Palmolive 0 Posted January 23, 2018 Share Posted January 23, 2018 I am working on cleaning up our ESET environment up and creating automated tasks. I have a few computers with 50000 threats and one with 2.5 mil. is there a nice way to clear these stale threats?or delete the object and have a fresh one readded without deleting the threats manually 500/100 at a time. Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 434 Posted January 23, 2018 ESET Staff Share Posted January 23, 2018 @PalmoliveIn case with the 2,5 million threats - I would suggest to do 2 things: First of all - check what they are. What is the device type? How is the product configured? Isn´t it a server, where some regular scans are being executed, with normal cleaning level? As I would fix the "root cause" rather than the symptoms. Strict cleaning set via policy might do the trick. And then regular resolving (till the new version comes out). Remove the device, and let it reappear. It would then report the "threats" freshly. PS: In the new version, each threat with action taken (threat handled = yes) will be automatically marked as "resolved" in the management console. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,069 Posted January 23, 2018 Administrators Share Posted January 23, 2018 50,000 and more is way too many threats. If new threats are continually being detected on endpoints, it's important to solve that first. If running a scan with strict cleaning mode as suggested by MichalJ doesn't resolve the issue, please collect logs with ELC on such Endpoint and provide me with the generated archive for perusal. Link to comment Share on other sites More sharing options...
Palmolive 0 Posted January 23, 2018 Author Share Posted January 23, 2018 it is a machine that was syncing with the crytolocker machine, and the onedrive was encrypted. So it spent a month or so trying to sync back the help_decrypt files. The one drive is now clean and no new threats are detected. I have deleted the object before and it comes back with the same stuff :/ I did it again, it should come back in an hour or so, i will report back then. Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 434 Posted January 24, 2018 ESET Staff Share Posted January 24, 2018 If it reappears, it might happen, that the old data (that will be deleted upon executing a cleanup) air automatically paired with the agent UUID. It might be good to actually reinstall the ERA agent, so truly new "computer instance" is created in ERA. Link to comment Share on other sites More sharing options...
bitterandstout 0 Posted February 27, 2018 Share Posted February 27, 2018 I have a similar conundrum, we have atlassian apps running that allow attachments and the filesystem (ext4 linux) has many snapshots created daily, so the attachments are snapshotted constantly. If I scan and clean (or delete) attachments that are threats, how can I programmatically remove the cleaned/deleted threats from the ERA console? I'm currently looking at over 1500. Link to comment Share on other sites More sharing options...
bitterandstout 0 Posted February 28, 2018 Share Posted February 28, 2018 (edited) That's 1500 multiplied by the number of snapshots help on the filesystem so given 8 snapshots we have a total of 12,000 entries in the Web console. Dealing with that many by using the "mark as resolved" button, isn't really an option. Is there a method for doing this in a granular, programatic manner? Edited February 28, 2018 by bitterandstout Link to comment Share on other sites More sharing options...
Recommended Posts