When PortalProtect detects a file that matches your blocking or scanning configurations, it executes an action to protect your SharePoint environment. The type of action it executes depends on the type of scan it is performing (Real-time, Manual, or Scheduled) and the type of actions you have configured for that scan. Each time that PortalProtect executes an action, it logs an event. You can query these log events from the Logs menu.
Choose whether to set up a backup folder. When you setup a backup folder, PortalProtect sends a copy of the file to the backup directory before it performs the configured actions. See Specify a Backup Folder for Security Risk Scan.
Configure the action that PortalProtect executes when it detects viruses or malicious code. You can configure PortalProtect to use ActiveAction™ or configure a custom action. ActiveAction takes the most appropriate action based on the threat type.
Specify a Backup Folder for Security Risk Scan
Configuring Security Risk Scan: Action Settings