Malware Treatment

The malware treatment options let you choose what happens to malware that is detected on a client computer.

Double-click an Action to edit the Properties.

You can change the settings for malware and riskware. The options are:

Malware Treatment - Malware is software that is definitely dangerous.
- Quarantine file if cure failed - If Endpoint Security cannot repair the file, it is deleted and put in a secure location from where it can be restored if necessary.
- Delete file if cure failed - If Endpoint Security cannot repair the file, it is deleted.
Riskware Treatment - Riskware is legal software that might be dangerous.
- Treat as malware - Use the option selected for Malware.
- Skip file - Do not treat riskware files.

Excluding Infections by Name

You can create a list of infections (by name) that will get different treatment than the selections above. Use an exception to allow a file that was detected as a threat in your organization, but was a false positive or riskware (software that can have both legitimate and malicious usage). For example, RAdmin might be detected as a threat but you want to allow it.

Contextual scans are done even if the file is in the Exclude Infections by Name list. A contextual scan is a scan that the user runs from the right-click menu of the file that the user wants to scan: The user does a right-click on a file and selects Scan with Check Point Anti-Malware.

You can get the virus names of threats detected in your organization from one of these sources:

In SmartEndpoint > Users and Computers, select a computer and click Anti-Malware. The list of infections for that computer show.
The Top Infections report.
Anti-Malware infection logs in SmartLog

To create a list of exceptions for malware treatment:

In the Edit Properties - Malware Treatment window, click Exclude infections by name.
Click Add to add infections to the list.
Enter the name of the infection.
Click OK.
Click OK.