Trying to delete from Quarantine on the SEPM console, but the entries still remain
Created: 23 Jan 2013 | 9 comments
How can I purge this stuff for it never to be heard from again?
Thank you
Discussion Filed Under:
How can I purge this stuff for it never to be heard from again?
Thank you
Comments 9 Comments • Jump to latest comment
I keep trying to get rid of it, but it never goes totally away. I am using SEP 2015.2015
Windows Server 2008. 64 BIT
Thank you
Those look to have been deleted, not put in quarantine?
SEP Knowledge Base
Endpoint SWAT
If you are dealing with downadup you have 1 or more machines in your environment that either don't have AV installed or are missing windows updates, specifically MS08-067. If you have IPS installed you can go to Monitors -> Logs -> Network Threat Protection -> Attacks. This report should show you what machines are missing AV or patches.
Without finding the root cause you will continue to get those downadup detections.
If I was able to help resolve your issue please mark my post as solution.
Hello,
The Enteries you are looking are the Risk Logs, from where you are trying to delete the Files in the Quarantine.
Here the Enteries would remain as a part of Risk Logs.
Incase, you feel the Quarantine files are piling up.. check this Thread below:
https://www-secure.symantec.com/connect/forums/quarantine-size-too-large
Secondly in your case, the files are cleaned by deletion and not quaratined.
On a Kind Note: As Cameron highlighted you are Infected with W32.Downadup.B Threat, please work on the Plan of Action as given below -
Plan of Action:
1) Make sure ALL Computers are installed with Symantec EP with latest / updated with virus defintions and
2) Install MS08-67 patch download [KB 958644] on ALL computer.
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
3) Install ALL Latest Microsoft Secuirty Patches / Sevice Packs on ALL machines
4) Disable Auto play with GPO
http://support.microsoft.com/kb/953252
5) Disable Scheduled Tasks with GPO
http://support.microsoft.com/kb/310208
6) Enable Security Auditing with GPO
http://support.microsoft.com/kb/300549
7) Scan ALL the machines...
NOTE: *ALL means ALL client machines and server machines (make sure you don't miss any machine)
Inaddition to this, please check the Article provided below and work upon the same.
1) Best Practice for Downadup.B and Additional information on the same.
https://www-secure.symantec.com/connect/articles/best-practice-downadupb-and-additional-information-same
2) Simple steps to protect yourself from the Conficker Worm
http://www.symantec.com/docs/TECH93179
3) What is Risk Tracer? http://www.symantec.com/docs/TECH102539
Hope that helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
OK, so how do I clear that stuff?
It's done automatically by the SEPM.
SEP Knowledge Base
Endpoint SWAT
Users are getting pop ups and are asking me about it, I really do not want them to get these pop ups.
So you want to turn off the IPS popups for end users?
1. Log in to SEPM
2. Select Clients on the left
3. Choose the appropriate group
4. Select the Policies tab
5. Expand Location-Specific Settings and select Server Control next to "Client User Interface Control Settings"
6. Click the Customize button next to "Server Control"
7. Uncheck "Display Intrusion Prevention Notifications"
SEP Knowledge Base
Endpoint SWAT
Hello,
Do you want to remove the Entire Risk Logs??
If yes, check this Thread:
https://www-secure.symantec.com/connect/forums/how-delete-log-records-symantec-endpoint-protection-manager-121
Hope that helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
Would you like to reply?
Login or Register to post your comment.