Endpoint Protection

 View Only

  • 1.  Access Allowed

    Posted Nov 17, 2010 11:23 AM

    Scan type: Auto-Protect Scan

    Event: Risk Found

    Security risk detected: W32.Ramnit!html

    File: C:\$Recycle.Bin\....

    Location: C:\$Recycle.Bin\....

    Action taken: Pending Side Effects Analysis: Access Allowed

     

    We followed the removal procedure for this risk and it worked well. However we would like to know what the "Access Allowed" means in this case. I have reviewed the possibilities for "Action taken" and "Access Allowed" is not in the list. Please advise.

    Thanks,

    Tim



  • 2.  RE: Access Allowed

    Posted Nov 17, 2010 12:05 PM

    Access Denied Specifies the events where Auto-Protect prevented a file from being created

    So my guess would be that Auto-Protect allowed a file to be created even though it detected it cool

    However, a call in to Symantec would clarify or maybe an employee on here can answer it.



  • 3.  RE: Access Allowed

    Posted Nov 17, 2010 01:04 PM

    Check the following link

    https://www-secure.symantec.com/connect/forums/action-takenpending-side-effects-analysis-access-denied

    This explains about Access Denied. For Access Allowed, may be the SEP allwoed access to the files while consulting the ERASER Database.



  • 4.  RE: Access Allowed

    Posted Nov 18, 2010 02:19 PM

    There can be few reason for allowing access..This file might be hooked to Critical Windows Process/Driver..Which cannot be stopped.

    So scanning in safe mode would be a good option over here.