Virus/Malware Scan Actions

The scan action Control Manager performs depends on the virus/malware type and the scan type that detected the virus/malware. For example, when Control Manager detects a Trojan horse program (virus/malware type) during Manual Scan (scan type), it cleans (action) the infected file.

The following are the actions Control Manager can perform against viruses/malware:

Table 1. Virus/Malware Scan Actions

Action

Description

Delete

Control Manager deletes the infected file.

Quarantine

Control Manager renames and then moves the infected file to a temporary quarantine directory on the agent endpoint located in <Agent installation folder>\Suspect.

The OfficeScan agent then sends quarantined files to the designated quarantine directory.

The default quarantine directory is on the Control Manager server, under <Server installation file>\PCCSRV\Virus. Control Manager encrypts quarantined files sent to this directory.

If you need to restore any of the quarantined files, use the VSEncrypt tool.

Clean

Control Manager cleans the infected file before allowing full access to the file.

If the file is uncleanable, Control Manager performs a second action, which can be one of the following actions: Quarantine, Delete, Rename, and Pass.

This action can be performed on all types of malware except probable virus/malware.

Rename

Control Manager changes the infected file's extension to "vir". Users cannot open the renamed file initially, but can do so if they associate the file with a certain application.

The virus/malware may execute when opening the renamed infected file.

Pass

Control Manager can only use this scan action when it detects any type of virus during Manual Scan, Scheduled Scan, and Scan Now. Control Manager cannot use this scan action during Real-time Scan because performing no action when an attempt to open or execute an infected file is detected will allow virus/malware to execute. All the other scan actions can be used during Real-time Scan.

Deny Access

This scan action can only be performed during Real-time Scan. When Control Manager detects an attempt to open or execute an infected file, it immediately blocks the operation.

Users can manually delete the infected file.