Configuring the Scan Target Tab

User Activity on Files (Real-Time Scans Only)

Procedure

Scan files being...

  • Created: scans new files and files as they are copied to the client.

  • Modified: scans files that are opened as they are saved to the client.

  • Received: scans files as they are moved or downloaded to the client.

Files to Scan

Procedure

  • All scannable files: This option is the safest, but will also have the greatest effect on client performance; all files are scanned (On-Demand) or monitored (Real-Time), even file types that cannot be infected.
  • File types scanned by IntelliScan: Scans only files known to potentially harbor malicious code, even those disguised by an innocuous-looking extension name. IntelliScan examines the file meta data to determine file type.
  • Files with the following extensions: Scans files based on their extensions. If selected, only file types listed in this field will be scanned. For example, you can specify certain file types as a shortcut to excluding all those file types not on the list.

Scan Settings

Procedure

  • Scan floppy disk during system shutdown: Real-Time scans only.
  • Scan all files in storage devices after plugging in: After plugging in a storage device, CPM scans the entire device before allowing access to the data (Real-Time scans only).
  • Scan network drive: Real-Time scans only. Includes client file activity as it extends to mapped network drives.
  • Scan compressed files. Maximum layers <drop-down list>: CPM will scan up to a specified number of compression layers and skip scanning any excess layers. For example, if the maximum is two layers and a compressed file to be scanned has six layers, CPM scans two layers and skips the remaining four.
    Note: Choose this option to enable scanning of the following file type: Microsoft™ Office 2007 files in Office Open XML format. These are considered compressed because Office Open XML includes ZIP compression technologies for Office 2007 applications such as Excel, PowerPoint, and Word.
  • Scan boot area: On-Demand scans only. Scans the boot sector of the client computer hard disk.
  • Enable IntelliTrap: Blocks real-time compressed executable files and pairs them with other malware characteristics. Trend Micro recommends quarantining (not deleting or cleaning) files when you enable IntelliTrap. Do not use IntelliTrap if your users frequently exchange real-time compressed executable files.

Scan Cache Settings (On-Demand Scans Only)

About this task

The CPM client can build the digital signature and on-demand scan cache files to improve its scan performance. When an on-demand scan runs, the client first checks the digital signature cache file and then the on-demand scan cache file for files to exclude from the scan. Scanning time is reduced if a large number of files are excluded from the scan.

Procedure

  • Enable the digital signature: The CPM client uses the same Digital Signature Pattern used for Behavior Monitoring to build the digital signature cache file. The Digital Signature Pattern contains a list of files that Trend Micro considers trustworthy and therefore can be excluded from scans.
  • Enable the On-Demand Scan cache: Each time scanning runs, the client checks the properties of previously scanned threat-free files. If a threat-free file has not been modified, the client adds the cache of the file to the on-demand scan cache file. When the next scan occurs, the file will not be scanned if its cache has not expired.

CPU Usage (On-Demand Scans Only)

About this task

On-Demand scans can be CPU intensive and clients may notice a performance decrease when the scan is running. You can moderate this affect by introducing a pause after each file is scanned, which will allow the CPU to handle other tasks. Consider factors such as the type of applications run on the computer, CPU, RAM, and what time the scan is run.

Procedure

  • High: No pausing between scans
  • Medium: Pause slightly between scans
  • Low: Pause longer between scans