Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

scheduled scan report, deleted and left alone question

Created: 02 Apr 2013 • Updated: 02 Apr 2013 | 3 comments
This issue has been solved. See solution.

Hi all,

In my scheduled scan reports i sometimes get this type of notifications:
I dont really like left alone notifications, but all the left alone's i see are like this. Is it deleted? and is this somekind of error from SEP wanting to delete the file again?

SYSTEM

10.x.x.x Trojan.Maljava

Malware 1 04/02/2013 13:29:37 domain

SEPM server

My Company\computergroup Left alone

Scheduled scan C:\Documents and Settings\user\Local Settings\Temp\jar_cache5463427750662901005.tmp

SYSTEM

10.x.x.x Trojan.Maljava

Malware 1 04/02/2013 13:29:37 domain

SEPM server

My Company\computergroup Deleted

Scheduled scan C:\Documents and Settings\user\Local Settings\Temp\jar_cache5463427750662901005.tmp>>faun\yidFirmer.class

Thanks,

LEVD

Operating Systems:

Comments 3 CommentsJump to latest comment

.Brian's picture

I assume you have not set this in your policy to be Left Alone, correct?

Check that location to see if the file is there or not. it is possible that it was deleted.

File does not exist:  If Symantec AntiVirus detects a malicious file attempting to write to the drive, it may deny the file access.  A marker will be temporarily placed in the Temp directory, but no file actually exists.  This can be verified by reviewing the location of the detection and checking for the presence of the detected file.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SOLUTION
levd's picture

Hi Brian,

No all policies set to first delete then quarantaine.
I checked some files that stated first deleted and later left alone, they are not there anymore, so i guess all is good. 
Its a bit strange SEP calls this behaviour left alone :)

BTW: i guess in the case the file is really "left alone" i would see this in SEPM dashboard "still infected" status.

Thanks,

LEVD