Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Clean and clean by deletion

Created: 21 Jan 2013 | 7 comments

Hi Symantec support

We test with EICAR.com event
In Anto-Protect policy, we select first action is Clean risk, and second action is Leave alone.
In the risk log, we found the Action is Cleaned by deletion and Status is deleted and current location is deleted.
May we know why the result is cleaned by deletion instead of clean ?
Refer to KB to  http://www.symantec.com/business/support/index?page=content&id=TECH102052
For example, this action is generally needed for Trojan horse programs. 

In our case, it is not Trojan horse programs.

On File sharing server, do you recomment to select action as "Leave alone" only if Clean action will delete file in some cases.

Comments 7 CommentsJump to latest comment

Ashish-Sharma's picture

HI,

Check this thread (Check Rafeeq and Vikram Comments)

https://www-secure.symantec.com/connect/forums/wha...

Thanks In Advance

Ashish Sharma

SymQNA's picture

but we don't want any deletion actions, but want to clean virus.

sandra.g's picture

"Cleaning" only works when an otherwise good file is infected with malicious code; the malicious code is removed and the original file is restored (in most circumstances). If a threat is nothing but malicious code, there is nothing to clean, so instead, it is deleted.

sandra

Symantec, Senior Information Developer
Enterprise Security, Mobility, and Management - Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best helps you!

pete_4u2002's picture

Specifies the events where the action configured was Clean, but a file was deleted because that was the only way it can be cleaned. For example, this action is generally needed for Trojan horse programs.

based on article you have posted.

Mithun Sanghavi's picture

Hello,

Could you have the First action as "Leave Alone (log only) and check what happens??

In your case, The First Action is "Clean Risk" and when Symantec detects this Threat and cannot clean it, it "Cleans by Deletion".

Cleaned by Deletion - Specifies the events where the action configured was Clean, but a file was deleted because that was the only way it can be cleaned. For example, this action is generally needed for Trojan horse programs.

Here above the Example is for general cases.

Check this Article:

Explanation of Action field values in Symantec Endpoint Protection 12.1 and 11, and Symantec AntiVirus 10.1

http://www.symantec.com/docs/TECH102052

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.