Jump to content

Recommended Posts

Posted

We're busy rolling out eras 6 with the v6 client and finding ourselves running after a lot of bogus alarms about how things supposedly aren't working or running yet on the client everything is green.

I'm assuming this is ERA not clearing the warnings as being solved, is there a way to force it to dump the whole workstation and fetch a fresh status from the client ?

I'm not sure what kind of effect deleting a workstation has on the agent.

  • Administrators
Posted

Do you mean that some threats were detected and they are reported as unresolved in the ERA console? To clear active threats, you must initiate an on-demand scan with cleaning from the ERA console (ideally with cleaning mode set to strict cleaning).

Threat resolution is a manual process. If you are sure that particular threats have been dealt with, mark them as resolved.

  • 2 weeks later...
Posted (edited)

Hi,

 

I have exactly the same issue. We are currently enrolling ESET v6 and a lot of false positives are detected but some of them are shown in the "Active Threats" report.

I don't want to run a full scan on this server because this is our client backup  server with many TB of data so this takes very long.

 

They are still displayed in the Active Threats report if I select "Mark as resolved".

 

Is there a manual way to clean out the Active Threats report without running a full scan?

 

Thanks!

Edited by Palps
  • ESET Staff
Posted

Hello, active threats report informs about what is on the machine and was not cleaned by ESET product so it represents a potential security risk. 

As of now, the only way how to get rid of the threat from "Active Threats" report is by executing a in-depth scan with cleaning enabled.

Posted

Okay, what happens if I added a path to the exceptions between the detection and the in-depth scan?

Are they still displayed or will the threats disappear from the Active Threats list?

  • ESET Staff
Posted

They will be still displayed, as the log does not re-evaluate itself by current policy settings.

Posted

So I have to remove the exceptions, do an in-depth scan via the console and wait for the threats to disappear?

That's quite complicated and uncomfortable.

 

I think I wont use the preconfigured Active Threats report. Will create my own one and filter by "Threat resolved" yes or no.

 

By the way, why can't I add a filter to the preconfigured Active Threats report to show only threats which are not marked as resolved? (Threat.Resolved = Yes/No).

Don't see this option. By creating an own report, so not using the preconfigured one, I can choose this filter.

 

Apart from that, thank you for your information.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...