Discover scan of virus-infected file

book

Article ID: 160491

calendar_today

Updated On:

Products

Data Loss Prevention Network Discover Data Loss Prevention Endpoint Discover

Issue/Introduction

If an anti-virus program is running on the Discover target (repository), and it detects a virus within a confidential file that violates a detection policy, the AV solution may quarantine the file before Vontu sends the file through to detection. In this case, does Vontu create an incident?

Resolution

It is recommended that anti-virus software be installed in a location other than the Vontu folders of a detection server. See KB 41984: Anti-Virus Software Can Cause a Vontu Shutdown

Once file contents are opened and inspected, it is unlikely that the "cracked virus" would trigger AV detection. If an AV product is running on the target server, the file will most likely be blocked and recorded as an "unprocessable item".