cancel
Showing results for 
Search instead for 
Did you mean: 

Event Description: Infected file found.

I reporting the critical events after I carry out on demand scans. Most of these events have event descriptions such as 'infected file found and NOT deleted'. However a few critical events have the event description 'Infected file found', and Action taken : 'None'

Am I wrong in assuming that these infected files have not been deleted??
Labels (1)
Tags (1)
10 Replies
tonyb99
Level 13
Report Inappropriate Content
Message 2 of 11

RE: Event Description: Infected file found.

I would assume thats a scan without the option to attempt cleaning selected that just reports, therefore action would be none.

RE: Event Description: Infected file found.

The Actions are set to :

'Perform this action first: Clean files
If the first action fails, then perform this action: Delete files '
tonyb99
Level 13
Report Inappropriate Content
Message 4 of 11

RE: Event Description: Infected file found.

your sure this isnt just someone on a pc running a scan ? where the default option is to just scan not clean

RE: Event Description: Infected file found.

Yes I am quite sure. I created a new subgroup, added a task with the above actions to this subgroup, and moved the systems to be scanned to this subgroup.
I then created a query which returns the events of systems in the newly created subgroup.
tonyb99
Level 13
Report Inappropriate Content
Message 6 of 11

RE: Event Description: Infected file found.

what does the OAS log on the relevant client say?

RE: Event Description: Infected file found.

OAS log = agent log?
tonyb99
Level 13
Report Inappropriate Content
Message 8 of 11

RE: Event Description: Infected file found.

On Access Scanner log

right click on On-access scanner in vse console and choose to view log

RE: Event Description: Infected file found.

Oh,

I wont be able to do that on the PCs as they are on other sites
tonyb99
Level 13
Report Inappropriate Content
Message 10 of 11

RE: Event Description: Infected file found.

look in
C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection

browse across the network or f you cant see them then try to remote console from the epo VSE instance (assuming you left this enabled)