Scan Actions

Virus/Malware Scan Actions

The scan action OfficeScan performs depends on the virus/malware type and the scan type that detected the virus/malware. The scan types are Real-time Scan, Manual Scan and Scheduled Scan. For example, when OfficeScan detects a Trojan horse program (virus/malware type) during Manual Scan (scan type), it cleans (action) the infected file.

If your OfficeScan administrator grants you the privilege to configure scan actions, you can choose from the following scan configuration options:

The scan actions are as follows: (See scan results for details on how OfficeScan logs each of the scan actions it performs.)

Scan Action

Description

Delete

OfficeScan deletes the infected file.

Quarantine

OfficeScan renames and then moves the infected file to a temporary quarantine directory on the client computer, which is found in {OfficeScan client folder}\Suspect.

The OfficeScan client then sends quarantined files to the designated quarantine directory, which the OfficeScan administrator specifies.

Clean

OfficeScan cleans the infected file before allowing full access to the file.

If the file is uncleanable, OfficeScan performs a second action, which can be one of the following actions: Quarantine, Delete, Rename, Pass. If you have the privilege to configure scan actions, you can specify the second action by going to Settings > {Scan Type}. Select Custom action and then click Edit.

  • Note: This action cannot be performed on probable virus/malware.

Rename

OfficeScan changes the infected file's extension to "vir". Users cannot open the renamed file initially, but can do so if they associate the file with a certain application.

  • Warning: The virus/malware may execute when opening the renamed infected file.

Pass

OfficeScan performs no action on the infected file but records the virus/malware detection in the logs. The file stays where it is located.

Deny Access

This scan action can only be performed during Real-time Scan. When OfficeScan detects an attempt to open or execute an infected file, it immediately blocks the operation.

You can manually delete the infected file.

 

Spyware/Grayware Scan Actions

The scan action OfficeScan performs depends on the scan type that detected the spyware/grayware. The scan types are Real-time Scan, Manual Scan and Scheduled Scan.

OfficeScan performs the specified action for all types of spyware/grayware. For example, when OfficeScan detects any type of spyware/grayware during Manual Scan (scan type), it cleans (action) the affected system resources.

The scan actions are as follows: (See scan results for details on how OfficeScan logs each of the scan actions it performs.)

Scan Action

Description

Clean

OfficeScan terminates processes or delete registries, files, cookies and shortcuts.

Pass

OfficeScan performs no action on detected spyware/grayware components but records the spyware/grayware detection in the logs.

Deny Access

OfficeScan denies access (copy, open) to the detected spyware/grayware components.

See also: