Views:

Different types of virus/malware require different scan actions. Customizing scan actions requires knowledge about virus/malware and can be a tedious task. The Security Agent uses ActiveAction to counter these issues.

ActiveAction is a set of pre-configured scan actions for viruses/malware. If you are not familiar with scan actions or if you are not sure which scan action is suitable for a certain type of virus/malware, Trend Micro recommends using ActiveAction.

Using ActiveAction provides the following benefits:

  • ActiveAction uses scan actions that are recommended by Trend Micro. You do not have to spend time configuring the scan actions.

  • Virus writers constantly change the way virus/malware attack endpoints. ActiveAction settings are updated to protect against the latest threats and the latest methods of virus/malware attacks.

The following table illustrates how ActiveAction handles each type of virus/malware.

Table 1. Trend Micro Recommended Scan Actions Against Viruses and Malware

Virus/Malware Type

Real-time Scan

Manual Scan/Scheduled Scan

First Action

Second Action

First Action

Second Action

CVE exploit

Pass

N/A

N/A

N/A

Joke

Quarantine

N/A

Quarantine

N/A

Trojans

Quarantine

N/A

Quarantine

N/A

Virus

Clean

Quarantine

Clean

Quarantine

Test virus

Deny Access

N/A

Pass

N/A

Packer

Quarantine

N/A

Quarantine

N/A

Others

Clean

Quarantine

Clean

Quarantine

Probable malware

Deny Access or user-configured action

N/A

Pass or user-configured action

N/A

Note:
  • For probable virus/malware, the default action is "Deny Access" during Real-time Scan and "Pass" during Manual Scan and Scheduled Scan. If these are not your preferred actions, you can change them to "Quarantine", "Delete", or "Rename".

  • Some files are uncleanable.

  • ActiveAction is not available for spyware/grayware scan.