Jump to content

Archived

This topic is now archived and is closed to further replies.

Raymond

Clearing "Unresolved Threats"

Recommended Posts

Hi, we recently deployed ESET 6.  Our ERA server is running 6.2, but clients are still on 6.1.  One of the PCs we deployed to had a few thousand threats found (multiple files belonging to the same dodgy software).  We cleaned it up and ran another full scan which reported it as clean.  However, the PC is still showing as having thousands of unresolved threats in ERA.  I don't want to have to mark them as resolved one by one.  How can i force the client to tell ERA that it no longer has any threats?  We have a number of PCs in the same situation.

Share this post


Link to post
Share on other sites

It's not clear how you performed the cleaning. The scan (with cleaning) must be run from ERA and the In-depth scan profile must be used. Of course, all found threats must be cleaned for the threats to become resolved in the ERA console.

Share this post


Link to post
Share on other sites

Thanks for the reply Marcos.  For the PC with thousands of threats, I kicked off the scan manually on the PC after removing some dodgy software and deleting some old user profiles.  Should i kick off another full scan (in depth, with cleaning) from the ERA console against that PC to get it to update its status in ERA to zero unresolved threats?

Share this post


Link to post
Share on other sites

The in-depth scan with cleaning that i kicked off from ERA completed successfully.  However the unresolved threats have not cleared.  If I look at the threats and look at the Occurred column, none of them are from yesterday so it seems the old threats are not being removed.  How can i remove them?  I can't click through 4000+ of them to remove them.  Also is there any way to see the results of a full scan from the ERA console?  I can see that the scan was successful but I can't see where to check if any new threats were found.

Share this post


Link to post
Share on other sites

Please open a standard support ticket as this will need to be looked at by ERA developers. What you could try beforehand is running an in-depth scan again but now with cleaning level set to strict cleaning so that potentially unwanted applications are removed without asking for an action at the end of the scan.

Share this post


Link to post
Share on other sites

Any further information on this?  I'm experiencing the exact same thing with several systems.

 

I've manually deleted the detected items (found in a user's IE cache), re-run the scan with in-depth scan with cleaning enabled. Scan has completed successfully multiple times, nothing detected in the last few days. However, system still shows with over 100 Active Threats.

Share this post


Link to post
Share on other sites

Hi j-gray, no progress i'm afraid.  I've had my hands full and haven't had a chance to log a support call with ESET for this.

Share this post


Link to post
Share on other sites

anything new regarding this @Raymond?

Share this post


Link to post
Share on other sites

To put it right - running an in-depth scan with strict cleaning from the ERA console will clear active threats, ie. such computers will lose membership in the Active threats dynamic group. However, marking threats as resolved is a manual process - open the Threats pane, use a filter to show computers with unresolved threats, mark them all and click "Mark as resolved". My understanding is that if threats were resolved automatically, it would be more difficult for an administrator to notice that a threat was detected on particular computers. 

Share this post


Link to post
Share on other sites

@Marcos,

not sure i follow,

for the sake of a proper example, i have\had a computer with a "potentionally unsafe program" on the computer, the item was deleted a long time before i noticed the threat (which has remained active and in an alarming "Red" status.

I ran the in-depth with cleaning scan option from ERA which i confirmed to be running on the machine.

even though it finished the run, the threats didn't get resolve dautomatically, I had to resolve it myself, and yet they remain in the threat window. (which doesn't help, as the list now hold over 3k of alerts.

 

is there any way to remove these old threats?

 

Regards.

 

Aviel

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...