Scan_Actions
Specify the action Trend Micro Security performs when a particular scan type detects a security risk.
The action Trend Micro Security performs depends on the scan type that detected the security risk. For example, when Trend Micro Security detects a security risk during Manual Scan (scan type), it cleans (action) the infected file.
The following are the actions Trend Micro Security can perform against security risks:
Trend Micro Security removes the infected file from the computer.
Trend Micro Security renames and then moves the infected file to the quarantine directory on the client computer located in <Client installation folder>/common/lib/vsapi/quarantine.
Once in the quarantine directory, Trend Micro Security can perform another action on the quarantined file, depending on the action specified by the user. Trend Micro Security can delete, clean, or restore the file. Restoring a file means moving it back to its original location without performing any action. Users may restore the file if it is actually harmless. Cleaning a file means removing the security risk from the quarantined file and then moving it to its original location if cleaning is successful.
Trend Micro Security removes the security risk from an infected file before allowing users to access it.
If the file is uncleanable, Trend Micro Security performs a second action, which can be one of the following actions: Quarantine, Delete, and Pass. To configure the second action, navigate to Client Management > Settings > {Scan Type} > Action tab.
Trend Micro Security performs no action on the infected file but records the detected security risk in the logs. The file stays where it is located.
Trend Micro Security always performs "Pass" on files infected with the Probable Virus/Malware type to mitigate a False Positive. If further analysis confirms that probable virus/malware is indeed a security risk, a new pattern will be released to allow Trend Micro Security to perform the appropriate scan action. If actually harmless, probable virus/malware will no longer be detected.
For example:
Trend Micro Security detects "x_probable_virus" on a file named "123.pdf" and performs no action at the time of detection. Trend Micro then confirms that "x_probable_virus" is a Trojan horse program and releases a new Virus Pattern version. After loading the new pattern, Trend Micro Security will detect "x_probable_virus" as a Trojan program and, if the action against such programs is "Delete", will delete "123.pdf".
When configuring the scan action, select from the following options:
Use ActiveAction
ActiveAction is a set of pre-configured scan actions for different types of security risks. If you are unsure which scan action is suitable for a certain type of security risk, Trend Micro recommends using ActiveAction.
ActiveAction settings are constantly updated in the pattern files to protect computers against the latest security risks and the latest methods of attacks.
Use the same action for all security risk types
Select this option if you want the same action performed on all types of security risks, except probable virus/malware. For Probable Virus/Malware, the action is always "Pass".
If you choose "Clean" as the first action, select a second action that Trend Micro Security performs if cleaning is unsuccessful. If the first action is not "Clean", no second action is configurable.
When Trend Micro Security detects a security risk during Real-time Scan, it can display a notification message to inform the user about the detection.
Trend Micro Security displays a notification message five minutes before Scheduled Scan runs. Users can postpone scanning to a later time and will be reminded again before the scan runs. Users can also cancel the scan.
See also: