Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 9405 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

What is Auto Cleanup

munta

We are currently running endpoint security 9.5 and are slowing modifying it to suit our environment.

Can someone explain the pros and cons for enabling auto cleanup under "On-Access scan settings"?  Are there any cons?

Thanks in advance.

Jason.

:22861


This thread was automatically locked due to age.
Parents
  • 0

    Hello Jason,

    to quote from Version 9.7 (and lower) Anti-Virus and HIPS settings: guide to on-access settings: Obviously, you may want to set this to automatically clean up any malware that is found, but we've left it to you to decide [...] When the on-access scanner automatically cleans up items that contain a virus or spyware, it will delete any items that are purely malware and it will try to disinfect any items that have been infected. These disinfected files should be considered permanently damaged, as the virus scanner cannot know what the file contained before it was damaged: it can only clean out the code that was injected by the virus.

    This has been reformulated in Recommended on-access scanning settings for 10.x: In Endpoint 10 the setting 'Automatically clean up items that contain a virus/spyware' for on-access scanning is enabled by default.  Having this option enabled means there is less administrative work in dealing with malware reported to the console [...]

    I've found it to be quite safe as the few false positives were all generic detections for which no automatic cleanup will be attempted. Please note that there's also the If you do not use automatic cleanup, or if automatic cleanup is not possible setting which affects the final outcome. This should be left Deny access only.

    There's an extra set of options if you also scan for suspicious files as they are never cleaned up automatically.

    Christian

    :22869
Reply
  • 0

    Hello Jason,

    to quote from Version 9.7 (and lower) Anti-Virus and HIPS settings: guide to on-access settings: Obviously, you may want to set this to automatically clean up any malware that is found, but we've left it to you to decide [...] When the on-access scanner automatically cleans up items that contain a virus or spyware, it will delete any items that are purely malware and it will try to disinfect any items that have been infected. These disinfected files should be considered permanently damaged, as the virus scanner cannot know what the file contained before it was damaged: it can only clean out the code that was injected by the virus.

    This has been reformulated in Recommended on-access scanning settings for 10.x: In Endpoint 10 the setting 'Automatically clean up items that contain a virus/spyware' for on-access scanning is enabled by default.  Having this option enabled means there is less administrative work in dealing with malware reported to the console [...]

    I've found it to be quite safe as the few false positives were all generic detections for which no automatic cleanup will be attempted. Please note that there's also the If you do not use automatic cleanup, or if automatic cleanup is not possible setting which affects the final outcome. This should be left Deny access only.

    There's an extra set of options if you also scan for suspicious files as they are never cleaned up automatically.

    Christian

    :22869
Children
No Data
Unfiltered HTML