Forefront Security for SharePoint Best Practices - Action


Applies to: Forefront Security for SharePoint

It is recommended that you set the Action to Block: prevent transfer (for the Realtime Scan Job) or Delete: remove infection (for the Manual Scan Job). Attempting to clean and repair a file was more useful years ago when cleanable viruses were more common and valid documents were often infected. The virus world has changed over the years, and the vast majority of viruses today are not cleanable. Also, a valid infected file is much less common. Most of the time, the entire attachment is a virus and has no valid content. Because the attempt to clean the virus requires additional processing resources, which, in most cases are wasted, the Block and Delete options are better choices.


The Manual Scan Job scans all the files on SharePoint sites, including files uploaded by users and those generated by SharePoint itself. Setting the Action to Delete will remove all files determined to be infected. It is recommended that you run the Manual Scan Job once with the file filtering Action set to Skip: detect to ensure that the filtering rules do not cause any system/application files to be accidentally deleted. You should use the Delete Action with caution.