Custom Scan Actions




Deletes the infected file.


Renames and then moves the infected file to a temporary quarantine directory on the endpoint.

The Security Agent then sends quarantined files to the designated quarantine directory, which is on the managing server by default.

The Security Agent encrypts quarantined files sent to this directory.

For more information, see Quarantine Directory.


Cleans the infected file before allowing full access to the file.

If the file is uncleanable, the Security Agent performs a second action, which can be one of the following actions: "Quarantine", "Delete", "Rename", and "Pass".

This action can be performed on all types of security threats except probable virus/malware.


Some files are uncleanable. For more information, see Uncleanable Files.


Changes the infected file's extension to vir. Users cannot open the renamed file initially, but can do so if they associate the file with a certain application.

The virus/malware may execute when opening the renamed infected file.


Performs no action on detected threats but records the detection in the logs.

Deny Access

When the Security Agent detects an attempt to open or execute an infected file, it immediately blocks the operation.

Users can manually delete the infected file.