ERA V6 Active Threats Count

[jimwillsher 65]

EEA detects the Dell Backup software (preloaded on lots of Dells) as MSIL/MyPCBackup.A, MSIL/MyPCBackup.D and Win32/MyPCBackup.C. We don't need this software so I've been gradually removing it.

 

On these PCs, in the ERA v6 console, I still see an orange 30 listed against them, and when I look in "active threats" for the clients I see them all, but dated 7th March (when i removed the software).

 

Running a scan, and letting it finish, still leaves the annoying "orange 30". When will that go away? I've removed the "threats" so the scan should have cleared all that.

 

 

Jim

 

 

[ucvijan 4]

If i understood correctly, if you go to threats, and you know you removed them all, you can select them all, and MUTE them. That way they wont be shown on alerts. Regarding Active alert, i asked the same question on one topic that I opened few hours ago. I didnt find a way to "delete" the from ERA, i can see them, MUTE them, and they wont appear orange. 

[jimwillsher 65]

Many thanks, yes i wondered about "mute", but to me, "mute" means "stop telling me about it, I know about it, I'll deal with it later".

 

What I really need is either for them to disappear - since the threat itself has gone - or a way for me to remove them from the console. If they reappear then fine, it means the threast is still there. But to show "30" under the "active threats column is misleading. The column should say "recent threats", with a separate column for "active threats".

 

 

Jim

[ucvijan 4]

I agree with the part that if the alert is deleted, that we can remove it from console. Or something like, threats that were resolved, to be in separate section than threats that are active..

Maybe that will be added in future release. For now, i just mute the threats, for the ones that are deleted with cleaning, and for those that are not, i quarantine them and delete them, and then mute them

[dlaporte 14]

VERY ANNOYED!!!!

Why would you want to Mute a problem?

[ucvijan 4]

Well it is not a problem anymore, as EEA deleted the file, or I did delete it via ERA. Cause it is deleted,its not a problem, but it is just like a history of problems that were present, and cause they are not problems no more, the only thing to do is mute them, cause there is no way to delete them from console. (maybe i am mistaken)

[Marcos 5,074]

VERY ANNOYED!!!!

Why would you want to Mute a problem?

 

You should mute only an alert that you are sure it's been dealt with already and that it no longer poses a threat (e.g. you cleaned it manually without running a full disk scan using the in-depth profile).

[Peter Randziak 1,130]

Hello,

 

in case you would like to solve threat related issue (and zero the counter) you need to run In-depth scan of all targets from the ERA (this is required to reset the counter).

 

P.R.

[jimwillsher 65]

Hmmm....doesn't seem to work. I've run an in-depth scan, the scan finishes (67 minutes ago) but the count is still shown. When I look at the active threats in the detials, there are none within the last 4 days.

[dlaporte 14]

^{Hmmm....doesn't seem to work. I've run an in-depth scan, the scan finishes (67 minutes ago) but the count is still shown. When I look at the active threats in the detials, there are none within the last 4 days.}

 

^{I have a similar issue. the Virus Sig DB is 11282(20150306)}

Edited March 12, 2015 by dlaporte

[bbraunstein 27]

Hello,

 

in case you would like to solve threat related issue (and zero the counter) you need to run In-depth scan of all targets from the ERA (this is required to reset the counter).

 

P.R.

Hi,

 

This did not resolve anything for me. The numbers and threat warnings still exist. I'd rather not mute threats, I agree with Jim, the concept of muting is merely an acknowledgement "I promise I will get back to it later." I shouldn't have to mute a problem if there really is a problem, especially if the problem no longer exists. If it truly does no longer exist, the status should be update to "cleaned/deleted" and removed.

[Marcos 5,074]

 

This did not resolve anything for me. The numbers and threat warnings still exist. I'd rather not mute threats, I agree with Jim, the concept of muting is merely an acknowledgement "I promise I will get back to it later." I shouldn't have to mute a problem if there really is a problem, especially if the problem no longer exists. If it truly does no longer exist, the status should be update to "cleaned/deleted" and removed.

 

Maybe it's just a problem of wording and "Mute" could be replaced with "Resolved", "Mark as resolved" or something like that?

[707kevin 0]

I agree. The active threat counts and list in ERA is very strange behavior. Not as expected.

Also the active threat in computer detail view does not seem to correspond with the quarantined view. Things that have been quarantined  also show up as an active threat. It's all pretty confusing when it could be so straight forward.

 

It's really, really difficult to determine what is a actual active threat and what has been taken care of. These lists and statuses need to be very clear and straight forward when dealing with 100's of remote computers.

 

Also, it's very difficult to tell if a computer needs a reboot to finish cleaning or not.

[Marcos 5,074]

To reset the number of active threats, a full (In-depth scan) needs to be started via ERA on the target computer(s). If you have cleaned a threat manually, you can mute the appropriate alert.

