CIS 5.8.213334.2131 db 10543 found a suspicious PDF in my outlook pst folder.
I clicked “clean”, and the entire folder file is now gone.
Not only that - last week, I found the message in question, deleted it, and compacted my pst folder.
CIS should not be scanning unused delted messages.
CIS should DEFINITELY not be destroying my entire mail spool and all my messages, just because of a single suspicious file!!!
Come on guys - this is the year 2011 - and Outlook is one of the worlds most prevalent email clients. What the heck are you thinking?
Can you check AV, Quarantine to see if the files are moved there?
Yes - that’s the point. CIS “hosed” my entire mail file (every single sent and received email forever), because it discovered a minor issue inside an already-deleted message in that file. It needs to remove the problem email message - not remove hundreds of thousands of unrelated messages along with it as well!!
Current ‘Clean’ action is Quarantine so if it has messed with a file it should have put it in Quarantine, which you should be able to restore.
Can you please check if there is anything there?
Very sorry you have had this problem, hopefully you will find the file in quarantine. I’m guessing what happened here is that CIS real time or batch AV auto-quarantined the file as the new alert suppression settings were active. Alternatively maybe after a scan the AV scan results window contained lots of files, one of which was the Outlook file, and quite reasonably you did not spot it before clicking clean?
But I do agree with you that, if confirmed as in quarantine, this is undesirable behavior. The ideal (difficult to achieve) would be to treat each mail app as if it were a file system and deal with individual messages and attachments. Short of that maybe by default the AV batch scanner should explicitly warn that the results window contains a mail file, or separate out these results.
Would you be willing to create a bug report in standard format for this? I’ll transfer it to the bug forum if yes. Personally I think devs should have a look at it.