If you select to use a customized action, you can set a scan action for each type of threat. PortalProtect automatically executes the action when it detects a threat with which the action is associated. Any scan action PortalProtect performs is recorded in the Virus logs.
Scan actions for viruses include the following:
Clean: Removes virus code from infected files. When PortalProtect cannot clean the file, it takes the specified secondary action. Trend Micro recommends you use the default scan action: Clean, for viruses. Choose a secondary action for PortalProtect to execute when it cannot clean the file. The default secondary action is Quarantine.
During a manual or scheduled scan, PortalProtect updates the database and replaces the document content with the cleaned one.
The Clean action is not available for Additional threats and Packed files.
Delete: removes the file and logs an event.
Quarantine: Moves the file to a PortalProtect database, thereby removing it as a security risk to the SharePoint environment.
Rename: keeps the filename, but changes the file extension to .vir to prevent it from being opened or executed. For example: virus.exe will be renamed to virus.exe.vir. During real-time scanning PortalProtect allows the renamed file to enter the SharePoint server.
Block: Blocks the file from accessing the SharePoint server and logs an event.
Pass: Records a virus infection or malicious file in the virus log, but takes no action upon the file itself.
PortalProtect performs a previous scan action specified while downloading a file, if that scan action is changed later. When a file is scanned with the first action specified, and you then change the scan action to another value, the file will not be sent to PortalProtect for re-scan. For example, if you change the scan action from PASS to CLEAN and then try to download the file, the resulting action for the file is PASS instead of CLEAN.