Endpoint Protection

 View Only

  • 1.  Repaired files vs. Quarantined Files

    Posted Mar 15, 2010 12:41 PM
    What is the real difference?

    My thinking would be that repaired files WERE quarantined files but new defs came in and were able to "repair" the file.

    In SEPM on the Quarantine tab under the AV policy, there is an option to delete repaired files. If they have been repaired why would you want to delete them? I would assume they are fixed and put back where they were in the first place.


  • 2.  RE: Repaired files vs. Quarantined Files

    Posted Mar 15, 2010 12:53 PM
    You can restrict the size from
    SEPM -Policies- AV- Quarantine -Cleanup.

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2006112010562148
    If the file cannot be repaired with the current set of definitions, the client moves the infected file to the local Quarantine
    Pending Repair Specifies the events where a user still needs to take action to complete the remediation of a risk on a computer. For example, this action may occur if a user hasn't responded to a prompt to terminate a process.
    Partially Repaired Specifies the events where Symantec Endpoint Protection cannot completely repair the effects of a virus or security risk.
    Backed Up Symantec Endpoint Protection placed an item into quarantine before a repair attempt.


  • 3.  RE: Repaired files vs. Quarantined Files

    Posted Mar 16, 2010 07:22 AM

    Quarantined:
    Means the file has been moved from it's original location to the quarantine folder and re-encoded so it is essentially in virus prison.

    Repaired:
    Means the file was infected (code injected into a legitimate file) and then quarantined but then new virus definitions were released that were able to remove the infection and the file was repaired and returned to it's original location.

    Backup:
    Means the original file has been returned to it's original location but there is a backup being kept in Quarantine.