Video Screencast Help
Search Video Help Close Back
to help

Clean and clean by deletion

Created: 21 Jan 2013 | 7 comments
SymQNA's picture
SymQNA
0 0 Votes
Login to vote

Hi Symantec support

We test with EICAR.com event
In Anto-Protect policy, we select first action is Clean risk, and second action is Leave alone.
In the risk log, we found the Action is Cleaned by deletion and Status is deleted and current location is deleted.
May we know why the result is cleaned by deletion instead of clean ?
Refer to KB to  http://www.symantec.com/business/support/index?page=content&id=TECH102052
For example, this action is generally needed for Trojan horse programs. 

In our case, it is not Trojan horse programs.

On File sharing server, do you recomment to select action as "Leave alone" only if Clean action will delete file in some cases.

Discussion Filed Under:
, ,

Comments 7 CommentsJump to latest comment

pete_4u2002's picture
pete_4u2002 Symantec Employee
Clean and clean by deletion - Comment:21 Jan 2013 : Link

set to Quarantine/Delete as per best practise

http://www.symantec.com/business/support/index?page=content&id=TECH122943

 

Cheers!
Pete

Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619

0
Login to vote
Ashish-Sharma's picture
Ashish-Sharma
Clean and clean by deletion - Comment:21 Jan 2013 : Link

 

HI,

Check this thread (Check Rafeeq and Vikram Comments)

https://www-secure.symantec.com/connect/forums/wha...

Thanks In Advance

Ashish Sharma

SEPM Knowledgebase Documents  

 

0
Login to vote
SymQNA's picture
SymQNA
Clean and clean by deletion - Comment:21 Jan 2013 : Link

but we don't want any deletion actions, but want to clean virus.

0
Login to vote
sandra.g's picture
sandra.g Symantec Employee Certified
Clean and clean by deletion - Comment:21 Jan 2013 : Link

"Cleaning" only works when an otherwise good file is infected with malicious code; the malicious code is removed and the original file is restored (in most circumstances). If a threat is nothing but malicious code, there is nothing to clean, so instead, it is deleted.

sandra

Symantec, Information Development, IMDP
Symantec Endpoint Protection / Core Security Engineering Group

Don't forget to mark your thread as 'solved' with the answer that best helped you!
 

+1
Login to vote
SebastianZ's picture
SebastianZ Symantec Employee
Clean and clean by deletion - Comment:21 Jan 2013 : Link

Some clarifications to that:

http://www.symantec.com/docs/TECH102052

0
Login to vote
pete_4u2002's picture
pete_4u2002 Symantec Employee
Clean and clean by deletion - Comment:21 Jan 2013 : Link

Specifies the events where the action configured was Clean, but a file was deleted because that was the only way it can be cleaned. For example, this action is generally needed for Trojan horse programs.

based on article you have posted.

Cheers!
Pete

Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619

0
Login to vote
Mithun Sanghavi's picture
Mithun Sanghavi Symantec Employee Technical Support Accredited
Clean and clean by deletion - Comment:21 Jan 2013 : Link

Hello,

Could you have the First action as "Leave Alone (log only) and check what happens??

In your case, The First Action is "Clean Risk" and when Symantec detects this Threat and cannot clean it, it "Cleans by Deletion".

Cleaned by Deletion - Specifies the events where the action configured was Clean, but a file was deleted because that was the only way it can be cleaned. For example, this action is generally needed for Trojan horse programs.

Here above the Example is for general cases.

Check this Article:

Explanation of Action field values in Symantec Endpoint Protection 12.1 and 11, and Symantec AntiVirus 10.1

http://www.symantec.com/docs/TECH102052

Hope that helps!!

Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3

Twitter: @mithun_sanghavi

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a

0
Login to vote