0 Replies Latest reply on Jun 26, 2013 11:43 AM by pwolfe

    VSE 8.8 - Deletes Legitimate Folder Contents on Zip Detection - Ransom-FAXG!59B6B3A45AFD


      I have a bit of an issue....Not sure if it’s a setting or just an odd ball...


      I had an admin user save a zip file while his AV was disabled or the MacAfee dat was not up to date, as i believe this to be a "newer" detection from my brief research. This zip file was located in a legitimate subfolder that contained other legitimate files. Mainly a bunch of Excel Documents, MDB's, & Plain text files and other subdirectories, these files are not the files in the zip, these are separate files. When the zip file is detected, it is deleted & quarantined; it also deletes all files and folders in the same folder structure. I can restore the quarantine, and it restores the zip file and the other documents. However once the zip file is detected, it deletes all files in the folder in which it lives. If i disable MacAfee on access scanner, do a restore from quarantine, copy the good files out to another location, and re-enable the scanner, the new folder which contains the documents with no zip is good, and the one with the zip file then deletes the Folder structure.



      Any Ideas?


      Also, I have downloaded the EICAR_Test Files and tried to recreate with these, could not get the same actions to happen....




      Product Name: VirusScan Enterprise

      Product Version: 8.8

      Product Type: VIRUSCAN8800

      Detection Method: OAS

      DAT Version: 7117.0000

      Engine Version: 5400.1158

      Threat Information:

      Event ID: 1280

      Threat Names: Ransom-FAXG!59B6B3A45AFD

      Threat Name:Ransom-FAXG!59B6B3A45AFD

      Threat Category:Malware detected

      Threat Type:Trojan

      Target File Name: C:\CCS_Celerity\Final_\LexisNexis_Invoice_06212013.zip\LexisNexis_Invoice_06212 013.exe

      Action Taken: deleted

      Threat Handled: true

      Event Description: file infected. Undetermined clean error, deleted successfully


      Message was edited by: pwolfe on 6/26/13 8:39:55 AM GMT-08:00


      Message was edited by: pwolfe on 6/26/13 8:43:11 AM GMT-08:00