Scan Actions

The action that the agent performs depends on the scan type that detected the security risk. For example, when the agent detects a security risk during Manual Scan (scan type), it cleans (action) the infected file.

Scan actions are configured by the Trend Micro Security (for Mac) administrator.

Scan Action



Removes the security risk from the infected file before allowing you to access the file. If the file is uncleanable, the agent performs a second action, which can either be Quarantine, Delete, or Pass.


Removes the infected file permanently from the computer.


Performs no action on the infected file but records the detected security risk in the logs. The file stays where it is located.


Renames and then moves an infected file to the quarantine directory on the computer.

Quarantined files display on the Quarantined Files screen on the console. For details, see Working with Quarantined Files.