Changing the action that Symantec Endpoint Protection takes when it makes a detection

Article:HOWTO80962  |  Created: 2012-10-24  |  Updated: 2013-10-07  |  Article URL http://www.symantec.com/docs/HOWTO80962
Article Type
How To


Subject


Changing the action that Symantec Endpoint Protection takes when it makes a detection

You can configure the action or actions that scans should take when they make a detection. Each scan has its own set of actions, such as Clean, Quarantine, Delete, or Leave alone (log only).

On Windows clients, each detection category can be configured with a first action and a second action in case the first action is not possible.

See Customizing the virus and spyware scans that run on Windows computers

See Customizing the virus and spyware scans that run on Mac computers

See Managing Download Insight detections

See Managing SONAR

See Checking the scan action and rescanning the identified computers

See Remediating risks on the computers in your network

By default, Symantec Endpoint Protection tries to clean a file that a virus infected. If Symantec Endpoint Protection cannot clean a file, it performs the following actions:

  • Moves the file to the Quarantine on the infected computer and denies any access to the file.

  • Logs the event.

By default, Symantec Endpoint Protection moves any files that security risks infect into the Quarantine.

If you set the action to log only, by default if users create or save infected files, Symantec Endpoint Protection deletes them.

On Windows computers, you can also configure remediation actions for administrator scans, on-demand scans, and Auto-Protect scans of the file system.

You can lock actions so that users cannot change the action on the client computers that use this policy.

Warning:

For security risks, use the Delete action with caution. In some cases, deleting security risks causes applications to lose functionality. If you configure the client to delete the files that security risks affect, it cannot restore the files.

To back up the files that security risks affect, use the Quarantine action instead.

To change the action that Symantec Endpoint Protection takes when it makes a detection on Windows computers

  1. In the console, open a Virus and Spyware Protection policy, and then select the scan (any Auto-Protect scan, administrator scan, or on-demand scan).

  2. On the Actions tab, under Detection, select a type of malware or security risk.

    By default, each subcategory is automatically configured to use the actions that are set for the entire category.

    Note:

    The categories change dynamically over time as Symantec gets new information about risks.

  3. To configure actions for a subcategory only, do one of the following actions:

    • Check Override actions configured for Malware, and then set the actions for that subcategory only.

      Note:

      There might be a single subcategory under a category, depending on how Symantec currently classifies risks. For example, under Malware, there might be a single subcategory called Viruses.

    • Check Override actions configured for Security Risks, and then set the actions for that subcategory only.

  4. Under Actions for, select the first and second actions that the client software takes when it detects that category of virus or security risk.

    For security risks, use the Delete action with caution. In some cases, deleting security risks causes applications to lose functionality.

  5. Repeat these steps for each category for which you want to set actions (viruses and security risks).

  6. When you finish configuring this policy, click OK.

To specify the action that Symantec Endpoint Protection takes when it makes a detection on Mac computers

  1. In the Virus and Spyware Protection policy, under Mac Settings, select Administrator-Defined Scans.

  2. Do one of the following actions:

    • For scheduled scans, select the Common Settings tab.

    • For on-demand scans, on the Scans tab, under Administrator On-demand Scan, click Edit.

  3. Under Actions, check either of the following options:

    • Automatically repair infected files

    • Quarantine files that cannot be repaired

  4. For on-demand scans, click OK.

  5. When you finish configuring this policy, click OK.


Legacy ID



v42955926_v81626096


Article URL http://www.symantec.com/docs/HOWTO80962


Terms of use for this information are found in Legal Notices