[HSW 9]

Hi,

 

 

To reset the number of active threats, a full (In-depth scan) needs to be started via ERA on the target computer(s). If you have cleaned a threat manually, you can mute the appropriate alert.

 

This is not working in many case. Why i can't delete such entries in the remote console? I had multiple Clients and start 5 times or more a full deep scan form eras -> successfull -> no Change on eras (local the Client is ok)

The only thing what work for me: delete quarantine -> Uninstall eset local on the Client -> delete all entries on the Client -> delete Client on eras -> reinstall eset ... not a realy good Workaround...

 

I hope there is a easier way in the future, to correct such entries on the eras manualy?

[sheane 1]

I have been searching everywhere for an answer to this question. As well as why it is called 'mute'. Please make a change as well as a knowledgebase article!

[Marcos 5,074]

This is not working in many case. Why i can't delete such entries in the remote console? I had multiple Clients and start 5 times or more a full deep scan form eras -> successfull -> no Change on eras (local the Client is ok)

The only thing what work for me: delete quarantine -> Uninstall eset local on the Client -> delete all entries on the Client -> delete Client on eras -> reinstall eset ... not a realy good Workaround...

 

I hope there is a easier way in the future, to correct such entries on the eras manualy?

 

I assume you're referring to threats listed in the Threat window, right? What I was talking about were active threats reported in ERA.

 

 

 

The threat records in the threat logs can be muted (marked as resolved) manually once you have taken care of the threat. Once muted, they will turn from red to black & white:

 

 

Please elaborate more on what doesn't work for you. We will consider resolving found threats automatically if running a full disk scan doesn't yield any active threats.

[HSW 9]

 

This is not working in many case. Why i can't delete such entries in the remote console? I had multiple Clients and start 5 times or more a full deep scan form eras -> successfull -> no Change on eras (local the Client is ok)

The only thing what work for me: delete quarantine -> Uninstall eset local on the Client -> delete all entries on the Client -> delete Client on eras -> reinstall eset ... not a realy good Workaround...

 

I hope there is a easier way in the future, to correct such entries on the eras manualy?

 

I assume you're referring to threats listed in the Threat window, right? What I was talking about were active threats reported in ERA.

 

 

 

The threat records in the threat logs can be muted (marked as resolved) manually once you have taken care of the threat. Once muted, they will turn from red to black & white:

 

era6_threats_resolved.png

 

Please elaborate more on what doesn't work for you. We will consider resolving found threats automatically if running a full disk scan doesn't yield any active threats.

 

 

I will test it the next time, actually no active threads (and yes i mean active threads and not the other "counter" and the Client was cleaned by eras)

It could be, a bug of the old Version (i update the Server and the Test Clients after this appears the first time)

Edited July 7, 2015 by HSW

[JeremyT 0]

I am having an issue with a few of our clients as well. Basically we work to let ESET clean the infection and if that does not work we clean it manually. After this I always use the ERA to start an in-depth scan on the computers. In the past this has cleared threats off of the "Active Threats" report on the dashboard, but lately it has not been clearing them. I go to the file path that the Active Threats report has listed as well and none of these files are there. Nevertheless, these locations and files are continuing to be reported in the active threats report.

[Marcos 5,074]

Could you confirm that the in-depth scans were actually run, completed successfully, no threats were found and agents running on the clients have connected to ERAS after the scan completed? Could you post a screen shot of the window that still shows active threats on those clients?

[JeremyT 0]

Marcos, my apologies for the late response. Here are some screen shots of what I am seeing.

The first clip is what we are seeing in the ERA Active Threats log. Next you can see the In-Depth scan that we ran along with the execution results. Afterwards I checked the scan results on the computer itself and we can see it shows no infected files, but it is still not clearing from the active threats log on the ERA.

Edited July 21, 2015 by JeremyT

[ben.white 2]

I recently managed to get all managed computers down to 0 active threats by manually cleaning PCs and running scans from the ERA console however the Threats list still shows 999+ threats, is this intended to just be a historical list or is there some way to remove them other than the mute option?

 

Edited July 21, 2015 by ben.white

[RvW 6]

Is there any news on this topic?

 

We are having the same problem challenge.

[RvW 6]

If the threat records in the threat logs can be muted (marked as resolved) manually, and they will not be red anymore, does this mean you have to manually do this for 999+ threats or can this be done through a policy? If so how?

[Marcos 5,074]

If the threat records in the threat logs can be muted (marked as resolved) manually, and they will not be red anymore, does this mean you have to manually do this for 999+ threats or can this be done through a policy? If so how?

 

No. Running a scan with cleaning from the ERA console should clean the number of unresolved threats if no threats are found during the scan or if all detected threats have been cleaned. Do you mean that you have done that, no threats were found but unresolved threats are still reported?