This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PUA won't clear

We have a device that enterprise console picked up the C: drive as being infected with BitCoinMiner - over a month ago

I tried to clean it - but it was "uncleanable" so the device was rebuilt - yet it is still in the PUA box on the console

It is clean/not infected - yet "protecting" the device does not clear it from the infected box

How do I remove it from this box ?



This thread was automatically locked due to age.
Parents
  • Hello Weeboo,

    there are two ways an Alert or Error is cleared from the console: 1) applicable action is taken on the endpoint, 2) it is acknowledged using right-click → Resolve Alerts and Errors on selected computers or groups. For some alerts or errors only one of the options is available. In case of a detection applicable means that it is cleaned up or deleted by SAV (automatically, an appropriate request using the Quarantine Manager, a scheduled or on-demand scan with the appropriate settings, a request from the console if available) or removed from (the list in) QM. When you manually delete the offending item, or wipe and reinstall the machine (or reset it if it's a VM) then SAV isn't aware of this and consequently can't inform the console. Thus you have to acknowledge the alert in the console.
    Note that you can't acknowledge download or installation errors, neither from the local machine nor from the console. In these cases when the endpoint notifies the console of a successful download or install (even after rebuilding the device) the error is cleared.

    Christian     

  • QC said:

    Hello Weeboo,

    there are two ways an Alert or Error is cleared from the console: 1) applicable action is taken on the endpoint, 2) it is acknowledged using right-click → Resolve Alerts and Errors on selected computers or groups. For some alerts or errors only one of the options is available. In case of a detection applicable means that it is cleaned up or deleted by SAV (automatically, an appropriate request using the Quarantine Manager, a scheduled or on-demand scan with the appropriate settings, a request from the console if available) or removed from (the list in) QM. When you manually delete the offending item, or wipe and reinstall the machine (or reset it if it's a VM) then SAV isn't aware of this and consequently can't inform the console. Thus you have to acknowledge the alert in the console.
    Note that you can't acknowledge download or installation errors, neither from the local machine nor from the console. In these cases when the endpoint notifies the console of a successful download or install (even after rebuilding the device) the error is cleared.

    Christian     

     

    Right - so when you "acknowledge" a PUA or even VIRUS - This is just a one off event - it won't ignore any future identical infections ??

Reply
  • QC said:

    Hello Weeboo,

    there are two ways an Alert or Error is cleared from the console: 1) applicable action is taken on the endpoint, 2) it is acknowledged using right-click → Resolve Alerts and Errors on selected computers or groups. For some alerts or errors only one of the options is available. In case of a detection applicable means that it is cleaned up or deleted by SAV (automatically, an appropriate request using the Quarantine Manager, a scheduled or on-demand scan with the appropriate settings, a request from the console if available) or removed from (the list in) QM. When you manually delete the offending item, or wipe and reinstall the machine (or reset it if it's a VM) then SAV isn't aware of this and consequently can't inform the console. Thus you have to acknowledge the alert in the console.
    Note that you can't acknowledge download or installation errors, neither from the local machine nor from the console. In these cases when the endpoint notifies the console of a successful download or install (even after rebuilding the device) the error is cleared.

    Christian     

     

    Right - so when you "acknowledge" a PUA or even VIRUS - This is just a one off event - it won't ignore any future identical infections ??

Children