Cyber Essentials
DashboardSign Out

Lesson 8.2 — Anti-malware software: configuration, updates, malicious code prevention and website blocking

This lesson explains the anti-malware software route within the Cyber Essentials Malware Protection control.

What You'll Be Able to Do

By the end of this lesson, you will be able to:

  • identify where anti-malware software is used
  • check that it is active and up to date
  • confirm that it prevents malware and malicious code from running
  • verify malicious website protection
  • review exclusions and alert handling
  • collect suitable evidence without exposing sensitive security data.

Why This Matters

It helps the learner understand what anti-malware software must do, how it should be configured, how updates should be managed, why real-time protection matters, how malicious website blocking fits into the requirement, and what evidence should be collected before submission.

The Core Rule

Anti-malware software is one of the accepted Cyber Essentials malware protection routes.

If you rely on anti-malware software, it must be active, updated in line with vendor recommendations, and configured to prevent malware and malicious code from running.

What the CE Assessor Looks For

A strong position shows:

  • device groups using anti-malware are clearly identified;
  • anti-malware is active on all relevant devices;
  • real-time protection is enabled;
  • updates follow vendor recommendations;
  • malware and malicious code are prevented from running;
  • malicious website protection is enabled;

Copy This

Keep this rule visible:

Anti-malware evidence should prove that protection is active, current and working across the devices that rely on it.

Quick Checklist

Before moving on, make sure you can say yes to these:

  • [ ] What is the main point of this lesson?
  • [ ] What four things must anti-malware software be configured to do?
  • [ ] Why is “installed” not the same as “protected”?
  • [ ] Why is real-time protection important?
  • [ ] What should anti-malware update evidence show?

Your Action

Do this now — it takes 10–20 minutes.

Check anti-malware on all Windows and macOS devices: installed, active, definitions updated within 24 hours, and malicious website blocking enabled. Record in Section MP.

Key Takeaway

Anti-malware evidence should prove that protection is active, current and working across the devices that rely on it.

Your Workbook Activity

Complete: Anti-malware configuration and evidence review record

Next Lesson

In the next lesson: Application allow listing: approved applications, code signing and blocking untrusted software

Up next

Application allow listing

Apply allow-listing correctly so only trusted, approved applications can run.