All clients managed by the server check the following settings when scanning compressed files for virus/malware and spyware/grayware during Manual Scan, Real-time Scan, Scheduled Scan, and Scan Now:
OfficeScan does not scan any file that exceeds the limit.
After decompressing a compressed file, OfficeScan scans the specified number of files and ignores any remaining files, if any.
When a file contains multiple Object Linking and Embedding (OLE) layers, OfficeScan scans up to the number of layers you specify and skips the remaining layers.
All clients managed by the server check this setting during Manual Scan, Real-time Scan, Scheduled Scan, and Scan Now. Each layer is scanned for virus/malware and spyware/grayware.
For example:
The number of layers you specify is 2. Embedded within a file is a Microsoft Word document (first layer), within the Word document is a Microsoft Excel spreadsheet (second layer), and within the spreadsheet is a JPG file (third layer). OfficeScan will scan the Word document and Excel spreadsheet, and skip the JPG file.
When this setting is enabled, all clients managed by the server add a Scan with OfficeScan client option to the right-click menu in Windows Explorer. When users right-click a file or folder on the Windows desktop or in Windows Explorer and select the option, Manual Scan scans the file or folder for virus/malware and spyware/grayware.
If the OfficeScan client and server exist on the same computer, the client will not scan the server database for virus/malware and spyware/grayware during Real-time Scan.
Enable this setting to prevent database corruption that may occur during scanning.
If the OfficeScan client and a Microsoft Exchange 2000/2003 server exist on the same computer, OfficeScan will not scan the Exchange server folders for virus/malware and spyware/grayware during Manual Scan, Real-time Scan, Scheduled Scan and Scan Now.
For Microsoft Exchange 2007 folders, you need to manually add the folders to the scan exclusion list. For scan exclusion details, see the following Web site:
http://technet.microsoft.com/en-us/library/bb332342.aspx
See Scan Exclusions for steps in configuring the scan exclusion list.
When all clients managed by the server detect virus/malware within compressed files during Manual Scan, Real-time Scan, Scheduled Scan and Scan Now, and the following conditions are met, clients clean or delete the infected files.
"Clean" or "Delete" is the action OfficeScan is set to perform. Check the action OfficeScan performs on infected files by going to Networked Computers > Client Management > {Scan Type} > Action tab.
You enable this setting. Enabling this setting may increase computer resource usage during scanning and scanning may take longer to complete. This is because OfficeScan needs to decompress the compressed file, clean/delete infected files within the compressed file, and then re-compress the file.
The compressed file format is supported. OfficeScan only supports certain compressed file formats, including ZIP and Office Open XML, which uses ZIP compression technologies. Office Open XML is the default format for Microsoft Office 2007 applications such as Excel, PowerPoint, and Word.
Contact your support provider for a complete list of supported compressed file formats.
For example, Real-time Scan is set to delete files infected with a virus. After Real-time Scan decompresses a compressed file named abc.zip and detects an infected file 123.doc within the compressed file, OfficeScan deletes 123.doc and then re-compresses abc.zip, which is now safe to access.
The following table describes what happens if any of the conditions is not met.
Compressed file scenarios and results |
Status of "Clean/ |
Action OfficeScan is set to perform |
Compressed file format |
Result |
Enabled |
Clean or Delete |
Not supported Example: def.rar contains an infected file 123.doc. |
OfficeScan encrypts def.rar but does not clean, delete, or perform any other action on 123.doc. |
Disabled |
Clean or Delete |
Supported/Not supported Example: abc.zip contains an infected file 123.doc. |
OfficeScan does not clean, delete, or perform any other action on both abc.zip and 123.doc. |
Enabled/ |
Not Clean or Delete (in other words, any of the following: Rename, Quarantine, Deny Access or Pass) |
Supported/Not supported Example: abc.zip contains an infected file 123.doc. |
OfficeScan performs the configured action (Rename, Quarantine, Deny Access or Pass) on abc.zip, not 123.doc. If the action is: Rename: OfficeScan renames abc.zip to abc.vir, but does not rename 123.doc. Quarantine: OfficeScan quarantines abc.zip (123.doc and all non-infected files are quarantined). Pass: OfficeScan performs no action on both abc.zip and 123.doc but logs the virus detection. Deny Access: OfficeScan denies access to abc.zip when it is opened (123.doc and all non-infected files cannot be opened). |
When in assessment mode, all clients managed by the server will log spyware/grayware detected during Manual Scan, Scheduled Scan, Real-time Scan, and Scan Now but will not clean spyware/grayware components. Cleaning terminates processes or deletes registries, files, cookies, and shortcuts.
Trend Micro provides assessment mode to allow you to evaluate items that Trend Micro detects as spyware/grayware and then take appropriate action based on your evaluation. For example, detected spyware/grayware that you do not consider a security risk can be added to the Spyware/Grayware Approved List.
When in assessment mode, OfficeScan performs the following scan actions:
Pass: During Manual Scan, Scheduled Scan and Scan Now
Deny Access: During Real-time Scan
Assessment mode overrides any user-configured scan action. For example, even if you choose "Clean" as the scan action during Manual Scan, "Pass" remains as the scan action when the client is on assessment mode.
Select this option if you consider cookies as potential security risks. When selected, all clients managed by the server will scan cookies for spyware/grayware during Manual Scan, Scheduled Scan, Real-time Scan, and Scan Now.