Virus_Malware_scan_results

Virus/Malware Scan Results

A. If Scan Action is Successful

The following results display if OfficeScan was able to perform the configured scan action:

An infected file was cleaned.

This scan result only displays when OfficeScan detects "probable virus/malware" during Manual Scan, Scheduled Scan, and Scan Now. OfficeScan automatically uses Pass as the scan action when it detects probable virus/malware. Refer to the following page on the Trend Micro online Virus Encyclopedia for information about probable virus/malware and how to submit suspicious files to Trend Micro for analysis.

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=POSSIBLE_VIRUS&VSect=Sn

B. If Scan Action is Unsuccessful

The following results display if OfficeScan was unable to perform the configured scan action:

Clean is the first action. Quarantine is the second action, and both actions were unsuccessful.

Solution: See "Unable to quarantine the file" below.

Clean is the first action. Delete is the second action, and both actions were unsuccessful.

Solution: See "Unable to delete the file" below.

Clean is the first action. Rename is the second action, and both actions were unsuccessful.

Solution: See "Unable to rename the file" below.

Explanation 1

The infected file may be locked by another application, is executing, or is on a CD. OfficeScan will quarantine/rename the file after the application releases the file or after it has been executed.

Solution

For infected files on a CD, consider not using the CD as the virus may infect other computers on the network.

Explanation 2

The infected file is in the Temporary Internet Files folder of the client computer. Since the computer downloads files while you are browsing the Web, the Web browser may have locked the infected file. When the Web browser releases the file, OfficeScan will quarantine/rename the file.

Solution: None

Explanation 1

The infected file may be contained in a compressed file and the Clean/Delete infected files within compressed files setting in Networked Computers > Global Client Settings is disabled.

Solution

Enable the Clean/Delete infected files within compressed files option. When enabled, OfficeScan decompresses a compressed file, cleans/deletes infected files within the compressed file, and then re-compresses the file.

Explanation 2

The infected file may be locked by another application, is executing, or is on a CD. OfficeScan will delete the file after the application releases the file or after it has been executed.

Solution

For infected files on a CD, consider not using the CD as the virus may infect other computers on the network.

Explanation 3

The infected file is in the Temporary Internet Files folder of the client computer. Since the computer downloads files while you are browsing the Web, the Web browser may have locked the infected file. When the Web browser releases the file, OfficeScan will delete the file.

Solution: None

Although OfficeScan successfully quarantined a file in the \Suspect folder of the client computer, it cannot send the file to the designated quarantine directory.

Solution

Determine which scan type (Manual Scan, Real-time Scan, Scheduled Scan, or Scan Now) detected the virus/malware and then check the quarantine directory specified in Networked Computers > Client Management > Settings > {Scan Type} > Action tab.

If the quarantine directory is on the OfficeScan server computer or is on another OfficeScan server computer:

  1. Check if the client can connect to the server.

  2. If you use URL as the quarantine directory format:

    1. Ensure that the computer name you specify after "http://" is correct.

    2. Check the size of the infected file. If it exceeds the maximum file size specified in Administration > Quarantine Manager, adjust the setting to accommodate the file. You may also perform other actions such as deleting the file.

    3. Check the size of the quarantine directory folder and determine whether it has exceeded the folder capacity specified in Administration > Quarantine Manager. Adjust the folder capacity or manually delete files in the quarantine directory.

  3. If you use UNC path, ensure that the quarantine directory folder is shared to the group "Everyone" and that you assign read and write permission to this group. Also check if the quarantine directory folder exists and if the UNC path is correct.

If the quarantine directory is on another computer on the network (You can only use UNC path for this scenario):

  1. Check if the client can connect to the computer.

  2. Ensure that the quarantine directory folder is shared to the group "Everyone" and that you assign read and write permission to this group.

  3. Check if the quarantine directory folder exists.

  4. Check if the UNC path is correct.

If the quarantine directory is on a different directory on the client computer (you can only use absolute path for this scenario), check if the quarantine directory folder exists.

Explanation 1

The infected file may be contained in a compressed file and the Clean/Delete infected files within compressed files setting in Networked Computers > Global Client Settings is disabled.

Solution

Enable the Clean/Delete infected files within compressed files option. When enabled, OfficeScan decompresses a compressed file, cleans/deletes infected files within the compressed file, and then re-compresses the file.

Explanation 2

The infected file is in the Temporary Internet Files folder of the client computer. Since the computer downloads files while you are browsing the Web, the Web browser may have locked the infected file. When the Web browser releases the file, OfficeScan will clean the file.

Solution: None

Explanation 3

The file may be uncleanable. For details and solutions, see Uncleanable File.

See also: