1 Reply Latest reply on Aug 13, 2009 8:20 AM by dustrho

    "Virus Detected and Not Removed"

      hi

      We have mcafee Enterprise 8.7.0i and ePO4 SP4.
      We're getting these massages from ePO by mail:

      ePolicy Orchestrator Notification Rule: Virus detected
      Rule Defined At: Eigene Organisation
      Description: Notifications sends an e-mail message when "Virus Detected and Not Removed" events are received.

      Number of events: 1
      Source computer IP addresses: Not Available
      Actual threat names: Exploit-MSDirectShow.b
      Actual products: VirusScan

      For additional information, see the Notification Log in the ePolicy Orchestrator console.


      Why NOT Removed?
      Howto configure to get the information which file exactly was infected?
      What's mcafee doing with an infected file, putting in a quarantine directory?


      -------------------------------------------------------------------------------- -----------------------------------
      Sorry, I posted in the wrong area, can someone pls move this Thread to Management Solutions (ePo & Protection Pilot)?
      THX
        • 1. RE: "Virus Detected and Not Removed"
          dustrho
          First thing I have to say, upgrade to ePO 4.5 when you can because there's a ton more variables you can include in your email alerts. But in this case, it's possible the virus couldn't be removed because it's in memory. Usually with those types of alerts, we boot up the infected system with a bootable USB flash drive that has WinPE installed, and then run the command line scanner that McAfee provides in their SuperDAT files.