|
During this scan
|
PortalProtect executes this
action
|
|
Security Risk (real-time)
|
Clean, Block or Pass
|
|
File Blocking (real-time)
|
Block or Pass
|
|
Content Filtering (real-time)
|
Block or Pass
|
|
Web Reputation (real-time)
|
Block or Pass
|
|
Data Loss Prevention (real-time)
|
Block or Pass
|
|
Manual > Security Risk
|
Clean, Quarantine, Delete, Pass, or Rename
|
|
Manual > File Blocking
|
Quarantine, Delete, or Pass
|
|
Manual > Content Filtering
|
Quarantine, Delete, or Pass
|
|
Manual > Data Loss Prevention
|
Quarantine, Delete, or Pass
|
|
Scheduled > Security Risk
|
Clean, Quarantine, Delete, Pass, or Rename
|
|
Scheduled > File Blocking
|
Quarantine, Delete, or Pass
|
|
Scheduled > Content Filtering
|
Quarantine, Delete, or Pass
|
|
Scheduled > Data Loss Prevention
|
Quarantine, Delete, or Pass
|
If you select to use a customized action, you can set a scan action for each type
of threat. PortalProtect automatically executes
the action when it detects a threat with which the action is associated. Any scan
action PortalProtect performs is recorded in the Virus
logs.
Scan actions for viruses include the following:
-
Clean–Removes virus code from infected files. When PortalProtect cannot clean the file, it takes the specified secondary action. Trend Micro recommends you use the default scan action: Clean, for viruses. Choose a secondary action for PortalProtect to execute when it cannot clean the file. The default secondary action is Quarantine. During a manual or scheduled scan, PortalProtect updates the database and replaces the document content with the cleaned one.
 |
NoteThe Clean action is not available for Additional
threats and Packed files.
|
-
Delete–Deletes the file and logs an event.
-
Quarantine–Moves the file to the PortalProtect database, thereby removing it as a security risk to the SharePoint environment.
-
Rename–keeps the filename, but changes the file extension to
.virto prevent it from being opened or executed. For example:virus.exewill be renamed tovirus.exe.vir.During real-time scanning PortalProtect allows the renamed file to enter the SharePoint server. - Block–Blocks the file from accessing the SharePoint server and logs an event.
- Pass–Records a virus infection or malicious file in the virus log, but takes no action upon the file itself.
|
NotePortalProtect performs a previous scan action
specified while downloading a file, if that scan action is changed later. When a file
is scanned
with the first action specified, and you then change the scan action to another value,
the file
will not be sent to PortalProtect for re-scan.
For example, if you change the scan action from PASS to CLEAN and then try to download
the file,
the resulting action for the file is PASS instead of CLEAN.
|