Changing the action that
Symantec Endpoint Protection
takes when it makes a detection

You can configure the action or actions that scans should take when they make a detection. Each scan has its own set of actions, such as Clean, Quarantine, Delete, or Leave alone (log only).
On Windows clients and Linux clients, each detection category can be configured with a first action and a second action in case the first action is not possible.
As of 14.3 RU1, configuring the actions for detections is deprecated for the Linux client.
By default,
Symantec Endpoint Protection
tries to clean a file that a virus infected. If
Symantec Endpoint Protection
cannot clean a file, it performs the following actions:
  • Moves the file to the Quarantine on the infected computer and denies any access to the file.
  • Logs the event.
By default,
Symantec Endpoint Protection
moves any files that security risks infect into the Quarantine.
If you set the action to log only, by default if users create or save infected files,
Symantec Endpoint Protection
deletes them.
On Windows computers, you can also configure remediation actions for administrator scans, on-demand scans, and Auto-Protect scans of the file system.
You can lock actions so that users cannot change the action on the client computers that use this policy.
For security risks, use the Delete action with caution. In some cases, deleting security risks causes applications to lose functionality. If you configure the client to delete the files that security risks affect, it cannot restore the files.
To back up the files that security risks affect, use the Quarantine action instead.
  1. To change the action that
    Symantec Endpoint Protection
    takes when it makes a detection
  2. Option 1:
    To change the action that
    Symantec Endpoint Protection
    takes when it makes a detection on Windows or Linux clients, in the Virus and Spyware Protection policy, under
    Windows Settings
    or
    Linux Settings
    , select the scan (any Auto-Protect scan, administrator scan, or on-demand scan).
    As of 14.3 RU1, configuring the actions for detections is deprecated for the Linux client.
  3. On the
    Actions
    tab, under
    Detection
    , select a type of malware or security risk.
    By default, each subcategory is automatically configured to use the actions that are set for the entire category.
    On Windows clients, the categories change dynamically over time as Symantec gets new information about risks.
  4. To configure actions for a subcategory only, do one of the following actions:
    • Check
      Override actions configured for Malware
      , and then set the actions for that subcategory only.
      There might be a single subcategory under a category, depending on how Symantec currently classifies risks. For example, under
      Malware
      , there might be a single subcategory called Viruses.
    • Check
      Override actions configured for Security Risks
      , and then set the actions for that subcategory only.
  5. Under
    Actions for
    , select the first and second actions that the client software takes when it detects that category of virus or security risk.
    For security risks, use the Delete action with caution. In some cases, deleting security risks causes applications to lose functionality.
  6. Repeat these steps for each category for which you want to set actions (viruses and security risks).
  7. When you finish configuring this policy, click
    OK
    .
  8. Option 2:
    To change the action that
    Symantec Endpoint Protection
    takes when it makes a detection on Mac clients, in the Virus and Spyware Protection policy, under
    Mac Settings
    , select
    Administrator-Defined Scans
    .
  9. Do one of the following actions:
    • For scheduled scans, select the
      Common Settings
      tab.
    • For on-demand scans, on the
      Scans
      tab, under
      Administrator On-demand Scan
      , click
      Edit
      .
  10. Under
    Actions
    , check either of the following options:
    • Automatically repair infected files
    • Quarantine files that cannot be repaired
  11. For on-demand scans, click
    OK
    .
  12. When you finish configuring this policy, click
    OK
    .