On the Actions tab, you can configure Dr.Web Agent Scanner reactions on detection of infected or suspicious files, malware, and malicious archives as a result of scanning.
|
The actions are applied automatically. |
The following actions can be applied to detected threats:
•Cure—restore the original state of the object before the infection. If the object is incurable or the attempt to cure it fails, the action set for incurable objects is applied instead.
Available for objects infected with known curable viruses only, except for trojans and infected files within compound objects (archives, email files, or file containers).
•Delete—delete the object.
•Move to quarantine—move the object to the special Quarantine folder on the station.
•Report—send a notification to the Control Center about the detection of a threat (see the Setting Notifications section on how to configure alerts).
•Ignore—skip the object without performing any action and do not send a notification in the scan statistics.
Reactions of Dr.Web Agent Scanner to various threats
Object |
Action |
||||
|---|---|---|---|---|---|
Cure |
Delete |
Move to quarantine |
Report |
Ignore |
|
Malicious |
+/* |
+ |
+ |
available if one of the keys includes the AllowReportAction=Yes option |
|
Suspicious |
|
+ |
+/* |
|
+ |
Incurable |
|
+ |
+/* |
|
|
Installation packages |
|
+ |
+/* |
|
|
Archives |
|
+ |
+/* |
|
|
Email files |
|
|
+ |
+/* |
+ |
Boot sectors |
+/* |
|
|
+ |
|
Adware |
|
+ |
+/* |
|
+ |
Dialers |
|
+ |
+/* |
|
+ |
Jokes |
|
+ |
+/* |
|
+ |
Riskware |
|
+ |
+/* |
|
+ |
Hacktools |
|
+ |
+/* |
|
+ |
+ |
action is enabled for this type of object |
+/* |
action is set as default for this type of object |
To set actions for detected threats, use the following options:
•The Malicious drop-down list specifies the reaction to detecting a file infected with a known virus.
•The Suspicious drop-down list specifies the reaction to detecting a file presumably infected with a virus (upon an alarm of the heuristic analyzer).
|
If a scan includes the OS installation folder, it is recommended that you select the Report action for suspicious files. |
•The Incurable drop-down list specifies the reaction to detecting a file infected with a known incurable virus, as well as if an attempt to cure a file fails.
•The Malicious installation files drop-down list specifies the reaction to detecting a malicious or suspicious file in a program installation package.
•The Malicious archives drop-down list specifies the reaction to detecting a malicious or suspicious file in a file archive.
•The Malicious email files drop-down list specifies the reaction to detecting a malicious or suspicious file in the email format.
|
If a threat or suspicious program code is detected within a compound object (archive, email file, or file container), the action selected for this object type is applied to the whole object, not just to the infected part. |
•The Infected boot sectors drop-down list specifies the reaction to detecting a threat or suspicious program code in the boot sector area.
•In the following drop-down lists, set the reactions to detecting the corresponding type of unsolicited software:
▫Adware;
▫Dialers;
▫Jokes;
▫Riskware;
▫Hacktools.
|
If you select Ignore, no action is performed: no notifications are sent to the Control Center, as opposed to when you select Report on threat detection. |
Set the Show scan progress flag to display a progress bar and the status bar of the remote scan process in the Control Center.