Data Center Security

 View Only
Back to discussions
Expand all | Collapse all

Can not delete file after AV policy triggered and denied access to file

  • 1.  Can not delete file after AV policy triggered and denied access to file

    Posted Oct 22, 2018 02:47 PM

    Hello,

    I was testing our AV policy with Symantec Data Center Security on one of our VMs.

    I ran an Eicar file on the server to trigger the event and the policy caught this and created two .TMP files in the directory where the file was being downloaded to.

    Now I want to delete to take action on these files but I see no way of deleting or restoring the file. The only option in the DCS portal is to whitelist or add a tag to the server. If I try to delete the files on the server it triggers the alert again.

    Our AV policy is set to "Deny Access", I would like to avoid delete and quarentine if possible.

    Thoughts?

    -Mike