These are our recommendations based on numerous deployments across a wide array of customer environments. As with any security effort, you should seek professional advice to ensure you’re properly protected.
Starting from the Default Policy, here’s what we suggest changing. Log into the GravityZone console, click Policies on the left, check the box next to Default Policy, then click Clone Policy at the top of the screen. In order to save space and make this section easier to follow, the steps below are only changes from the default settings, not the full policy. If your console is linked to ours (which it will be if we set up your trial), we can also apply our recommended policy for you.
You’re almost done! Click the blue Save button at the bottom. Check the box next to your newly-created policy then click Set as default at the top of the screen. Leave Keep the current policy assignment unchecked if you’re switching from the original Default Policy, then click OK.
First, add the following exclusions as Folders under Policies > (your policy) > Antimalware > Settings > Custom Exclusions:
For consistency, you may also want to set up forced drive letters on Windows per Google’s documentation.
You might also want to disable Device Scanning (or at least the USB storage devices subtype) under Antimalware > On-Demand. Per Bitdefender, as long as On-Access Scanning is still active this doesn’t really pose a security risk, but it should prevent the entire G:\ drive getting scanned when the drive is “plugged in” (i.e. when the Drive sync app comes online). You could also enable Do not scan devices with stored data more than (MB) and set a threshold below your Google Drive volume size.
Lastly, if you’re using Device Control to block external/portable drives, you would need to set External Storage to Custom and change the Other type at the bottom to Allow.