Views:
The following scan results display in the virus/malware logs:

Scan Results

Result
Description
Deleted
  • First action is Delete and the infected file was deleted.
  • First action is Clean but cleaning was unsuccessful. Second action is Delete and the infected file was deleted.
Quarantined
  • First action is Quarantine and the infected file was quarantined.
  • First action is Clean but cleaning was unsuccessful. Second action is Quarantine and the infected file was quarantined.
Cleaned
An infected file was cleaned.
Renamed
  • First action is Rename and the infected file was renamed.
  • First action is Clean but cleaning was unsuccessful. Second action is Rename and the infected file was renamed.
Access denied
  • First action is Deny Access and access to the infected file was denied when the user attempted to open the file.
  • First action is Clean but cleaning was unsuccessful. Second action is Deny Access and access to the infected file was denied when the user attempted to open the file.
  • Probable Virus/Malware was detected during Real-time Scan.
  • Real-time Scan may deny access to files infected with a boot virus even if the scan action is Clean (first action) and Quarantine (second action). This is because attempting to clean a boot virus may damage the Master Boot Record (MBR) of the infected endpoint. Run Manual Scan so Apex One can clean or quarantine the file.
Passed
  • First action is Pass. Apex One did not perform any action on the infected file.
  • First action is Clean but cleaning was unsuccessful. Second action is Pass so Apex One did not perform any action on the infected file.
Passed a potential security risk
This scan result only displays when Apex One detects "probable virus/malware" during Manual Scan, Scheduled Scan, and Scan Now. Refer to the following page on the Trend Micro online Virus Encyclopedia for information about probable virus/malware and how to submit suspicious files to Trend Micro for analysis.
https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/possible_virus
Unable to clean or quarantine the file
Clean is the first action. Quarantine is the second action, and both actions were unsuccessful.
Solution: See Unable to quarantine the file/Unable to rename the file.
Unable to clean or delete the file
Clean is the first action. Delete is the second action, and both actions were unsuccessful.
Solution: See Unable to delete the file.
Unable to clean or rename the file
Clean is the first action. Rename is the second action, and both actions were unsuccessful.
Solution: See Unable to quarantine the file/Unable to rename the file.
Unable to quarantine the file/Unable to rename the file
Explanation 1
The infected file may be locked by another application, is executing, or is on a CD. Apex One will quarantine/rename the file after the application releases the file or after it has been executed.
Solution
For infected files on a CD, consider not using the CD as the virus may infect other endpoints on the network.
Explanation 2
The infected file is in the Temporary Internet Files folder of the agent endpoint. Since the endpoint downloads files while you are browsing, the web browser may have locked the infected file. When the web browser releases the file, Apex One will quarantine/rename the file.
Solution: None
Unable to delete the file
Explanation 1
The infected file may be contained in a compressed file and the Clean/Delete infected files within compressed files setting in AgentsGlobal Agent Settings on the Security Settings tab is disabled.
Solution
Enable the Clean/Delete infected files within compressed files option. When enabled, Apex One decompresses a compressed file, cleans/deletes infected files within the compressed file, and then re-compresses the file.
Note
Note
Enabling this setting may increase endpoint resource usage during scanning and scanning may take longer to complete.
Explanation 2
The infected file may be locked by another application, is executing, or is on a CD. Apex One will delete the file after the application releases the file or after it has been executed.
Solution
For infected files on a CD, consider not using the CD as the virus may infect other endpoints on the network.
Explanation 3
The infected file is in the Temporary Internet Files folder of the Security Agent endpoint. Since the endpoint downloads files while you are browsing, the web browser may have locked the infected file. When the web browser releases the file, Apex One will delete the file.
Solution: None
Unable to send the quarantined file to the designated quarantine folder
Although Apex One successfully quarantined a file in the \Suspect folder of the Security Agent endpoint, it cannot send the file to the designated quarantine directory.
Solution
Determine which scan type (Manual Scan, Real-time Scan, Scheduled Scan, or Scan Now) detected the virus/malware and then check the quarantine directory specified in AgentsAgent Management > Settings{Scan Type}Action tab.
If the quarantine directory is on the Apex One server computer or is on another Apex One server computer:
  1. Check if the agent can connect to the server.
  2. If you use URL as the quarantine directory format:
    1. Ensure that the endpoint name you specify after http:// is correct.
    2. Check the size of the infected file. If it exceeds the maximum file size specified in AdministrationSettingsQuarantine Manager, adjust the setting to accommodate the file. You may also perform other actions such as deleting the file.
    3. Check the size of the quarantine directory folder and determine whether it has exceeded the folder capacity specified in AdministrationSettingsQuarantine Manager. Adjust the folder capacity or manually delete files in the quarantine directory.
  3. If you use UNC path, ensure that the quarantine directory folder is shared to the group Everyone and that you assign read and write permission to this group. Also check if the quarantine directory folder exists and if the UNC path is correct.
If the quarantine directory is on another endpoint on the network (You can only use UNC path for this scenario):
  1. Check if the Security Agent can connect to the endpoint.
  2. Ensure that the quarantine directory folder is shared to the group Everyone and that you assign read and write permission to this group.
  3. Check if the quarantine directory folder exists.
  4. Check if the UNC path is correct.
If the quarantine directory is on a different directory on the Security Agent endpoint (you can only use absolute path for this scenario), check if the quarantine directory folder exists.
Unable to clean the file
Explanation 1
The infected file may be contained in a compressed file and the Clean/Delete infected files within compressed files setting in AgentsGlobal Agent Settings on the Security Settings tab is disabled.
Solution
Enable the Clean/Delete infected files within compressed files option. When enabled, Apex One decompresses a compressed file, cleans/deletes infected files within the compressed file, and then re-compresses the file.
Note
Note
Enabling this setting may increase endpoint resource usage during scanning and scanning may take longer to complete.
Explanation 2
The infected file is in the Temporary Internet Files folder of the Security Agent endpoint. Since the endpoint downloads files while you are browsing, the web browser may have locked the infected file. When the web browser releases the file, Apex One will clean the file.
Solution: None
Explanation 3
The file may be uncleanable. For details and solutions, see Uncleanable Files.
Action required
Apex One is unable to complete the configured action on the infected file without user intervention. Hover over the Action required column to see the following details.
  • Action required - Contact Support for details on how to remove this threat with the Anti-Threat Tool Kit "Clean Boot" tool found in the Apex One ToolBox
  • Action required - Contact Support for details on how to remove this threat with the Anti-Threat Tool Kit "Rescue Disk" tool found in the Apex One ToolBox
  • Action required - Contact Support for details on how to remove this threat with the Anti-Threat Tool Kit "Rootkit Buster" tool found in the Apex One ToolBox
  • Action Required - Apex One detected a threat on an infected agent. Restart the endpoint to finish cleaning the security threat
  • Action required – A full system scan is required to finish removing a detected rootkit threat from the endpoint
Keywords: probable virus/malware,results