Endpoint SWAT: Protect the Endpoint Community

 View Only

  • 1.  Risk log showing remediation in progress

    Posted Mar 31, 2014 08:14 AM

    Hi,

    Risk logs for a machine shows that a virus was found and that remediation is in progress. How can I check to see if the remediation process is complete on the virus found ?? When will I know if its done or the virus was left alone?



  • 2.  RE: Risk log showing remediation in progress

    Posted Mar 31, 2014 08:17 AM
    It should show when done as well... May take some time so you need to check back... Did you reboot?


  • 3.  RE: Risk log showing remediation in progress

    Posted Mar 31, 2014 08:23 AM

    Will check , no reboot yet. Will monitor.



  • 4.  RE: Risk log showing remediation in progress

    Broadcom Employee
    Posted Mar 31, 2014 08:24 AM

    can you post the screenshot?

    is the detection recent or a old one?

     



  • 5.  RE: Risk log showing remediation in progress

    Posted Jun 18, 2014 05:53 PM
    I have a similar situation. Looking specifically for Trojan.Zbot I find a Risk Report showing an endpoint with an event end date of 4/22/2014, a timestamp of 4/22/2014 but an Actual Action status of Remediation in Progress. The endpoint has a Last Time Status Change date of 6/13/2014. Do I need to take further action on the endpoint??


  • 6.  RE: Risk log showing remediation in progress
    Best Answer

    Posted Jun 19, 2014 05:21 AM

    Hi ThaveshinP,

    A good question- many thanks for posting it!

    Check the logs to see if there is a later event which shows that exact same file being successfully deleted.  If so- no problem! &: )

    rip.png

     

    If not.... I recommend always erring on the side of caution.  Unless that action taken is cleaned / deleted / quarantineed, consider the machine as suspicious.  Take it offline and perform a full system scan on it, then check the logs.

    Though most of the time, the scan will come up as clean, it is always still worth checking.

    Hope this helps!

    Mick