In VSE, Threat is detected but it didnt take any action on the virus.It showing "Access Denied
Can any one explain me why this access denied is appearing..??
I am attaching the screenshots please find it..??
possibly access denied is the primary/secondary action when a threat is found in the OAS, ODS or PUP Deaful, Low Risk or High Risk policy that these hosts receive. Please check it.
(in your reply, please state the type and version of VSE, too)
In certain other situation this error can also be returned, for example see KB60542.
Thanks for the response.
We are using VSE 8.8 patch 2
In the on Access high risk and low risk policy we mentioned only clean the file or delete the file..
Could you prepare a query for those events so it also contains the following information:
- Threat name
- Threat category
- Event category
- Threat target/source file path (both if exist)
- Action taken
- Event Description
- Analyzer Detection method.
And upload a screenshot and the picture of it here.
The threat target file path suggests that the .lnk could be on a non-local drive such as a remote drive or a CD-ROM, or on an otherwise unwriteable location/position, which might refuse deleting the file ( a .LNK cannot be cleaned just deleted) so it returns an access denied message which may be the response VSE gets and just passes on.
Message was edited by: apoling on 21/06/13 07:56:02 CEST
I'm uncertain about that the Blocking tab's configuration relates in some way to the "access denied" that OAS gives when neither of the actions defined can be performed.
I was under the impression that "Blocking" means that whenever there is a threat intorduced on a user's computer in a shared folder, then the "remote user"'s ID who has copied, etc. the file there with be assigned a "No Access" right on the share (for the time limit defined also here).
What is your opinion?
You are right Attila, just tested it with a EICAR file. It is not the Network Block.