gloscaset
There are a number of ways global scan settings get applied to clients.
A particular scan setting can apply to all clients that the server manages or only to clients with certain scan privileges. For example, if you configure the postpone Scheduled Scan duration, only clients with the privilege to postpone Scheduled Scan will use the setting.
A particular scan setting can apply to all or only to a particular scan type. For example, on computers with both the OfficeScan server and client installed, you can exclude the OfficeScan server database from scanning. However, this setting applies only during Real-time Scan.
A particular scan setting can apply when scanning for either virus/malware or spyware/grayware, or both. For example, assessment mode only applies during spyware/grayware scanning.
To configure global scan settings:
Networked Computers > Global Client Settings
Go to the following sections and configure the settings:
|
Global Scan Settings |
|
Section |
Settings |
|
Scan Settings |
|
|
Scheduled Scan Settings |
Only clients set to run Scheduled Scan will use the following settings. Scheduled Scan can scan for virus/malware and spyware/grayware. |
Click Save.
All clients managed by the server check the following settings when scanning compressed files for virus/malware and spyware/grayware during Manual Scan, Real-time Scan, Scheduled Scan, and Scan Now:
Do not scan files in the compressed file if the size exceeds __ MB: OfficeScan does not scan any file that exceeds the limit.
In a compressed file, scan only the first __ files: After decompressing a compressed file, OfficeScan scans the specified number of files and ignores any remaining files, if any.
When this setting is enabled, all clients managed by the server add a Scan with OfficeScan client option to the right-click menu in Windows Explorer. When users right-click a file or folder on the Windows desktop or in Windows Explorer and select the option, Manual Scan scans the file or folder for virus/malware and spyware/grayware.
Scan with OfficeScan Client option
If the OfficeScan client and server exist on the same computer, the client will not scan the server database for virus/malware and spyware/grayware during Real-time Scan.
Enable this setting to prevent database corruption that may occur during scanning.
If the OfficeScan client and a Microsoft Exchange 2000/2003 server exist on the same computer, OfficeScan will not scan the following Microsoft Exchange folders and files for virus/malware and spyware/grayware during Manual Scan, Real-time Scan, Scheduled Scan and Scan Now.:
The following folders in .\Exchsrvr\Mailroot\vsi 1: Queue, PickUp, and BadMail
.\Exchsrvr\mdbdata, including these files: priv1.stm, priv1.edb, pub1.stm, and pub1.edb
.\Exchsrvr\Storage Group
For Microsoft Exchange 2007 or later folders, you need to manually add the folders to the scan exclusion list. For scan exclusion details, see the following website:
http://technet.microsoft.com/en-us/library/bb332342.aspx
See Scan Exclusions for steps in configuring the scan exclusion list.
When all clients managed by the server detect virus/malware within compressed files during Manual Scan, Real-time Scan, Scheduled Scan and Scan Now, and the following conditions are met, clients clean or delete the infected files.
"Clean" or "Delete" is the action OfficeScan is set to perform. Check the action OfficeScan performs on infected files by going to Networked Computers > Client Management > {Scan Type} > Action tab.
You enable this setting. Enabling this setting may increase computer resource usage during scanning and scanning may take longer to complete. This is because OfficeScan needs to decompress the compressed file, clean/delete infected files within the compressed file, and then re-compress the file.
The compressed file format is supported. OfficeScan only supports certain compressed file formats, including ZIP and Office Open XML, which uses ZIP compression technologies. Office Open XML is the default format for Microsoft Office 2007 applications such as Excel, PowerPoint, and Word.
Contact your support provider for a complete list of supported compressed file formats.
For example, Real-time Scan is set to delete files infected with a virus. After Real-time Scan decompresses a compressed file named abc.zip and detects an infected file 123.doc within the compressed file, OfficeScan deletes 123.doc and then re-compresses abc.zip, which is now safe to access.
