Jump to content

Clearing "Unresolved Threats"


Raymond
 Share

Recommended Posts

Hi, we recently deployed ESET 6.  Our ERA server is running 6.2, but clients are still on 6.1.  One of the PCs we deployed to had a few thousand threats found (multiple files belonging to the same dodgy software).  We cleaned it up and ran another full scan which reported it as clean.  However, the PC is still showing as having thousands of unresolved threats in ERA.  I don't want to have to mark them as resolved one by one.  How can i force the client to tell ERA that it no longer has any threats?  We have a number of PCs in the same situation.

Edited by Raymond
Link to comment
Share on other sites

  • Administrators

It's not clear how you performed the cleaning. The scan (with cleaning) must be run from ERA and the In-depth scan profile must be used. Of course, all found threats must be cleaned for the threats to become resolved in the ERA console.

Link to comment
Share on other sites

Thanks for the reply Marcos.  For the PC with thousands of threats, I kicked off the scan manually on the PC after removing some dodgy software and deleting some old user profiles.  Should i kick off another full scan (in depth, with cleaning) from the ERA console against that PC to get it to update its status in ERA to zero unresolved threats?

Link to comment
Share on other sites

The in-depth scan with cleaning that i kicked off from ERA completed successfully.  However the unresolved threats have not cleared.  If I look at the threats and look at the Occurred column, none of them are from yesterday so it seems the old threats are not being removed.  How can i remove them?  I can't click through 4000+ of them to remove them.  Also is there any way to see the results of a full scan from the ERA console?  I can see that the scan was successful but I can't see where to check if any new threats were found.

Link to comment
Share on other sites

  • 2 weeks later...
  • Administrators

Please open a standard support ticket as this will need to be looked at by ERA developers. What you could try beforehand is running an in-depth scan again but now with cleaning level set to strict cleaning so that potentially unwanted applications are removed without asking for an action at the end of the scan.

Link to comment
Share on other sites

  • 2 weeks later...

Any further information on this?  I'm experiencing the exact same thing with several systems.

 

I've manually deleted the detected items (found in a user's IE cache), re-run the scan with in-depth scan with cleaning enabled. Scan has completed successfully multiple times, nothing detected in the last few days. However, system still shows with over 100 Active Threats.

Link to comment
Share on other sites

  • 5 months later...
  • Administrators

To put it right - running an in-depth scan with strict cleaning from the ERA console will clear active threats, ie. such computers will lose membership in the Active threats dynamic group. However, marking threats as resolved is a manual process - open the Threats pane, use a filter to show computers with unresolved threats, mark them all and click "Mark as resolved". My understanding is that if threats were resolved automatically, it would be more difficult for an administrator to notice that a threat was detected on particular computers. 

Link to comment
Share on other sites

@Marcos,

not sure i follow,

for the sake of a proper example, i have\had a computer with a "potentionally unsafe program" on the computer, the item was deleted a long time before i noticed the threat (which has remained active and in an alarming "Red" status.

I ran the in-depth with cleaning scan option from ERA which i confirmed to be running on the machine.

even though it finished the run, the threats didn't get resolve dautomatically, I had to resolve it myself, and yet they remain in the threat window. (which doesn't help, as the list now hold over 3k of alerts.

 

is there any way to remove these old threats?

 

Regards.

 

Aviel

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...