Video Screencast Help

Trying to delete from Quarantine on the SEPM console, but the entries still remain

Created: 23 Jan 2013 | 9 comments

How can I purge this stuff for it never to be heard from again?

Thank you

Comments 9 CommentsJump to latest comment

Bryan S's picture

I keep trying to get rid of it, but it never goes totally away. I am using SEP 2015.2015
Windows Server 2008. 64 BIT
Thank you

Cameron_W's picture

If you are dealing with downadup you have 1 or more machines in your environment that either don't have AV installed or are missing windows updates, specifically MS08-067. If you have IPS installed you can go to Monitors -> Logs -> Network Threat Protection -> Attacks. This report should show you what machines are missing AV or patches.

Without finding the root cause you will continue to get those downadup detections.

If I was able to help resolve your issue please mark my post as solution.

Mithun Sanghavi's picture

Hello,

The Enteries you are looking are the Risk Logs, from where you are trying to delete the Files in the Quarantine.

Here the Enteries would remain as a part of Risk Logs.

Incase, you feel the Quarantine files are piling up.. check this Thread below:

https://www-secure.symantec.com/connect/forums/quarantine-size-too-large

Secondly in your case, the files are cleaned by deletion and not quaratined. 

On a Kind Note: As Cameron highlighted you are Infected with W32.Downadup.B Threat, please work on the Plan of Action as given below - 

Plan of Action:

1) Make sure ALL Computers are installed with Symantec EP with latest / updated with virus defintions and

2) Install MS08-67 patch download [KB 958644] on ALL computer.

http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

3) Install ALL Latest Microsoft Secuirty Patches / Sevice Packs on ALL machines

4) Disable Auto play with GPO

http://support.microsoft.com/kb/953252

5) Disable Scheduled Tasks with GPO

http://support.microsoft.com/kb/310208

6) Enable Security Auditing with GPO

http://support.microsoft.com/kb/300549

7) Scan ALL the machines...

NOTE: *ALL means ALL client machines and server machines (make sure you don't miss any machine)

Inaddition to this, please check the Article provided below and work upon the same.

1) Best Practice for Downadup.B and Additional information on the same.

https://www-secure.symantec.com/connect/articles/best-practice-downadupb-and-additional-information-same

2) Simple steps to protect yourself from the Conficker Worm

http://www.symantec.com/docs/TECH93179

3) What is Risk Tracer? http://www.symantec.com/docs/TECH102539

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Bryan S's picture

Users are getting pop ups and are asking me about it, I really do not want them to get these pop ups.

_Brian's picture

So you want to turn off the IPS popups for end users?

1. Log in to SEPM
2. Select Clients on the left
3. Choose the appropriate group
4. Select the Policies tab
5. Expand Location-Specific Settings and select Server Control next to "Client User Interface Control Settings"
6. Click the Customize button next to "Server Control"
7. Uncheck "Display Intrusion Prevention Notifications"

Mithun Sanghavi's picture

Hello,

Do you want to remove the Entire Risk Logs??

If yes, check this Thread:

https://www-secure.symantec.com/connect/forums/how-delete-log-records-symantec-endpoint-protection-manager-121

Hope that helps!!

 

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.