Real-time Scan: Action Tab

Procedure

1. In the Virus/Malware section, configure the required settings.
   1. Select the type of action that the Security Agent takes after detecting a security threat.
      • Use AntimalwareScanCore: Select to use a set of pre-configured scan actions for viruses/malware
        For more information, see ActiveAction.
        • Customize action for probable virus/malware: Select and specify the action that the Security Agent takes on probable malware threats
      • Use the same action for all virus/malware types: Specify the action that the Security Agent takes on all malware threats
      • Use a specific action for each virus/malware type: Specify the action that the Security Agent takes on specific security threats
        For more information, see Custom Scan Actions.
   2. Select the types of notification that display to end users.
      • Display a notification when virus/malware is detected: Select to display a notification informing the Security Agent user when a malware detection occurs
      • Display a notification when probable virus/malware is detected: Select to display a notification informing the Security Agent user when a probable malware detection occurs
   3. Select Back up files before cleaning to create an encrypted copy of the infected file on the endpoint in the <Agent installation folder>\Backup folder.
      Creating a backup copy of the file allows you to restore the original version of the file if necessary.
   4. Specify the location of the quarantine directory.
      • Quarantine to the Security Agent's managing server: The Security Agent sends an encrypted copy of all quarantined files to the managing Apex One server
      • Quarantine directory: The Security Agent sends an encrypted copy of all quarantined files to the specified location

      For more information, see Quarantine Directory.
   5. In the Damage Cleanup Services section, configure the following:
      • Run cleanup when probable virus/malware is detected: Performs the configured cleanup type on probable malware threats

        Note You can only select this option if the action on probable virus/malware is not Pass or Deny Access.

2. In the Spyware/Grayware section, select the action the Security Agent takes after detecting spyware or grayware programs.
   • Clean: Terminates all related processes and deletes associated registry values, files, cookies and shortcuts

     Note After cleaning spyware/grayware, Security Agents back up spyware/grayware data, which you can restore if you consider the spyware/grayware safe to access.

   • Deny access: Prevents the end user from opening or copying the spyware or grayware components
   • Display a notification on endpoints when spyware/grayware is detected: Select to display a notification informing the Security Agent user when a spyware/grayware detection occurs