Endpoint Protection

 View Only

  • 1.  SEP 11 MR6 - Action taken: Pending Side Effects Analysis : Access denied

    Posted Jul 15, 2010 06:06 AM
    Hi All,

    Does anyone here know how to fix the problem of never ending pop up message of false positives as follows:


    Scan type: Auto-Protect Scan
    Event: Risk Found!
    Security risk detected: Trojan Horse
    File: C:\Users\Admin\AppData\Local\Temp\DWHF7D5.tmp
    Location: C:\Users\Admin\AppData\Local\Temp
    Computer: 7X86
    User: Itree
    Action taken: Pending Side Effects Analysis : Access denied
    Date found: Thursday, 15 July 2010  7:47:40 PM

    it gets very annoying as it cannot be closed permanently and it is always on top !

    any kind of help would be greatly appreciated.

    Thanks,

    AWT


  • 2.  RE: SEP 11 MR6 - Action taken: Pending Side Effects Analysis : Access denied

    Posted Jul 15, 2010 07:55 AM

    You might be able to create a centralized expection policy (SEPM>Policies>Centralized Expections), and add the above file path and file. You'll need to assign the policy.

    Mike


  • 3.  RE: SEP 11 MR6 - Action taken: Pending Side Effects Analysis : Access denied

    Posted Jul 15, 2010 08:32 AM
    well that doesn't sounds like a secure and working solution i guess :-| since it creates a loophole in the AV defense.

    but thanks for your reply.


  • 4.  RE: SEP 11 MR6 - Action taken: Pending Side Effects Analysis : Access denied
    Best Answer

    Posted Jul 15, 2010 08:38 AM

    You could also turn off the notification as well, but that will turn off the notification for other infections.

    To this>
    SEPM>Policies>Antivirus & Antispyware>your policy>File System Auto Protect>Notifications

    If you do this, you want to setup a report noification to be sent to your e-mail, when there is an infection:
    SEPM>Monitors>Notifications>Notifications Conditions>Add>Risk Report>Single Risk Event

    Hope that helps.

    Mike



  • 5.  RE: SEP 11 MR6 - Action taken: Pending Side Effects Analysis : Access denied

    Posted Jul 15, 2010 08:45 AM
    ah yes, that does sounds like a work around at the moment.

    Well it seems that we have to wait until there is a proper fix from Symantec.