How
Symantec Endpoint Protection
handles detections of viruses and security risks

Symantec Endpoint Protection
uses default actions to handle the detection of viruses and security risks. You can change some of the defaults.
How
Symantec Endpoint Protection
handles the detection of viruses and security risks
Detection
Description
Viruses
By default, the
Symantec Endpoint Protection
client first tries to clean a file that a virus infects.
If the client software cannot clean the file, it does the following actions:
  • Moves the file to the Quarantine on the infected computer
  • Denies any access to the file
  • Logs the event
Security risks
By default, the client moves any files that security risks infect to the Quarantine on the infected computer. The client also tries to remove or repair the risk's side effects.
If a security risk cannot be quarantined and repaired, the second action is to log the risk.
By default, the Quarantine contains a record of all actions that the client performed. You can return the client computer to the state that existed before the client tried the removal and repair.
Detections by SONAR are considered suspicious events. You configure actions for these detections as part of the SONAR configuration. See:
For Windows clients and Linux clients, you can assign a first and a second action for
Symantec Endpoint Protection
to take when it finds risks. You can configure different actions for viruses and security risks. You can use different actions for scheduled, on-demand, or Auto-Protect scans.
As of 14.3 RU1, configuring the actions for detections is deprecated for the Linux client.
Risky cookies are always deleted unless you specify that you want to log cookies instead. You can specify only one action for cookies, either
Delete
or
Leave alone (log only)
.
On Windows clients, the list of the detection types for security risks is dynamic and changes as Symantec discovers new categories. New categories are downloaded to the console or the client computer when new definitions arrive.
For Mac clients, you can specify whether
Symantec Endpoint Protection
repairs the infected files that it finds. You can also specify whether
Symantec Endpoint Protection
moves the infected files that it cannot repair into the Quarantine. You can use different actions for scheduled, on-demand, or Auto-Protect scans.
For more information, see: