McAfee VIRUSSCAN 8.7I User's Guide download pdf (Page 45)

Responding to Detections

There are different ways to take action on detections depending on which feature detects the

threat.

Contents

How actions are taken on detections

System access point violations

Buffer overflow detections

Unwanted program detections

On-access scan detections

On-demand scan detections

Email scan detections

Quarantined items

How actions are taken on detections

When a detection occurs, the resulting action depends on how the detection definition is defined

in the DAT file. For example, if the scanner cannot clean a file or if the file has been damaged

beyond repair, the scanner might delete the file or take the secondary action, depending on

how it was defined in the DAT file.

When the scanner denies access to files with potential threats, it also appends the filename

with an .mcm extension, when the file is saved.

System access point violations

When a system access point is violated, the action taken depends on how the rule was

configured:

• If the rule was configured to report, information is recorded in the log file.

• If the rule was configured to block, then the access is blocked.

Review the log file to determine which system access points were violated and which rules

detected the violations, then configure the access protection rules to allow users access to

legitimate items and prevent users from accessing protected items.

Use these scenarios to decide which action to take as a response.

ScenariosDetection Type

Unwanted processes • If the rule reported the violation in the log file but did not block the violation, select

the Block option for the rule.

45McAfee VirusScan Enterprise 8.7i

1 2 ... 40 41 42 43 44 45 46 47 48 49 50 ... 63 64

No comments

McAfee VIRUSSCAN 8.7I User's Guide Page 45