Procedure
- In the Virus/Malware section, configure the
required settings.
- Select the type of action that the Trend Vision One Endpoint Security agent takes
after detecting a security threat.
-
Use ActiveAction: Select to use a set of pre-configured scan actions for viruses/malwareFor more information, see ActiveAction.
-
Customize action for probable virus/malware: Select and specify the action that the Trend Vision One Endpoint Security agent takes on probable malware threats
-
-
Use the same action for all virus/malware types: Specify the action that the Trend Vision One Endpoint Security agent takes on all malware threats
-
Use a specific action for each virus/malware type: Specify the action that the Trend Vision One Endpoint Security agent takes on specific security threatsFor more information, see Custom Scan Actions.
-
- Select Back up files before cleaning to create an
encrypted copy of the infected file on the endpoint in the
<Agent installation folder>\Backup
folder.Creating a backup copy of the file allows you to restore the original version of the file if necessary. - Specify the location of the quarantine directory.
-
Quarantine to the Security Agent's managing server: The Trend Vision One Endpoint Security agent sends an encrypted copy of all quarantined files to the managing Apex One server
-
Quarantine directory: The Trend Vision One Endpoint Security agent sends an encrypted copy of all quarantined files to the specified location
For more information, see Quarantine Directory. -
- In the Damage Cleanup Services section, configure the
following:
-
Cleanup type
-
Standard cleanup: The Trend Vision One Endpoint Security agent performs any of the following actions during standard cleanup:
-
Detects and removes live Trojans
-
Kills processes that Trojans create
-
Repairs system files that Trojans modify
-
Deletes files and applications that Trojans drop
-
-
Advanced cleanup: In addition to the standard cleanup actions, the Trend Vision One Endpoint Security agent stops activities by rogue security software (also known as FakeAV) and certain rootkit variants.
-
-
Run cleanup when probable virus/malware is detected: Performs the configured cleanup type on probable malware threats
Note
You can only select this option if the action on probable virus/malware is not Pass or Deny Access.
-
- Select the type of action that the Trend Vision One Endpoint Security agent takes
after detecting a security threat.
- In the Spyware/Grayware section, select
the action the Trend Vision One Endpoint Security agent takes after detecting spyware or grayware programs.
-
Clean: Terminates all related processes and deletes associated registry values, files, cookies and shortcuts
Note
After cleaning spyware/grayware, Trend Vision One Endpoint Security agents back up spyware/grayware data, which you can restore if you consider the spyware/grayware safe to access. -
Pass: Logs the detection but allows the program to execute
-