obrandt 0 Posted June 19, 2015 Share Posted June 19, 2015 We have 30+ false positive threat alerts in our ERAS 6; how do I clear all those alerts out? Link to comment Share on other sites More sharing options...
bbraunstein 27 Posted June 19, 2015 Share Posted June 19, 2015 I believe the only way to "clear" the logs is to rescan the devices. In your case, you may need to create an exclusion for the false positive, wait for the policy to update across your devices, and then do another scan. Link to comment Share on other sites More sharing options...
obrandt 0 Posted June 22, 2015 Author Share Posted June 22, 2015 Within the 'computers' view the threat badges have cleared. Under the 'Threats' tab the console still shows all of the false positives. Wondering how to clear that out. Wondering at this point if the Threats tab is basically considered an archival log and I would need to delete my logs? Also, exclusions don't work for me. I've excluded the directory where the Endpoint product is saying there's an 'unwanted application', done a rescan multiple times and it still pops up. I had to completely turn off Enable detection of potentially unwanted applications, Enable detection of potentially unsafe applications, and Enable detection of suspicious applications in my policy to get it to stop. So as far as i can tell exclusions are broken in ERAS 6 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,399 Posted June 22, 2015 Administrators Share Posted June 22, 2015 To clear the number of active threats reported by ERA, the following conditions must be fulfilled: - the scan must be run from ERA - in-depth scan profile must be used - no active threats must be found. That said, the easiest way how to accomplish that is running a scan from the Threats pane or from the Computers pane but in this case you'll need to make sure that cleaning is enabled. Link to comment Share on other sites More sharing options...
Mikespo 0 Posted July 23, 2015 Share Posted July 23, 2015 What about Firewall threats, such as 'Detected covert channel exploit in ICMP packet'? How do you clear those out? Link to comment Share on other sites More sharing options...
Recommended Posts