Sometimes you may get other scan results too (i.e.virus successfully detected, but infected file can neither be cleaned nor deleted) You might want to check your virus logs. Look for column virus/malware, is there any "cryp_XXX"
Click for larger image
If you found such entry in your OSCE virus logs, you probably want to follow the procedure below so that Officescan will automatically perform certain action when it detects it.
Step 1:
Apply the Service Pack 1 of Officescan 8 to your Officescan Server. If you happened not to apply it yet, please apply the following in following order:
1st: Trend Micro OfficeScan 8.0 Critical Patch - Build 1257
2nd: Trend Micro OfficeScan 8.0 Service Pack 1 - Local Installation
3rd: Trend Micro OfficeScan 8.0 SP1 Critical Patch - Build 2311
You may download the said patches from the link below:
http://www.trendmicro.com/download/product.asp?productid=5
Step 2:
To configure and deploy scan action for "Generic" virus type to
OfficeScan clients, please do the following:
1. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the
OfficeScan installation directory.
2. Under the "[Global Setting]" section, add the following keys and
assign the appropriate value to each key.
[Global Setting]
1stActForGenericVirus={x}
2ndActForGenericVirus={y}
Where:
{x} is the first action
{y} is the second action
Replace {x} and {y} with the value corresponding to the scan
action you want to use:
0 - Pass (permanent)
1 - Rename
2 - Move
3 - Clean
4 - Delete
5 - Pass (temporary) - this is the default action in OfficeScan
8.0
Note: Recommended for x=3, y=4
3. Open the OfficeScan server Web console and go to "Networked
Computers > Global client settings" screen.
4. Click "Save" to deploy the setting to clients.
IMPORTANT: OfficeScan client users with the privilege to configure
scan actions must set the action to "Custom Action" and not
"ActiveAction" to make sure the scan action you configured deploys
to the client. "ActiveAction" has a higher priority and overrides
"Custom Action".
If you need assistance on this, let me know.
3 comments:
hello,
i tried everything u wrote BUT my officescan clients, when they detect some "generic" viruses like PE_sality do not remove them.
the problem is that in the ofscan.ini file i putted everywhere the 3-4 (clean/del) actions and added the two rows u specified [Global Setting]
1stActForGenericVirus={x}
2ndActForGenericVirus={y} and updated the clients config, and even reinstalled the clients ....but it also do not delete these viruses.... what am i doing wrong ?
if its possible , i'd like to be contacted by email ...at ion.sabatico@cts.md
also , i'm sorry my speeling :) , i'm not a native English speaker
If the file is OK how should I explain Officescan to ignore it next time?
So now I know. It must be added to Exclusion list (directory level or individual file level) in Officescan client.
Post a Comment