Scan Settings

Configure Scan Settings for Large Compressed Files

All clients managed by the server check the following settings when scanning compressed files for virus/malware and spyware/grayware during Manual Scan, Real-time Scan, Scheduled Scan, and Scan Now:

Do not Scan Files in the Compressed File if the Size Exceeds __ MB

OfficeScan does not scan any file that exceeds the limit.

In a Compressed File, Scan Only the First __ Files

After decompressing a compressed file, OfficeScan scans the specified number of files and ignores any remaining files, if any.

Scan Up to __ OLE Layer(s)

When a file contains multiple Object Linking and Embedding (OLE) layers, OfficeScan scans up to the number of layers you specify and skips the remaining layers.

All clients managed by the server check this setting during Manual Scan, Real-time Scan, Scheduled Scan, and Scan Now. Each layer is scanned for virus/malware and spyware/grayware.

For example:

The number of layers you specify is 2. Embedded within a file is a Microsoft Word document (first layer), within the Word document is a Microsoft Excel spreadsheet (second layer), and within the spreadsheet is a JPG file (third layer). OfficeScan will scan the Word document and Excel spreadsheet, and skip the JPG file.

Add Manual Scan to the Windows Shortcut Menu on Client Computers

When this setting is enabled, all clients managed by the server add a Scan with OfficeScan client option to the right-click menu in Windows Explorer. When users right-click a file or folder on the Windows desktop or in Windows Explorer and select the option, Manual Scan scans the file or folder for virus/malware and spyware/grayware.

Exclude the OfficeScan Server Database Folder from Real-time Scan

If the OfficeScan client and server exist on the same computer, the client will not scan the server database for virus/malware and spyware/grayware during Real-time Scan.

Exclude Microsoft Exchange Server Folders from Scanning

If the OfficeScan client and a Microsoft Exchange 2000/2003 server exist on the same computer, OfficeScan will not scan the Exchange server folders for virus/malware and spyware/grayware during Manual Scan, Real-time Scan, Scheduled Scan and Scan Now.

For Microsoft Exchange 2007 folders, you need to manually add the folders to the scan exclusion list. For scan exclusion details, see the following Web site:

http://technet.microsoft.com/en-us/library/bb332342.aspx

See Scan Exclusions for steps in configuring the scan exclusion list.

Clean/Delete Infected Files Within Compressed Files

When all clients managed by the server detect virus/malware within compressed files during Manual Scan, Real-time Scan, Scheduled Scan and Scan Now, and the following conditions are met, clients clean or delete the infected files.

For example, Real-time Scan is set to delete files infected with a virus. After Real-time Scan decompresses a compressed file named abc.zip and detects an infected file 123.doc within the compressed file, OfficeScan deletes 123.doc and then re-compresses abc.zip, which is now safe to access.

The following table describes what happens if any of the conditions is not met.

Compressed file scenarios and results

Status of "Clean/
Delete infected files within compressed files"

Action OfficeScan is set to perform

Compressed file format

Result

Enabled

Clean or Delete

Not supported

Example: def.rar contains an infected file 123.doc.

OfficeScan encrypts def.rar but does not clean, delete, or perform any other action on 123.doc.

Disabled

Clean or Delete

Supported/Not supported

Example: abc.zip contains an infected file 123.doc.

OfficeScan does not clean, delete, or perform any other action on both abc.zip and 123.doc.

Enabled/
Disabled

Not Clean or Delete (in other words, any of the following: Rename, Quarantine, Deny Access or Pass)

Supported/Not supported

Example: abc.zip contains an infected file 123.doc.

OfficeScan performs the configured action (Rename, Quarantine, Deny Access or Pass) on abc.zip, not 123.doc.

If the action is:

Rename: OfficeScan renames abc.zip to abc.vir, but does not rename 123.doc.

Quarantine: OfficeScan quarantines abc.zip (123.doc and all non-infected files are quarantined).

Pass: OfficeScan performs no action on both abc.zip and 123.doc but logs the virus detection.

Deny Access: OfficeScan denies access to abc.zip when it is opened (123.doc and all non-infected files cannot be opened).

Enable Assessment Mode

When in assessment mode, all clients managed by the server will log spyware/grayware detected during Manual Scan, Scheduled Scan, Real-time Scan, and Scan Now but will not clean spyware/grayware components. Cleaning terminates processes or deletes registries, files, cookies, and shortcuts.

Trend Micro provides assessment mode to allow you to evaluate items that Trend Micro detects as spyware/grayware and then take appropriate action based on your evaluation. For example, detected spyware/grayware that you do not consider a security risk can be added to the Spyware/Grayware Approved List.

When in assessment mode, OfficeScan performs the following scan actions:

Scan for Cookies

Select this option if you consider cookies as potential security risks. When selected, all clients managed by the server will scan cookies for spyware/grayware during Manual Scan, Scheduled Scan, Real-time Scan, and Scan Now.