Hello,
I have an event for Data Insight in the Risk Logs for a particular downloaded executable. The actual action in the event is "Moved Back." What does "Moved Back" mean?
Thanks in advance,
Bob
I believe it may have been restored from quarantine by the user:
https://www-secure.symantec.com/connect/forums/sep-12-actual-action-moved-back
you may want to question them about it to see if this was the case
can you please post the risk log?
Here's a screenprint. My concern highlighted in green. Thanks.
Check to see if it was restored from the quarantine
So what was it??
Hello Blzbob,
If a file is quarantined ( lets image that it was false positive) and user has moved that file from Quaratine, then you will get the action as "Moved back" hope it was helpful.
Restoring from quarantine.
Sorry was just confused by the marked answer
Brian, my hand is a bit jumpy and I clicked the wrong solution.
No worries. I was particularly interested in the solution just for confirmation of what the action actually meant. I've seen a few like these before in the past and after some troubleshooting that was my suspicion but I think this fully confirms it.