Jump to content

Clear threats on device


Palmolive
 Share

Recommended Posts

I am working on cleaning up our ESET environment up and creating automated tasks.  I have a few computers with 50000 threats and one with 2.5 mil.  is there a nice way to clear these stale threats?or delete the object and have a fresh one readded without deleting the threats manually 500/100 at a time.

Link to comment
Share on other sites

  • ESET Staff

@PalmoliveIn case with the 2,5 million threats - I would suggest to do 2 things:

  1. First of all - check what they are. What is the device type? How is the product configured? Isn´t it a server, where some regular scans are being executed, with normal cleaning level? As I would fix the "root cause" rather than the symptoms. Strict cleaning set via policy might do the trick. And then regular resolving (till the new version comes out).
  2. Remove the device, and let it reappear. It would then report the "threats" freshly.

PS: In the new version, each threat with action taken (threat handled = yes) will be automatically marked as "resolved" in the management console.

Link to comment
Share on other sites

  • Administrators

50,000 and more is way too many threats. If new threats are continually being detected on endpoints, it's important to solve that first. If running a scan with strict cleaning mode as suggested by MichalJ doesn't resolve the issue, please collect logs with ELC on such Endpoint and provide me with the generated archive for perusal.

Link to comment
Share on other sites

it is a machine that was syncing with the crytolocker machine, and the onedrive was encrypted.  So it spent a month or so trying to sync back the help_decrypt files.  The one drive is now clean and no new threats are detected.  I have deleted the object before and it comes back with the same stuff :/ I did it again, it should come back in an hour or so, i will report back then.

Link to comment
Share on other sites

  • ESET Staff

If it reappears, it might happen, that the old data (that will be deleted upon executing a cleanup) air automatically paired with the agent UUID. It might be good to actually reinstall the ERA agent, so truly new "computer instance" is created in ERA.

Link to comment
Share on other sites

  • 1 month later...

I have a similar conundrum,   we have atlassian apps running that allow attachments and the filesystem (ext4 linux) has many snapshots created daily,  so the attachments are snapshotted constantly.  If I scan and clean (or delete) attachments that are threats, how can I programmatically remove the cleaned/deleted threats from the ERA console?   I'm currently looking at over 1500. 

Link to comment
Share on other sites

That's 1500  multiplied by the number of snapshots help on the filesystem so given 8 snapshots we have a total of 12,000 entries in the Web console. Dealing with that many by using the "mark as resolved" button, isn't really an option.  Is there a method for doing this in a granular, programatic manner?

Edited by bitterandstout
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...