Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

Anyway to clean file only ,not to clean by deletion

Created: 30 Jan 2013 | 3 comments

I did not get a satisfied answers in the previous posts.

Can you please guide me how to configure the risk detection setting, so that the first action is clean and the second action is leave alone ? We don't want to have result as "Clean by Deletion" .

Thanks

Comments 3 CommentsJump to latest comment

cus000's picture

Problem is some risk can't be 'cleaned' ....

 

It should be in scan actions settings in SEPM....

Mithun Sanghavi's picture

Hello,

Cleaned by Deletion - Specifies the events where the action configured was Clean, but a file was deleted because that was the only way it can be cleaned. For example, this action is generally needed for Trojan horse programs.

Check this Article:

Explanation of Action field values in Symantec Endpoint Protection 12.1 and 11, and Symantec AntiVirus 10.1

http://www.symantec.com/docs/TECH102052

"Cleaning" only works when an otherwise good file is infected with malicious code; the malicious code is removed and the original file is restored (in most circumstances). If a threat is nothing butmalicious code, there is nothing to clean, so instead, it is deleted.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SebastianZ's picture

That may be an issue - clean at some stage involves deletion itself - if the threat cannot be cleaned by "repair" - so in such case it never comes to step 2 "leave alone" as it is already deleted in first action.