Different types of virus/malware require different scan actions. Customizing scan actions requires knowledge about virus/malware and can be a tedious task. The Security Agent uses ActiveAction to counter these issues.
ActiveAction is a set of pre-configured scan actions for viruses/malware. If you are not familiar with scan actions or if you are not sure which scan action is suitable for a certain type of virus/malware, Trend Micro recommends using ActiveAction.
Using ActiveAction provides the following benefits:
-
ActiveAction uses scan actions that are recommended by Trend Micro. You do not have to spend time configuring the scan actions.
-
Virus writers constantly change the way virus/malware attack endpoints. ActiveAction settings are updated to protect against the latest threats and the latest methods of virus/malware attacks.
The following table illustrates how ActiveAction handles each type of virus/malware.
Virus/Malware Type |
Real-time Scan |
Manual Scan/Scheduled Scan |
||
---|---|---|---|---|
First Action |
Second Action |
First Action |
Second Action |
|
CVE exploit |
Pass |
N/A |
N/A |
N/A |
Joke |
Quarantine |
N/A |
Quarantine |
N/A |
Trojans |
Quarantine |
N/A |
Quarantine |
N/A |
Virus |
Clean |
Quarantine |
Clean |
Quarantine |
Test virus |
Deny Access |
N/A |
Pass |
N/A |
Packer |
Quarantine |
N/A |
Quarantine |
N/A |
Others |
Clean |
Quarantine |
Clean |
Quarantine |
Probable malware |
Deny Access or user-configured action |
N/A |
Pass or user-configured action |
N/A |
-
For probable virus/malware, the default action is "Deny Access" during Real-time Scan and "Pass" during Manual Scan and Scheduled Scan. If these are not your preferred actions, you can change them to "Quarantine", "Delete", or "Rename".
-
Some files are uncleanable.
-
ActiveAction is not available for spyware/grayware scan.