Author Topic: Infected Status  (Read 2511 times)

Offline perth.wolfman

  • Newbie
  • *
  • Posts: 1
Infected Status
« on: April 18, 2014, 04:58:52 AM »
Hi there. Am running ESM 3.0.61203.19 and have an endpoint that ESM is reporting as Infected.

Endpoint is happily reporting no infections. Quarantine is empty.

ESM is reporting nothing in its Quarantine. Full scans on the endpoint run from ESM are reporting no infections.

I did find one area of ESM that listed the "infected" file - endpoint doesn't list the file as existing.

How do I get ESM to believe what the endpoint is telling it?

Offline georgianas

  • CESMUser
  • Comodo Family Member
  • *
  • Posts: 68
Re: Infected Status
« Reply #1 on: April 22, 2014, 04:08:50 AM »
Hi,

Create a Infections report on the endpoint that's shows infected.Right Click on the endpoint->build report->computer infections.
Create an antivirus log CES/CAS log report on the endpoint and check the details.
Infected status is displayed when malware was detected by AV, but it has not been successfully handled (deleted, disinfected or quarantined) by the local installation of CES/CAS. You should find it as blocked in the CES/CAS log files. ( first action on the file detection )
The file might have been detected on a network share accessed by the endpoint.

Offline JA_Matt

  • Newbie
  • *
  • Posts: 1
Re: Infected Status
« Reply #2 on: June 05, 2014, 05:38:12 AM »
Hi

Thought it better to respond here rather than start a new thread.

I have exactly the issue described above, an infected file on a network share. The question I have is how do I process the infection from the server? Looking at the help the only thing I can find answers that suggest you process files on the machine at the end of a scan but nothing to process a file from the ESM control to stop it appearing as infected in the list of computers?

Offline georgianas

  • CESMUser
  • Comodo Family Member
  • *
  • Posts: 68
Re: Infected Status
« Reply #3 on: June 05, 2014, 06:34:09 AM »
Hi,

You can create the CAV log report from ESM console, to identify the server and share. The infection should be  processed on the server. If you have CAV protecting the server run a full system scan. Once network share is processed(clean), run a full system scan on the system with infected status. The status should go back to normal after the scan.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek