Endpoint Protection

How can I purge this stuff for it never to be heard from again?

Thank you

I keep trying to get rid of it, but it never goes totally away. I am using SEP 2015.2015 Windows Server 2008. 64 BIT Thank you

Those look to have been deleted, not put in quarantine?

If you are dealing with downadup you have 1 or more machines in your environment that either don't have AV installed or are missing windows updates, specifically MS08-067. If you have IPS installed you can go to Monitors -> Logs -> Network Threat Protection -> Attacks. This report should show you what machines are missing AV or patches.

Without finding the root cause you will continue to get those downadup detections.

Hello,

The Enteries you are looking are the Risk Logs, from where you are trying to delete the Files in the Quarantine.

Here the Enteries would remain as a part of Risk Logs.

Incase, you feel the Quarantine files are piling up.. check this Thread below:

https://www-secure.symantec.com/connect/forums/quarantine-size-too-large

Secondly in your case, the files are cleaned by deletion and not quaratined. 

On a Kind Note: As Cameron highlighted you are Infected with W32.Downadup.B Threat, please work on the Plan of Action as given below - 

Plan of Action:

1) Make sure ALL Computers are installed with Symantec EP with latest / updated with virus defintions and

2) Install MS08-67 patch download [KB 958644] on ALL computer.

http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

3) Install ALL Latest Microsoft Secuirty Patches / Sevice Packs on ALL machines

4) Disable Auto play with GPO

http://support.microsoft.com/kb/953252

5) Disable Scheduled Tasks with GPO

http://support.microsoft.com/kb/310208

6) Enable Security Auditing with GPO

http://support.microsoft.com/kb/300549

7) Scan ALL the machines...

NOTE: *ALL means ALL client machines and server machines (make sure you don't miss any machine)

Inaddition to this, please check the Article provided below and work upon the same.

1) Best Practice for Downadup.B and Additional information on the same.

https://www-secure.symantec.com/connect/articles/best-practice-downadupb-and-additional-information-same

2) Simple steps to protect yourself from the Conficker Worm

http://www.symantec.com/docs/TECH93179

3) What is Risk Tracer? http://www.symantec.com/docs/TECH102539

Hope that helps!!

OK, so how do I clear that stuff?

It's done automatically by the SEPM.

Users are getting pop ups and are asking me about it, I really do not want them to get these pop ups.

Hello,

Do you want to remove the Entire Risk Logs??

If yes, check this Thread:

https://www-secure.symantec.com/connect/forums/how-delete-log-records-symantec-endpoint-protection-manager-121

Hope that helps!!

 

So you want to turn off the IPS popups for end users?

1. Log in to SEPM
2. Select Clients on the left
3. Choose the appropriate group
4. Select the Policies tab
5. Expand Location-Specific Settings and select Server Control next to "Client User Interface Control Settings"
6. Click the Customize button next to "Server Control"
7. Uncheck "Display Intrusion Prevention Notifications"