Vidéos d'aide de Screencast
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Trying to delete from Quarantine on the SEPM console, but the entries still remain

Created: 23 Janv. 2013 | 9 comments

How can I purge this stuff for it never to be heard from again?

Thank you

Commentaires CommentairesAccéder au dernier commentaire

l'image des The Conquistador

I keep trying to get rid of it, but it never goes totally away. I am using SEP 2015.2015
Windows Server 2008. 64 BIT
Thank you

l'image des .Brian

Those look to have been deleted, not put in quarantine?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

l'image des Cameron_W

If you are dealing with downadup you have 1 or more machines in your environment that either don't have AV installed or are missing windows updates, specifically MS08-067. If you have IPS installed you can go to Monitors -> Logs -> Network Threat Protection -> Attacks. This report should show you what machines are missing AV or patches.

Without finding the root cause you will continue to get those downadup detections.

If I was able to help resolve your issue please mark my post as solution.

l'image des Mithun Sanghavi

Hello,

The Enteries you are looking are the Risk Logs, from where you are trying to delete the Files in the Quarantine.

Here the Enteries would remain as a part of Risk Logs.

Incase, you feel the Quarantine files are piling up.. check this Thread below:

https://www-secure.symantec.com/connect/forums/quarantine-size-too-large

Secondly in your case, the files are cleaned by deletion and not quaratined. 

On a Kind Note: As Cameron highlighted you are Infected with W32.Downadup.B Threat, please work on the Plan of Action as given below - 

Plan of Action:

1) Make sure ALL Computers are installed with Symantec EP with latest / updated with virus defintions and

2) Install MS08-67 patch download [KB 958644] on ALL computer.

http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

3) Install ALL Latest Microsoft Secuirty Patches / Sevice Packs on ALL machines

4) Disable Auto play with GPO

http://support.microsoft.com/kb/953252

5) Disable Scheduled Tasks with GPO

http://support.microsoft.com/kb/310208

6) Enable Security Auditing with GPO

http://support.microsoft.com/kb/300549

7) Scan ALL the machines...

NOTE: *ALL means ALL client machines and server machines (make sure you don't miss any machine)

Inaddition to this, please check the Article provided below and work upon the same.

1) Best Practice for Downadup.B and Additional information on the same.

https://www-secure.symantec.com/connect/articles/best-practice-downadupb-and-additional-information-same

2) Simple steps to protect yourself from the Conficker Worm

http://www.symantec.com/docs/TECH93179

3) What is Risk Tracer? http://www.symantec.com/docs/TECH102539

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

l'image des .Brian

It's done automatically by the SEPM.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

l'image des The Conquistador

Users are getting pop ups and are asking me about it, I really do not want them to get these pop ups.

l'image des .Brian

So you want to turn off the IPS popups for end users?

1. Log in to SEPM
2. Select Clients on the left
3. Choose the appropriate group
4. Select the Policies tab
5. Expand Location-Specific Settings and select Server Control next to "Client User Interface Control Settings"
6. Click the Customize button next to "Server Control"
7. Uncheck "Display Intrusion Prevention Notifications"

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

l'image des Mithun Sanghavi

Hello,

Do you want to remove the Entire Risk Logs??

If yes, check this Thread:

https://www-secure.symantec.com/connect/forums/how-delete-log-records-symantec-endpoint-protection-manager-121

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.