How to clear out threat alerts in ERAS 6

[obrandt 0]

We have 30+ false positive threat alerts in our ERAS 6; how do I clear all those alerts out?

[bbraunstein 27]

I believe the only way to "clear" the logs is to rescan the devices. In your case, you may need to create an exclusion for the false positive, wait for the policy to update across your devices, and then do another scan.

[obrandt 0]

Within the 'computers' view the threat badges have cleared.  Under the 'Threats' tab the console still shows all of the false positives.  Wondering how to clear that out.  Wondering at this point if the Threats tab is basically considered an archival log and I would need to delete my logs?

 

Also, exclusions don't work for me.  I've excluded the directory where the Endpoint product is saying there's an 'unwanted application', done a rescan multiple times and it still pops up. I had to completely turn off Enable detection of potentially unwanted applications, Enable detection of potentially unsafe applications, and Enable detection of suspicious applications in my policy to get it to stop. 

So as far as i can tell exclusions are broken in ERAS 6

[Marcos 5,072]

To clear the number of active threats reported by ERA, the following conditions must be fulfilled:

- the scan must be run from ERA

- in-depth scan profile must be used

- no active threats must be found.

 

That said, the easiest way how to accomplish that is running a scan from the Threats pane or from the Computers pane but in this case you'll need to make sure that cleaning is enabled.

[Mikespo 0]

What about Firewall threats, such as 'Detected covert channel exploit in ICMP packet'? How do you clear those out?