Malware Treatment

The malware treatment options let you choose what happens to malware that is detected on a client computer.

Double-click an Action to edit the Properties.

You can change the settings for malware and riskware. The options are:

  • Malware Treatment - Malware is software that is definitely dangerous.

    • Quarantine file if cure failed - If Endpoint Security cannot repair the file, it is deleted and put in a secure location from where it can be restored if necessary.

    • Delete file if cure failed - If Endpoint Security cannot repair the file, it is deleted.

  • Riskware Treatment - Riskware is legal software that might be dangerous.

    • Treat as malware - Use the option selected for Malware.

    • Skip file - Do not treat riskware files.

Excluding Infections by Name

You can create a list of infections (by name) that will get different treatment than the selections above. Use an exception to allow a file that was detected as a threat in your organization, but was a false positive or riskware (software that can have both legitimate and malicious usage). For example, RAdmin might be detected as a threat but you want to allow it.

Contextual scans are done even if the file is in the Exclude Infections by Name list. A contextual scan is a scan that the user runs from the right-click menu of the file that the user wants to scan: The user does a right-click on a file and selects Scan with Check Point Anti-Malware.

You can get the virus names of threats detected in your organization from one of these sources:

To create a list of exceptions for malware treatment:

  1. In the Edit Properties - Malware Treatment window, click Exclude infections by name.

  2. Click Add to add infections to the list.

  3. Enter the name of the infection.

  4. Click OK.

  5. Click OK.