What Does "Risk was partially removed" Mean?

Article:TECH94475  |  Created: 2009-01-10  |  Updated: 2014-06-23  |  Article URL http://www.symantec.com/docs/TECH94475
Article Type
Technical Solution


Issue



Is there cause for alarm if Symantec AntiVirus or Symantec Endpoint Protection detects a threat (virus, worm, or other malicious code) and reports in its risk history log that "Risk was partially removed" or "Clean was partially successful." Is any additional, manual action necessary?
 


Error



Example log:




 SEP Risk Logs may also contain the event "Remediation action on an anomaly failed"


Solution



Further manual steps are necessary by the end user. SAV or SEP has detected the threat, but due to the nature of the file or the technologies involved it is not possible to completely remediate it.

Customers are strongly encouraged to read in detail the "Removal" section of the threat write-up to determine what manual steps are necessary in order to completely remove the threat from the computer.

A full system scan in safe mode will, under most circumstances, completely remove threats that were "partially removed" earlier. Be sure to check the risk log after the scan has been run for confirmation.
 



 




Legacy ID



2009061013270748


Article URL http://www.symantec.com/docs/TECH94475


Terms of use for this information are found in Legal Notices