Endpoint Protection

 View Only
  • 1.  Need some Clarification on this

    Posted May 21, 2016 12:30 PM

    hi guys, SEP detected a malware and action is left alone . Can I know why the action is left alone , under what condition SEP will render the verdict as left alone and does SEP write these left alone convictions as malicious or suspicious in the database.

    Screenshot is attached. Really appreciate your feedback. Thanks 



  • 2.  RE: Need some Clarification on this

    Posted May 21, 2016 12:32 PM
      |   view attached

    Screesnhot is attached. Is it becuase the file was compressed?



  • 3.  RE: Need some Clarification on this

    Posted May 21, 2016 12:34 PM
    This kB article talks about http://www.symantec.com/docs/TECH101661


  • 4.  RE: Need some Clarification on this

    Posted May 21, 2016 12:50 PM

    Hi Brian thanks for the reply. I have gone through the link it is somwhat not clear. Have you seen that screenshot which I have attacked.

    As per the screenshot does left alone becuase of the reason that the action set for this condition is left alone or becuase of the reason that it first tried to clean/delete it but it could not be performed and then it left the file alone and did not took any action ?

     

    Lastly when SEP leave alone any risk does it writes this as a bad conviction in the database or not ?

     

    Appreciate your kind reply. Thanks 



  • 5.  RE: Need some Clarification on this

    Posted May 21, 2016 12:58 PM

    I am referring to Trojon Maljiva Brian 



  • 6.  RE: Need some Clarification on this

    Posted May 21, 2016 01:04 PM
    It's a compressed file so possibility that SEP couldn't open to scan. I don't know what you're actions are set to buy i hope left alone isn't one of them


  • 7.  RE: Need some Clarification on this

    Posted May 21, 2016 01:09 PM

    Actually it is being used by one of colleagues and if I am not mistaken then for Sonar Low risk detection the action set is left alone.

    Brian if the action is left alone for Sonar low risk detection then that means SEP wont do anything it will not make any conviction and write anything to the database ? 

    Does SEP writes any events in the database that are left alone / log ??

     

    As you can see in the screenshot the the risk source is Auto-Protection can we set log only/ leave for Auto-Protection detections that is causing this ?

    Thanks 



  • 8.  RE: Need some Clarification on this

    Posted May 21, 2016 03:11 PM

    Brian ?



  • 9.  RE: Need some Clarification on this

    Posted May 21, 2016 07:31 PM

    Left Alone still gets logged/written to DB, but no action is taken.