HTTP Virus Scan: Action Parent topic

HTTP > Advanced Threat Protection > Policies | Policy List | Action
You can specify the action you want IWSVA to take whenever it detects an Internet threat in inbound or outbound HTTP traffic.
  • Infected files—Default is Clean. Trend Micro recommends that you Clean virus-infected files. If the file is corrupt or otherwise uncleanable, then only one of the actions listed will be taken. Macro viruses will be automatically cleaned (that is, removed from the host file).
    Note
    Note
    Only files infected with a virus can be cleaned. Most threats now tend to be "uncleanable" such as spyware, Trojans, phish, and worms.
  • Uncleanable files—Default is Delete. A large number of so-called "viruses" are, in fact, other types of Internet threats. Because these types of malicious code do not "infect" a file they cannot be cleaned. The whole file is bad; there is nothing to clean. Trend Micro recommends that you quarantine or delete these "uncleanable" files.
  • Password-protected—Default is Pass. IWSVA cannot open or scan password-protected files. Rather than pass these files through to the requesting client unscanned, Trend Micro recommends that you quarantine them.
  • Outside of scan restriction criteria files– Default is Pass. IWSVA will not scan the files outside of scan restriction criteria.
  • Macros—Default is Pass. Choose Clean to have IWSVA strip all macros from all files crossing the HTTP gateway, typically in case of a macro virus outbreak, or Quarantine to have IWSVA move all macro containing documents to the quarantine server.
    Important
    Important
    Macro settings are intended to be temporary only—usually as a reaction to a sudden outbreak due to a unknown macro virus. The default setting is Pass, and typically should not be changed. IWSVA scans and cleans ordinary macro viruses using the MacroTrap technology available as part of "infected" file scanning.

Adding Notes to Your Policy

To record notes about your policy, type them into the Note field at the bottom after configuring the actions taken against files detected by IWSVA. See HTTP > Advanced Threat Protection > Policies | policy | Action.
When you have completed configuring the scan actions to apply to your policy, click Save. Click Deploy Policies to immediately apply the policy; otherwise, the policy is applied after the database cache expires.
See also: