Clearing "Unresolved Threats"

[Raymond 0]

Hi, we recently deployed ESET 6.  Our ERA server is running 6.2, but clients are still on 6.1.  One of the PCs we deployed to had a few thousand threats found (multiple files belonging to the same dodgy software).  We cleaned it up and ran another full scan which reported it as clean.  However, the PC is still showing as having thousands of unresolved threats in ERA.  I don't want to have to mark them as resolved one by one.  How can i force the client to tell ERA that it no longer has any threats?  We have a number of PCs in the same situation.

[Marcos 3,402]

It's not clear how you performed the cleaning. The scan (with cleaning) must be run from ERA and the In-depth scan profile must be used. Of course, all found threats must be cleaned for the threats to become resolved in the ERA console.

[Raymond 0]

Thanks for the reply Marcos.  For the PC with thousands of threats, I kicked off the scan manually on the PC after removing some dodgy software and deleting some old user profiles.  Should i kick off another full scan (in depth, with cleaning) from the ERA console against that PC to get it to update its status in ERA to zero unresolved threats?

[Raymond 0]

The in-depth scan with cleaning that i kicked off from ERA completed successfully.  However the unresolved threats have not cleared.  If I look at the threats and look at the Occurred column, none of them are from yesterday so it seems the old threats are not being removed.  How can i remove them?  I can't click through 4000+ of them to remove them.  Also is there any way to see the results of a full scan from the ERA console?  I can see that the scan was successful but I can't see where to check if any new threats were found.

[Raymond 0]

Bump...

[Marcos 3,402]

Please open a standard support ticket as this will need to be looked at by ERA developers. What you could try beforehand is running an in-depth scan again but now with cleaning level set to strict cleaning so that potentially unwanted applications are removed without asking for an action at the end of the scan.

[Raymond 0]

No problem, will do, thanks.

[j-gray 13]

Any further information on this?  I'm experiencing the exact same thing with several systems.

 

I've manually deleted the detected items (found in a user's IE cache), re-run the scan with in-depth scan with cleaning enabled. Scan has completed successfully multiple times, nothing detected in the last few days. However, system still shows with over 100 Active Threats.

[Raymond 0]

Hi j-gray, no progress i'm afraid.  I've had my hands full and haven't had a chance to log a support call with ESET for this.

[avielc 12]

anything new regarding this @Raymond?

[Marcos 3,402]

To put it right - running an in-depth scan with strict cleaning from the ERA console will clear active threats, ie. such computers will lose membership in the Active threats dynamic group. However, marking threats as resolved is a manual process - open the Threats pane, use a filter to show computers with unresolved threats, mark them all and click "Mark as resolved". My understanding is that if threats were resolved automatically, it would be more difficult for an administrator to notice that a threat was detected on particular computers. 

[avielc 12]

@Marcos,

not sure i follow,

for the sake of a proper example, i have\had a computer with a "potentionally unsafe program" on the computer, the item was deleted a long time before i noticed the threat (which has remained active and in an alarming "Red" status.

I ran the in-depth with cleaning scan option from ERA which i confirmed to be running on the machine.

even though it finished the run, the threats didn't get resolve dautomatically, I had to resolve it myself, and yet they remain in the threat window. (which doesn't help, as the list now hold over 3k of alerts.

 

is there any way to remove these old threats?

 

Regards.

 

Aviel