Virus/Malware Scan Actions

The scan action Apex One performs depends on the virus/malware type and the scan type that detected the virus/malware. For example, when Apex One detects a Trojan horse program (virus/malware type) during Manual Scan (scan type), it cleans (action) the infected file.

For information on the different virus/malware types, see Viruses and Malware.

The following are the actions Apex One can perform against viruses/malware.

Table 1. Virus/Malware Scan Actions




Apex One deletes the infected file.


Apex One renames,encrypts, and moves the infected file to a temporary quarantine directory on the agent endpoint located in <Agent installation folder>\Suspect.

The Security Agent then sends quarantined files to the designated quarantine directory.

See Quarantine Directory for details.

The default quarantine directory is on the Apex One server, under <Server installation folder>\PCCSRV\Virus.

If you need to restore any of the quarantined files, use Central Quarantine Restore.

For details, see Restoring Quarantined Files.


Apex One cleans the infected file before allowing full access to the file.

If the file is uncleanable, Apex One performs a second action, which can be one of the following actions: Quarantine, Delete, Rename, and Pass.

To configure the second action, go to Agents > Agent Management. Click Settings > Scan Settings > {Scan Type} > Action tab.

This action can be performed on all types of malware except probable virus/malware.


Apex One changes the infected file's extension to "vir". Users cannot open the renamed file initially, but can do so if they associate the file with a certain application.

The virus/malware may execute when opening the renamed infected file.


Apex One can only use this scan action when it detects any type of virus during Manual Scan, Scheduled Scan, and Scan Now. Apex One cannot use this scan action during Real-time Scan because performing no action when an attempt to open or execute an infected file is detected will allow virus/malware to execute. All the other scan actions can be used during Real-time Scan.

Deny Access

This scan action can only be performed during Real-time Scan. When Apex One detects an attempt to open or execute an infected file, it immediately blocks the operation.

Users can manually delete the infected file.