Threats are not cleaned

[Clinton Babi 0]

Dears,

I am finding some threats on one machine without taking any action by the endpoint from remote admin view. Could you please tell me why those threats are not automatically deleted or moved to quarantine?

 

 

[Clinton Babi 0]

I couldn't find an option to take action like clean or quarantine the detected files.

[Marcos 5,074]

Those are either potentially unwanted or unsafe applications, or archives that also contain other than detected files. In such case, action selection is required in the standard cleaning mode.

If you want to clean PUAs automatically, set strict cleaning mode for web access protection, real-time protection and startup scans.
As for on-demand scans, I'd be cautious with using strict cleaning as it would also remove archives that also contain other than detected files, or files infected with a virus that cannot be cleaned at the moment. For instance, if you have an archive with tools of which some may be detected (e.g. tools for finding serial numbers), the whole archive would be removed. If you run an on-demand scan with strict cleaning, it's a good practice to review what files have been removed / quarantined.

[Clinton Babi 0]

Thanks for the information Marcos.

 

Okay in this case i would like to take actions individually. how can i do that?

Thanks in advance.

 

[Marcos 5,074]

It's not possible to select an action for scans run from ERA. You can:
- create a policy that will set Strict cleaning mode for the In-depth scan profile and wait until it's applied on clients
- run an on-demand scan task with in-depth scan profile

All threats and PUAs will be cleaned automatically. You can review the quarantine in case you'd like to restore some files.

[Clinton Babi 0]

Thanks again. But I believe it is indeed a good option to have ability from ERA console to individually select actions.