Virus/Malware Scan Actions

Delete

Trend Micro Apex One deletes the infected file.

Quarantine

Trend Micro Apex One renames,encrypts, and moves the infected file to a temporary quarantine directory on the agent endpoint located in <Agent installation folder>\Suspect.

The Security Agent then sends quarantined files to the designated quarantine directory.

See Quarantine Directory for details.

The default quarantine directory is on the Trend Micro Apex One server, under <Server installation folder>\PCCSRV\Virus.

If you need to restore any of the quarantined files, use Central Quarantine Restore.

For details, see Restoring Quarantined Files.

Clean

Trend Micro Apex One cleans the infected file before allowing full access to the file.

If the file is uncleanable, Trend Micro Apex One performs a second action, which can be one of the following actions: Quarantine, Delete, Rename, and Pass.

To configure the second action, go to Agents → Agent Management. Click Settings → Scan Settings → {Scan Type} → Action tab.

This action can be performed on all types of malware except probable virus/malware.

Rename

Trend Micro Apex One changes the infected file's extension to "vir". Users cannot open the renamed file initially, but can do so if they associate the file with a certain application.

The virus/malware may execute when opening the renamed infected file.

Pass

Trend Micro Apex One can only use this scan action when it detects any type of virus during Manual Scan, Scheduled Scan, and Scan Now. Trend Micro Apex One cannot use this scan action during Real-time Scan because performing no action when an attempt to open or execute an infected file is detected will allow virus/malware to execute. All the other scan actions can be used during Real-time Scan.

Deny Access

This scan action can only be performed during Real-time Scan. When Trend Micro Apex One detects an attempt to open or execute an infected file, it immediately blocks the operation.

Users can manually delete the infected file.