Able to Do

By the end of this lesson, you will be able to:

  • explain the purpose of malware protection
  • identify which devices need malware protection
  • understand the three accepted malware protection routes
  • choose a suitable method for different device types
  • identify common gaps
  • start building a malware protection baseline for Cyber Essentials evidence.

Why This Matters

It explains what malware protection is, why it matters, and how organisations can choose an appropriate protection method for each in-scope device. It gives learners a practical decision framework for anti-malware software, application allow listing and application sandboxing before the later lessons explore each method in more detail.

The Core Rule

Malware protection is about stopping malicious or untrusted code from running on in-scope devices.

Cyber Essentials allows three main approaches:

What the CE Assessor Looks For

A strong position shows:

  • all in-scope device types are listed;
  • each device type has a selected malware protection method;
  • anti-malware is active and updated where used;
  • anti-malware prevents malware, malicious code and malicious website connections where used;
  • application allow listing is based on approved, signed applications where used;
  • the approved application list is current where allow listing is used;

Copy This

Keep this rule visible:

Every in-scope device needs a clear malware protection method that is active, suitable and evidenced.

Quick Checklist

Before moving on, make sure you can say yes to these:

  • [ ] What is the main purpose of malware protection?
  • [ ] What are the three accepted malware protection routes?
  • [ ] Do all three methods need to be used on every device?
  • [ ] What should anti-malware software do where it is used?
  • [ ] What is application allow listing?

Your Action

Do this now — it takes 10–20 minutes.

For each device type in your inventory, decide which malware protection option applies: Option A (anti-malware software) or Option B (app store and allow-listing controls). Add to Section MP.

Key Takeaway

Every in-scope device needs a clear malware protection method that is active, suitable and evidenced.

Your Workbook Activity

Complete: Malware protection method selection and coverage record

Next Lesson

In the next lesson: Anti-malware software: configuration, updates, malicious code prevention and website blocking

Up next

Anti-malware software

Configure and maintain anti-malware controls, updates, and blocking measures to meet CE expectations.