The following table describes what happens if any of the conditions is not met.
|
Compressed File Scenarios and Results |
|
Status of "Clean/ |
Action OfficeScan is set to perform |
Compressed file format |
Result |
|
Enabled |
Clean or Delete |
Not supported Example: def.rar contains an infected file 123.doc. |
OfficeScan encrypts def.rar but does not clean, delete, or perform any other action on 123.doc. |
|
Disabled |
Clean or Delete |
Supported/Not supported Example: abc.zip contains an infected file 123.doc. |
OfficeScan does not clean, delete, or perform any other action on both abc.zip and 123.doc. |
|
Enabled/ |
Not Clean or Delete (in other words, any of the following: Rename, Quarantine, Deny Access or Pass) |
Supported/Not supported Example: abc.zip contains an infected file 123.doc. |
OfficeScan performs the configured action (Rename, Quarantine, Deny Access or Pass) on abc.zip, not 123.doc. If the action is: Rename: OfficeScan renames abc.zip to abc.vir, but does not rename 123.doc. Quarantine: OfficeScan quarantines abc.zip (123.doc and all non-infected files are quarantined). Pass: OfficeScan performs no action on both abc.zip and 123.doc but logs the virus detection. Deny Access: OfficeScan denies access to abc.zip when it is opened (123.doc and all non-infected files cannot be opened). |
When in assessment mode, all clients managed by the server will log spyware/grayware detected during Manual Scan, Scheduled Scan, Real-time Scan, and Scan Now but will not clean spyware/grayware components. Cleaning terminates processes or deletes registries, files, cookies, and shortcuts.
Trend Micro provides assessment mode to allow you to evaluate items that Trend Micro detects as spyware/grayware and then take appropriate action based on your evaluation. For example, detected spyware/grayware that you do not consider a security risk can be added to the Spyware/Grayware Approved List.
When in assessment mode, OfficeScan performs the following scan actions:
Pass: During Manual Scan, Scheduled Scan and Scan Now
Deny Access: During Real-time Scan
Assessment mode overrides any user-configured scan action. For example, even if you choose "Clean" as the scan action during Manual Scan, "Pass" remains as the scan action when the client is on assessment mode.
Select this option if you consider cookies as potential security risks. When selected, all clients managed by the server will scan cookies for spyware/grayware during Manual Scan, Scheduled Scan, Real-time Scan, and Scan Now.
OfficeScan displays a notification message minutes before scanning runs to remind users of the scan schedule (date and time) and any Scheduled Scan privilege you grant them.
The notification message can be enabled/disabled from Networked Computers > Client Management > Settings > Privileges and Other Settings > Other Settings tab > Scheduled Scan Settings. If disabled, no reminder displays.
Only users with the "Postpone Scheduled Scan" privilege can perform the following actions:
Postpone Scheduled Scan before it runs and then specify the postpone duration.
If Scheduled Scan is in progress, users can stop scanning and restart it later. Users then specify the amount of time that should elapse before scanning restarts. When scanning restarts, all previously scanned files are scanned again.
The maximum postpone duration/elapsed time users can specify is 12 hours and 45 minutes, which you can reduce by specifying the number of hour(s) and/or minute(s) in the fields provided.
OfficeScan stops scanning when the specified amount of time is exceeded and scanning is not yet complete. OfficeScan immediately notifies users of any security risk detected during scanning.
OfficeScan immediately skips scanning when Scheduled Scan launches if it detects that a wireless computer's battery life is running low and its AC adapter is not connected to any power source. If battery life is low but the AC adapter is connected to a power source, scanning proceeds.
When Scheduled Scan did not launch because OfficeScan is not running on the day and time of Scheduled Scan, you can specify when OfficeScan will resume scanning:
Same time next day: If OfficeScan is running at the exact same time next day, scanning is resumed.
__ minutes after the computer starts: OfficeScan resumes scanning a number of minutes after the user turns on the computer. The number of minutes is between 10 and 120.
Users can postpone or skip a resumed Scheduled Scan if the administrator enabled this privilege. For details, see Scheduled Scan Privileges and Other Settings.
OfficeScan consolidates virus log entries when detecting multiple infections from the same virus/malware over a short period of time. OfficeScan may detect a single virus/malware multiple times, quickly filling the virus/malware log and consuming network bandwidth when the client sends log information to the server. Enabling this feature helps reduce both the number of virus/malware log entries made and the amount of network bandwidth clients consume when they report virus log information to the server.
See also: