"Possible virus" is a generic type of malware defined in VSAPI (scan engine). The term "possible" implies that we do not define the action to handle such program. In virus pattern, the default action for handing possible virus is "pass" and there is no clean action for possible virus.
OfficeScan supports customization action for possible virus, and it is also a global setting. You can configure the setting in the ofcscan.ini file and deploy it to all clients. In OfficeScan, the setting is more granular (domain and client).
This article allows you to configure action for Possible Virus type of malware.
To configure generic detection:
- Open the OfficeScan management console.
- Click Agents > Agent Management.
- Go to Client Management.
- Highlight the domain/group or specific client machine.
- Click Settings and choose one of the following Scan type:
- Real-time Scan
- Manual Scan
- Scheduled Scan
- Scan Now
- Go to Action tab.
- If you choose Use ActiveAction, enable the "Customize action for probable virus/malware" and then configure your preferred Action:
- Deny Access
If you choose "Use specific action for each virus/malware type", look for the Probable Virus/Malware then select the desired action.
- Click Save.