Scan Actions

Specify the action Trend Micro Security (for Mac) performs when a particular scan type detects a security risk.

The action Trend Micro Security (for Mac) performs depends on the scan type that detected the security risk. For example, when Trend Micro Security (for Mac) detects a security risk during Manual Scan (scan type), it cleans (action) the infected file.

The following are the actions Trend Micro Security (for Mac) can perform against security risks:

Scan Action

Details

Delete

Trend Micro Security (for Mac) removes the infected file from the computer.

Quarantine

Trend Micro Security (for Mac) renames and then moves the infected file to the quarantine directory on the agent computer located in <Agent installation folder>/common/lib/vsapi/quarantine.

Once in the quarantine directory, Trend Micro Security (for Mac) can perform another action on the quarantined file, depending on the action specified by the user. Trend Micro Security (for Mac) can delete, clean, or restore the file. Restoring a file means moving it back to its original location without performing any action. Users may restore the file if it is actually harmless. Cleaning a file means removing the security risk from the quarantined file and then moving it to its original location if cleaning is successful.

Clean

Trend Micro Security (for Mac) removes the security risk from an infected file before allowing users to access it.

If the file is uncleanable, Trend Micro Security (for Mac) performs a second action, which can be one of the following actions: Quarantine, Delete, and Pass. To configure the second action, navigate to Agent Management > Settings > {Scan Type} and click the Action tab.

Pass

Trend Micro Security (for Mac) performs no action on the infected file but records the detected security risk in the logs. The file stays where it is located.

Trend Micro Security (for Mac) always performs "Pass" on files infected with the Probable Virus/Malware type to mitigate a False Positive. If further analysis confirms that probable virus/malware is indeed a security risk, a new pattern will be released to allow Trend Micro Security (for Mac) to perform the appropriate scan action. If actually harmless, probable virus/malware will no longer be detected.

For example: Trend Micro Security (for Mac) detects "x_probable_virus" on a file named "123.pdf" and performs no action at the time of detection. Trend Micro then confirms that "x_probable_virus" is a Trojan horse program and releases a new Virus Pattern version. After loading the new pattern, Trend Micro Security (for Mac) will detect "x_probable_virus" as a Trojan program and, if the action against such programs is "Delete", will delete "123.pdf".