Possible Actions Parent topic

During this scan
PortalProtect executes this action
Security Risk (real-time)
Clean, Block or Pass
File Blocking (real-time)
Block or Pass
Content Filtering (real-time)
Block or Pass
Web Reputation (real-time)
Block or Pass
Data Loss Prevention (real-time)
Block or Pass
Manual > Security Risk
Clean, Quarantine, Delete, Pass, or Rename
Manual > File Blocking
Quarantine, Delete, or Pass
Manual > Content Filtering
Quarantine, Delete, or Pass
Manual > Data Loss Prevention
Quarantine, Delete, or Pass
Scheduled > Security Risk
Clean, Quarantine, Delete, Pass, or Rename
Scheduled > File Blocking
Quarantine, Delete, or Pass
Scheduled > Content Filtering
Quarantine, Delete, or Pass
Scheduled > Data Loss Prevention
Quarantine, Delete, or Pass
If you select to use a customized action, you can set a scan action for each type of threat. PortalProtect automatically executes the action when it detects a threat with which the action is associated. Any scan action PortalProtect performs is recorded in the Virus logs.
Scan actions for viruses include the following:
  • Clean–Removes virus code from infected files. When PortalProtect cannot clean the file, it takes the specified secondary action. Trend Micro recommends you use the default scan action: Clean, for viruses. Choose a secondary action for PortalProtect to execute when it cannot clean the file. The default secondary action is Quarantine. During a manual or scheduled scan, PortalProtect updates the database and replaces the document content with the cleaned one.
Note
Note
The Clean action is not available for Additional threats and Packed files.
  • Delete–Deletes the file and logs an event.
  • Quarantine–Moves the file to the PortalProtect database, thereby removing it as a security risk to the SharePoint environment.
  • Rename–keeps the filename, but changes the file extension to .vir to prevent it from being opened or executed. For example: virus.exe will be renamed to virus.exe.vir.
    During real-time scanning PortalProtect allows the renamed file to enter the SharePoint server.
  • Block–Blocks the file from accessing the SharePoint server and logs an event.
  • Pass–Records a virus infection or malicious file in the virus log, but takes no action upon the file itself.
Note
Note
PortalProtect performs a previous scan action specified while downloading a file, if that scan action is changed later. When a file is scanned with the first action specified, and you then change the scan action to another value, the file will not be sent to PortalProtect for re-scan. For example, if you change the scan action from PASS to CLEAN and then try to download the file, the resulting action for the file is PASS instead of CLEAN.