AMelein 0 Posted April 19, 2016 Posted April 19, 2016 We're busy rolling out eras 6 with the v6 client and finding ourselves running after a lot of bogus alarms about how things supposedly aren't working or running yet on the client everything is green. I'm assuming this is ERA not clearing the warnings as being solved, is there a way to force it to dump the whole workstation and fetch a fresh status from the client ? I'm not sure what kind of effect deleting a workstation has on the agent.
Administrators Marcos 5,741 Posted April 19, 2016 Administrators Posted April 19, 2016 Do you mean that some threats were detected and they are reported as unresolved in the ERA console? To clear active threats, you must initiate an on-demand scan with cleaning from the ERA console (ideally with cleaning mode set to strict cleaning). Threat resolution is a manual process. If you are sure that particular threats have been dealt with, mark them as resolved.
Palps 3 Posted May 2, 2016 Posted May 2, 2016 (edited) Hi, I have exactly the same issue. We are currently enrolling ESET v6 and a lot of false positives are detected but some of them are shown in the "Active Threats" report. I don't want to run a full scan on this server because this is our client backup server with many TB of data so this takes very long. They are still displayed in the Active Threats report if I select "Mark as resolved". Is there a manual way to clean out the Active Threats report without running a full scan? Thanks! Edited May 2, 2016 by Palps
ESET Staff MichalJ 434 Posted May 2, 2016 ESET Staff Posted May 2, 2016 Hello, active threats report informs about what is on the machine and was not cleaned by ESET product so it represents a potential security risk. As of now, the only way how to get rid of the threat from "Active Threats" report is by executing a in-depth scan with cleaning enabled.
Palps 3 Posted May 2, 2016 Posted May 2, 2016 Okay, what happens if I added a path to the exceptions between the detection and the in-depth scan? Are they still displayed or will the threats disappear from the Active Threats list?
ESET Staff MichalJ 434 Posted May 2, 2016 ESET Staff Posted May 2, 2016 They will be still displayed, as the log does not re-evaluate itself by current policy settings.
Palps 3 Posted May 2, 2016 Posted May 2, 2016 So I have to remove the exceptions, do an in-depth scan via the console and wait for the threats to disappear? That's quite complicated and uncomfortable. I think I wont use the preconfigured Active Threats report. Will create my own one and filter by "Threat resolved" yes or no. By the way, why can't I add a filter to the preconfigured Active Threats report to show only threats which are not marked as resolved? (Threat.Resolved = Yes/No). Don't see this option. By creating an own report, so not using the preconfigured one, I can choose this filter. Apart from that, thank you for your information.
Recommended Posts