Sorry, let me elaborate.
When a user picks up something strange, we will see that the files have been cleaned or quarantined. My manager will see excessive traffic from the infected workstation though even though the files have been cleaned or quarantined. Why would this occur? If SEP has captured these files why are they still actively causing issues?
Thank you
If it was cleaned than the file was "restored" back to it's original state.
If quarantined, it will be held here and if future defs are able to repair it, it will also be "restored" back to normal state.
Interesting. I usually have to go into Quarantine and blow it all away. They are typically temp files are other disturbances that are not otten used.
In the AV policy, under the Quarantine tab, how do you have the actions configured? This will tell us a lot.
The first field says to Automatically repair.
The 2nd tab "cleanup" is set to the default of 30 day for all three listed options
So if it can be auto-repaired before that 30 day window than it will be restored to pristine state :)
I am wondering if I should close that windows down to 7 days. Why keep junk for 30 days?
Agreed. It's up to you really. Mine is at 7 days and if it wasn't for our policy I would never quarantine anything. IMO, it should be cleaned and if it can't be cleaned than it needs to be deleted.