On-Demand Scan Settings Wizard

Core Protection Module for Mac supports only virus/malware scanning on CPM for Mac clients. For details about different types of virus and malware threats, see Appendix C: Understanding Security Risks.

Note: When a user initiates a Manual Scan from the CPM for Mac client console, the scan settings reflect the most recent ones set by the administrator for an On-Demand Scan.

For example, an administrator might schedule an On-Demand Scan on every Thursday 12:00 that scans all file types. The administrator might then run an On-Demand scan of /Users/username/ with different scan settings at 14:00. If an user runs a Manual Scan at 15:00, and the administrator has not changed the settings, the user’s Manual Scan will only scan /Users/username/, not the entire endpoint.

Configuring the Scan Target Tab

Core Protection Module for Mac supports the following configuration options on the Scan Target tab.
  • In the Files to Scan section:
    All scannable files
    All files are scanned, even if the file type cannot contain infections. This option is the safest but also has the greatest effect on client performance.
    File types scanned by IntelliScan
    Scans only files that are known to potentially harbor malicious code, even files disguised by an innocuous-looking extension name, using file metadata to determine file type.
    Target files
    CPM for Mac always scans the files listed. CPM for Mac requires that administrators type the full file path for the files that are targeted for scanning.
  • In the Scan Settings section:
    Scan compressed files
    Scans files that use compression technology. CPM for Mac supports only the scanning of compressed files, not the configuration of the maximum number of compression layers.
  • In the Stop Scanning Settings (Mac only) section:
    Stop scanning after: __ hour(s) __ minute(s)
    Automatically stops a scan that has exceeded the configured time frame.
    Enable the privilege to stop scanning
    Allows CPM for Mac users to cancel an active scan.
  • In the Scan Cache Settings section:
    Enable the scan cache
    Each time scanning runs, the client checks the properties of previously scanned threat-free files. If a threat-free file has not been modified, the client adds the cache of the file to the on-demand scan cache file. When the next scan occurs, CPM for Mac does not scan the file if the cache information has not expired.
  • In the CPU Usage section: On-Demand scans can be CPU intensive and clients might notice a performance decrease when a scan is running. Moderate this effect by introducing a pause after each file is scanned allowing the CPU to handle other tasks. Consider factors such as the type of applications that are run on the computer, CPU, RAM, and what time the scan is run.
    High
    No pausing between scans.
    Low
    Pause longer between scans.

Configuring the Scan Exclusion Tab

Core Protection Module for Mac does not support any configuration options on the Scan Exclusions tab. For details about configuring scan exclusions for Core Protection Module for Mac, see Scan Exclusion Settings for Mac.

Configuring the Scan Action Tab

The default scan action CPM for Mac performs depends on the virus/malware type and the scan type that detected the virus/malware. Core Protection Module for Mac supports the following configuration options on the Scan Action tab.
  • Use ActiveAction: ActiveAction is a set of pre-configured scan actions for different types of security risks. ActiveAction settings are constantly updated in the pattern files to protect computers against the latest security risks and the latest methods of attacks. Optionally select a customized action for probable virus/malware threats. If you are unsure which scan action is suitable for a certain type of security risk, Trend Micro recommends using ActiveAction.

  • Use the same action for all virus/malware types: If the first action fails, CPM for Mac automatically takes the second action. For example, if the default action is “Clean" and CPM for Mac is unable to clean an infected file, the backup action of “Quarantine" is taken.

    Quarantining Files: Administrators can configure CPM for Mac to quarantine any harmful files detected. CPM for Mac encrypts and moves the files to a directory on the endpoint that prevents users from inadvertently spreading the virus/malware to other computers in the network. For more information, see Appendix B: Reference Lists.