cancel
Showing results for 
Search instead for 
Did you mean: 

Threat detected

Jump to solution

Hello;

What is the best practice to act once a threat is detected from EPO server, if i have a new threat detected and its appear in my dashboard ?

1 Solution

Accepted Solutions
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 5

Re: Threat detected

Jump to solution

I would not recommend an automatic response for this scenario as their are to many variables involved. If you ran a complete scan and the scanlog does did not detect anything and you have no indication the machine is infected then I'd say the machine is not infected.

If you got a "virus detected and not removed" event it should indicate a file and a path. If you look at the machine directly does the file referenced in the threat event exist on the client machine? If not as Tony mentioned it may have already been cleaned.

4 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: Threat detected

Jump to solution

Depends largely on the threat, the product and the reaction. For example a threat detected by VSE but handled (so virus detected and removed) would really not require any action; however, a virus detected and not removed may. In the event of a threat being detected and not removed I'd say the next step would be to check the local VSE on-access scan log on the machine and just in general look for signs of infection. You could also have it run a complete on-demand scan.

One of the primary goals on the threat reports is to give you the ability to spot trends. For example if you suddenly have a large spike in the number of detections even if the detections are being cleaned it could indicate that you are in an outbreak.

Message was edited by: Jeremy Stanley on 9/20/10 1:56:38 PM CDT

Re: Threat detected

Jump to solution

Thanks Jeremy, but how can i confirm that the threat is removed, i ran the on demand scan on a machine and it shows 0 detected, how can i set the automatic response, once a threat is detected it should be removed ?

tonyb99
Level 13
Report Inappropriate Content
Message 4 of 5

Re: Threat detected

Jump to solution

The threats are detected and dealt with by VSE, this then passes the info on what it has done to epo to display on your reports.

By the time you see the detection it should already have been cleaned/deleted. Any where this has not happened ( which you can see from your reports if you choose to include these fields) you may then need to look at why ( locked file/process etc)

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 5

Re: Threat detected

Jump to solution

I would not recommend an automatic response for this scenario as their are to many variables involved. If you ran a complete scan and the scanlog does did not detect anything and you have no indication the machine is infected then I'd say the machine is not infected.

If you got a "virus detected and not removed" event it should indicate a file and a path. If you look at the machine directly does the file referenced in the threat event exist on the client machine? If not as Tony mentioned it may have already been cleaned.