Configuring the Scan Action Tab

Virus/Malware Action

About this task

The default scan action CPM performs depends on the virus/malware type and the scan type that detected the virus/malware. For example, because Trojan horse programs cannot be cleaned (there is no virus code to remove from an infected file), the default action is to Quarantine them. The default action for viruses, however, is to clean them. If that fails, the backup action is to quarantine them.

Note: Quarantining files: You can have CPM quarantine any harmful files that it detects. These files will be encrypted and moved to a directory on the endpoint that prevents users from opening them and spreading the virus/malware to other computers in the network. Trend Micro provides a tool for decrypting quarantined files called VSEncode.exe. See Default ActiveAction Behaviors for more information.

Procedure

  • Use ActiveAction: ActiveAction is a set of pre-configured scan actions for specific types of viruses/malware. Trend Micro recommends using ActiveAction if you are not sure which scan action is suitable for each type of virus/malware. See Default ActiveAction Behaviors for a list threat types and their associated ActiveAction.

  • Use the same action for all virus/malware types: If the first action fails, CPM will automatically take the second action. For example, say the first action is Clean and the second is Quarantine. If CPM detects a virus but the code cannot be removed, (that is, the file cannot be "cleaned"), the file will be quarantined. See Available Virus/Malware Scan Actions for more information.
  • Use a specific action for each virus/malware type: Choose this option and specify a 1st action and 2nd action for each threat type. See Available Virus/Malware Scan Actions for more information.
  • Back up files before cleaning: CPM will encrypt the original file and make an encrypted copy on the client computer before it attempts to clean the file. For instructions on decrypting backup copies, see CPM Server Management.
  • Display a notification message on the client computer when virus/malware is detected: Enabling this option allows CPM to display a notification message for end users to see when virus or malware has been detected on their client machine.