Specifications
Protecting Computers from Security Risks
5-31
Clean
OfficeScan cleans the infected file before allowing full access to the file.
If the file is uncleanable, OfficeScan performs a second action, which can be one of the
following actions: Quarantine, Delete, Rename, and Pass. To configure the second
action, go to Networked Computers > Client Management > Settings > {Scan
Type} > Action tab.
Rename
OfficeScan changes the infected file's extension to "vir". Users cannot open the
renamed file initially, but can do so if they associate the file with a certain application.
The virus/malware may execute when opening the renamed infected file.
Pass
OfficeScan performs no action on the infected file but records the virus/malware
detection in the logs. The file stays where it is located.
OfficeScan can only use this scan action when it detects any type of virus (except
"probable virus/malware") during Manual Scan, Scheduled Scan, and Scan Now.
OfficeScan cannot use this scan action during Real-time Scan because performing no
action when an attempt to open or execute an infected file is detected will allow
virus/malware to execute. All the other scan actions can be used during Real-time Scan.
For the "probable virus/malware" type, OfficeScan always performs no action on
detected files (regardless of the scan type) to mitigate false positive. If further analysis
confirms that probable virus/malware is indeed a security risk, a new pattern will be
released to allow OfficeScan to perform the appropriate scan action. If actually
harmless, probable virus/malware will no longer be detected.
For example:
OfficeScan detects "x_probable_virus" on a file named "123.exe" and performs no
action at the time of detection. Trend Micro then confirms that "x_probable_virus" is a
Trojan horse program and releases a new Virus Pattern version. After loading the
pattern's new version, OfficeScan will detect "x_probable_virus" as a Trojan program
and, if the action against such programs is "Clean", will clean "123.exe".