Real-time Scan: Scan Actions

Select the scan actions:

  • ActiveAction: Select to use a set of pre-configured scan actions for viruses/malware

    For details, see ActiveAction.

    • Customize action for probable virus/malware: Select and specify the action that the Security Agent takes on probable malware threats

  • Customized actions: Specify the action that the Security Agent takes on specific security threats

    • If theĀ first action is unsuccessful, the Security Agent performs the following second action depending on the first action.

      • If the first action is "Quarantine", the second action is "Delete".

      • If the first action is "Rename", "Delete" or "Clean", the second action is "Quarantine".

    • If the first action is "Pass" or "Access Denied", the Security Agent does not perform a second action.

    Table 1. Custom Scan Actions




    Deletes the infected file.


    Renames and then moves the infected file to a temporary quarantine directory on the endpoint.

    The Security Agent then sends quarantined files to the designated quarantine directory.

    The Security Agent encrypts quarantined files sent to this directory.


    Cleans the infected file before allowing full access to the file.

    This action can be performed on all types of security threats except probable virus/malware.


    Some files are uncleanable. For details, see Uncleanable Files.


    Changes the infected file's extension to vir. Users cannot open the renamed file initially, but can do so if they associate the file with a certain application.

    The virus/malware may execute when opening the renamed infected file.

    Deny Access

    When the Security Agent detects an attempt to open or execute an infected file, it immediately blocks the operation.

    Users can manually delete the infected file.