Endpoint Protection

We are facing a issue , We submitted the Samples and received rapid and we updated on the server after that ran a scan but though it detects the infection we can note the action as pending file analysis..

What would be the cause?

Can you post error screen shot.

Scan your system in safe mode.

See also pete comments

https://www-secure.symantec.com/connect/forums/pending-side-effects-analysis-access-denied#comment-6872251

Did it say reboot needed?

Took safe mode , After that the action was quartined but i hope if we receive the rapid release the infection action must be deleted or cleaned.. 

 

But Why still in quartined?

When the client software scans a suspicious file, it places the file in the local Quarantine folder on the infected computer. The Quarantine clean-up feature automatically deletes the files in the Quarantine when they exceed a specified age. The Quarantine clean-up feature automatically deletes the files in the Quarantine when the directory where they are stored reaches a certain size.

You can configure these options using the Antivirus and Antispyware Policy. You can individually configure the number of days to keep repaired, backup, and quarantined files. You can also set the maximum directory size that is allowed before files are automatically removed from the client computer.

You can use one of the settings, or you can use both together. If you set both types of limits, then all files older than the time you have set are purged first. If the size of the directory still exceeds the size limit that you set, then the oldest files are deleted one by one. The files are deleted until the directory size falls below the limit. By default, these options are not enabled.

http://www.symantec.com/docs/TECH106443

ok,

but the rapid release is given to clean the malcious files but why it's  quartines again?

rapid release is given to clean the malcious files but why it's quartines again?

Rapid release detect the malcious file and move to quartines.

Ít's default seeting in Antivirus and Antispyware - Policies

http://www.symantec.com/business/support/index?page=content&id=TECH104430

 

Security risks · Adware · Dialers · Hack Tools · Joke Programs · Other (programs that might pose a security risk but do not fit into other security risk categories) · Remote Access · Spyware · Trackware

You can configure security risk actions as follows: · Configure the same actions to take for all security risks. · Configure the same actions for a whole category of security risks. · Configure individual security risk exceptions to the actions that you set for specific categories. You can configure a first action to take and a second action to take if the first action fails. Actions for security risks include the following: · Quarantine risk (default first action): Tries to move any infected files to the Quarantine on the infected computer as soon as the security risk is detected or completes its installation. The client removes or repairs any side effects of the risk. Side effects might include additional registry keys, modified registry key values, additions to .ini or .bat files, or extra entries in hosts files. They might also include errors in a Layered Service Provider (LSP) system driver or the effects of a rootkit. You can restore the security risk items that are quarantined to their original state on the system. In some instances, you might need to restart the computer to complete the removal or repair. · Delete risk: Tries to delete security risk files. Use this option only if you can replace the files with a security risk-free backup copy. You cannot recover permanently deleted files from the Recycle Bin. Use this action with caution. The deletion of security risks can cause applications to lose functionality

So if we have a good back up of the files we can change the action to delete instead of Quartine , is that correct as per your suggestion

yes

Change your action to clean or delete. The action taken is because of how you have your policy configured, nothing to do with rapid release. You determine the actions taken via the policy.