Appendix B: Reference Lists
Reference lists of available Virus/Malware Scan Actions, Pattern and Scan Engine Files, and Scan Action Results for Compressed Files.
Available Virus/Malware Scan Actions
- Delete
- CPM for Mac deletes the infected file.
- Quarantine
- CPM for Mac moves infected files to the following, non-configurable, directory on the client’s
computer:
/Library/Application Support/TrendMicro/common/lib/vsapi/quarantine/ - Clean
- CPM for Mac cleans the infected file before allowing full access to the file. If the file is uncleanable, CPM for Mac performs a second action, which can be one of the following actions: Quarantine (typical), Delete, Rename or Pass.
- Pass
- CPM for Mac performs no action on the infected file but records the virus or malware detection
in the logs. The file stays where it is located. CPM for Mac cannot use this scan action during
Real-time Scan because performing no action when an attempt to open or execute an infected file is
detected allows virus and malware code to execute. All the other scan actions can be used during
Real-time Scan.
For the "probable virus/malware" type, CPM for Mac always performs no action on detected files (regardless of the scan type) to mitigate false positives. If further analysis confirms that the probable virus or malware is indeed a security risk, a new pattern will be released to allow CPM for Mac to take the appropriate scan action. If actually harmless, the probable virus or malware will no longer be detected.
Pattern and Scan Engine Files
- Virus Pattern
- A file that helps CPM’s conventional scan clients identify virus signatures, unique patterns of bits and bytes that signal the presence of a virus.
- Virus Scan Engine
- The engine that scans for and takes appropriate action on viruses/ malware; supports 32-bit and 64-bit platforms.
- Spyware Active-monitoring Pattern File
- used for real-time spyware/grayware scanning.
Scan Action Results for Compressed Files
| Status of Clean/ Delete Infected Files in Compressed Files | CPM for Mac Action | Compressed File Format | Result |
|---|---|---|---|
| Enabled | Clean or Delete | Not supported Example: def.rar contains an infected file
123.doc. |
CPM for Mac encrypts def.rar but does not clean, delete, or perform any
other action on 123.doc. |
| Disabled | Clean or Delete | Supported/ Not supported Example: abc.zip contains an infected file
123.doc. |
CPM for Mac does not clean, delete, or perform any other action on both
abc.zip and 123.doc. |
| Enabled/Disabled | Not Clean or Delete (in other words, any of the following: Quarantine or Pass) | Supported/ Not supported Example: abc.zip contains an infected file
123.doc. |
CPM performs the configured action (Quarantine or Pass) on abc.zip, not
123.doc.If the action is: Quarantine: CPM for Mac quarantines
abc.zip (123.doc and all non-infected files are quarantined).
If the action is Pass: CPM for Mac performs no action on both abc.zip
and 123.doc but logs the virus detection. |