cancel
Showing results for 
Search instead for 
Did you mean: 

file infected. Undetermined clean error, delete failed in ePO 4.6

I was alerted by ePO this morning that there was Malware detected on a managed PC and ePO indicated that the file infected. Undetermined clean error, delete failed as the event description.  Event ID is 1284.  What happens to this file?  In my research the dat file should have covered this.  We are running AV 8.8 w/ dat 6634.  If this machine was still infected I would think that ePO would be constantly alerting....  Any ideas?

13 Replies
Reliable Contributor tao
Reliable Contributor
Report Inappropriate Content
Message 2 of 14

Re: file infected. Undetermined clean error, delete failed in ePO 4.6

Are you able to view the client log and if so, what does it show for the malware?

Re: file infected. Undetermined clean error, delete failed in ePO 4.6

Yes.  8:43:35 AM Delete failed (Clean failed)  SYSTEM ODS((managed) Workstations Weekly Full Virus Scan 8.8) c:\Documents and Settings\Local Settings\Temp\Low\F23B.tmp DNSChanger.cw (Trojan)

Reliable Contributor tao
Reliable Contributor
Report Inappropriate Content
Message 4 of 14

Re: file infected. Undetermined clean error, delete failed in ePO 4.6

Interesting, well if VSE8.8 has the latest Dat file (6635) installed then perhaps a corrupt VSE8.8.  Are you able to access the node from a remote share (\\node name\c$)? Then navigate to and  right click  ..\Temp\ and scan for threats from the remote node.  At this point you are eliminating the node's VSE and using the remote node to scan the folder...Just a thought..

Re: file infected. Undetermined clean error, delete failed in ePO 4.6

Thanks Tao - I did run a remote scan and nothing comes up.

Reliable Contributor tao
Reliable Contributor
Report Inappropriate Content
Message 6 of 14

Re: file infected. Undetermined clean error, delete failed in ePO 4.6

Well, since it's running the latest Dat 6635, you launched a scan from your node to the remote node in question (meaning, you did not use the ePO console to launch a scan) then I would install MalwareBytes on your node and perform a remote scan on the node....But that's what I would do..

Just for giggle, have you confirmed that the file is still there?

Re: file infected. Undetermined clean error, delete failed in ePO 4.6

I did a search on the c$ and the F23B.tmp file is not on the box. 

Reliable Contributor tao
Reliable Contributor
Report Inappropriate Content
Message 8 of 14

Re: file infected. Undetermined clean error, delete failed in ePO 4.6

patty.d00 wrote:

Yes.  8:43:35 AM Delete failed (Clean failed)  SYSTEM ODS((managed) Workstations Weekly Full Virus Scan 8.8) c:\Documents and Settings\Local Settings\Temp\Low\F23B.tmp DNSChanger.cw (Trojan)

What's the date of this entry?   Perhaps ODS wasn't able to remove it but OAS did.

Re: file infected. Undetermined clean error, delete failed in ePO 4.6

it was today at 8:43 this morning.  I am trying to connect to OAS log but can't right now.  I will try in the am. Thanks for your help. 

Re: file infected. Undetermined clean error, delete failed in ePO 4.6

Dear Patty,

Could you Pls check weather the OAS detected this infected file its also possible.if still the cleaning not happened kindly run the getsusp.exe on infected machine collect the logs as well as suspected files and escalete to McAfee.kindly download the getsusp tool from below link.

http://www.mcafee.com/us/downloads/free-tools/getsusp.aspx

Member Rewards
McAfee Community rewards active and helpful members just like you. Click here to take a look at the first community members who received a special reward and were recognized by McAfee leader, Aneel Jaeel, for their participation and trusted knowledge in the community.