When in assessment mode, OfficeScan logs spyware/grayware detections but does not attempt to clean spyware/grayware components. Cleaning terminates processes or deletes registries, files, cookies and shortcuts.
Trend Micro provides assessment mode to allow you to first evaluate whether spyware/grayware is legitimate or not and then take appropriate action based on your evaluation. For example, you can add legitimate spyware/grayware to the approved list.
During assessment mode, OfficeScan takes the following scan actions:
|
Product Service Activated |
Scan Action |
|||
|
Manual Scan |
Real-time Scan |
Scheduled Scan |
Scan Now | |
|
Web Threat Protection |
Pass |
Pass |
Pass |
Pass |
|
Antivirus and Web Threat Protection |
Pass |
Deny Access |
Pass |
Pass |
Note: Assessment mode overrides any user-configured scan action. For example, even if you choose "Clean" as the scan action for Manual Scan, "Pass" remains as the scan action during assessment mode.
Tips:
Do not configure OfficeScan to be on assessment mode for a long period of time because spyware/grayware outbreaks may occur. Determine how much time you need to collect spyware/grayware samples on your network and then configure assessment mode to take effect only for that period of time.
Regularly examine your logs and determine which of the detected spyware/grayware are legitimate and which ones are not.
Add the legitimate spyware/grayware to the approved list.
If unsure if the spyware/grayware is legitimate or not, try to investigate further or send the files to Trend Micro for analysis.