Antivirus and antispyware

Action to take if cleaning not possible

This actions field allows you to select  the action to take when an infected  file is found and cleaning  is not possible:

No action - No changes are made. If uploaded, infected files will be stored on SharePoint and users will have access to them.

Block - Infected file is blocked and will not be uploaded/downloaded, also, if possible a message will be shown notifying the user of why the file wasn’t uploaded/downloaded.

Mark for deletion - File is suggested to be deleted and SharePoint will decide on deletion on its own. It is usually impossible to delete the file when a user is accessing it (during download) as the user does not have write/delete rights. This option is not available when the ThreatSense engine parameter cleaning level is set to No cleaning. However, if the user downloading the file has appropriate rights the file will be deleted. The Message type shown to the user is handled by SharePoint.


If the document is deleted, its older versions are deleted as well. Therefore, we recommend using the Block action. To remove infected documents from SharePoint, use on-demand database scan instead.

Quarantine infected files

When enabled, files that are marked for deletion will be put into quarantine. Deselect this setting to disable quarantine so that files do not accumulate in quarantine. For instance, if the partition on which the quarantine is located is too small and could potentially become too full. The quarantine should not be disabled. This option affects quarantine policy for both cleanable and non-cleanable files. The use of quarantine does not have an effect on rules.

Template of a message displayed on threat detection

You can customize the message displayed in a user's browser when a threat or infiltration is detected and was cleaned, blocked or deleted. Type your text into the Template of a message displayed on threat detection field. The message is shown only within the web interface. You can use the following variables in the message:

%VIRUSNAME% - infiltration name from the scan engine.

%FILENAME% - file name.

%FILESIZE% - file size.

%PRODUCTNAME% - product name, in this case: ESET Security for Microsoft SharePoint.

To modify scan parameters for On-access filter.

Reporting is performed by detection engine and the machine learning component.