Configuring the action when malware is detected
Applies to: Forefront Protection 2010 for SharePoint
You must indicate the action that Microsoft Forefront Protection 2010 for SharePoint (FPSP) should take when malware is detected. You must set the action for each scan job type (realtime, scheduled, and on-demand) you configure. The action setting is not global. Also, for the realtime scan you can configure different actions for virus and spyware detections (the scheduled and on-demand scans do not support sypyware scanning). In cases where a file is detected as containing both a virus and spyware, the virus action setting takes precedence.
The available action options are listed and described in the following table. Click Save after making any changes to your action settings.
Action | Description |
---|---|
Skip detect |
Makes no attempt to clean, delete, or suspend. Malware is reported, but the files remain infected. If, however, Delete corrupted compressed files, Delete corrupted UUEncoded files, or Delete encrypted compressed files was selected in Global Settings - Advanced Options, a match to any of those conditions causes the item to be deleted. This is the default action for all filters and for viruses found by the on-demand scan. |
Clean |
Attempts to clean the malware. If successful, the infected file is replaced with the clean version (even if part of a container file). If cleaning is not possible, the file is replaced with deletion text. This is the default setting for viruses found by the realtime and scheduled scans. |
Delete |
Deletes the file without attempting to clean it. Deletion text is inserted in its place. Due to SharePoint restrictions, if a file that has been checked in to a SharePoint document library is deleted, the file icon and extension remain the same, even though the contents have been replaced with deletion text. Note You can specify the extension type used for all deleted files (for example, .abc), making it easy to instantly identify them. For more information, see the next section in this topic. |
Suspend |
Prevents an infected file from being uploaded or downloaded. The user receives a SharePoint message that the file was infected and cannot be uploaded or downloaded. This choice is for the realtime scan only. It is the default setting for spyware found by the realtime scan. |
Configuring the extension type assigned to all deleted files
You can specify the extension type used for all deleted files (for example, abc), making it easy to instantly identify them.
To configure the extension type for all deleted attachments |
|
See Also
Concepts
Configuring the realtime scan
Configuring the scheduled scan
Configuring the on-demand scan