Configuring the action when a filter is matched
Applies to: Forefront Protection 2010 for SharePoint
You must indicate the action that Microsoft Forefront Protection 2010 for SharePoint (FPSP) should take upon detecting a match to your filter criteria.
Note
You must set the action for each filter list you configure. The action setting is not global.
The action options are only available after a filter list has been enabled, and the types of action options that are available are dependent upon the type of filtering you are performing. Possible action choices are listed and described in the following table. Click Save after making any changes to your action settings.
| Action | Description |
|---|---|
Skip detect |
Records the number of files that meet the filter criteria, but enables uploading and downloading to take place normally. If, however, Delete corrupted compressed files, Delete corrupted UUEncoded Files, or Delete encrypted compressed files was selected in Global Settings - Advanced Options, a match to any of those conditions causes the item to be deleted. This setting is the default for all filters. |
Delete |
Deletes the file, inserting deletion text in its place. This setting only applies to scheduled and on-demand filters. For information about modifying deletion text, see Editing deletion text for file filters. Note You can specify the extension type used for all deleted files (for example, .abc), making it easy to instantly identify deleted files. For more information, see "Configuring the extension type assigned to all deleted files" in Configuring the action when malware is detected. |
Suspend |
Prevents the file from being uploaded or downloaded. The user receives a SharePoint message that the file was infected and could not be uploaded or downloaded. This setting only applies to realtime filters. |
Warning
Extreme care should be taken when implementing actions for filter lists because they also affect files submitted for antimalware scanning by SharePoint. This can potentially include ASPX and other operational pages. It is recommended that you tune your filter lists by using an action of Skip detect prior to implementing a Delete or Suspend action.