Active Threats - ERA In-Depth scan not clearing threats

[mstroud_pfi 0]

Hello,

 

I received a few alerts for Winzip on a particular computer.  It's been recently removed and I started a new In-Depth Scan with cleaning from ERA.  The scan finished and nothing was detected.  Am I doing something wrong?  The active threats are still showing.

 

Thanks,

Matt

[Marcos 5,070]

Do you really mean active and not unresolved threats? Active threats should be removed in the ERA console if you initiate an in-depth scan from ERA. We recommend using strict cleaning mode, otherwise potentially unsafe/unwanted application, uncleanable files infected with a virus or archives containing also clean files besides malware will not be removed automatically (in standard cleaning mode, the user must select the desired action).

[mstroud_pfi 0]

Yes, these are active and unresolved threats.  I see 14 alerts that do not clear after a successful scan from the ERA console.

 

"We recommend using strict cleaning mode, otherwise potentially "

 

How do I specify "Strict Cleaning Mode" from the console?  I created a new On-Demand scanning task with "Scan with cleaning".  Are the settings you suggested defined in the policy?  If so, do I change the the settings in policy and then do a new on-demand task from the ERA?

[Marcos 5,070]

Can't think of an easier one-step solution so I'd suggest:
1, creating and applying a policy that will change cleaning mode for the In-depth scan profile from standard cleaning to strict cleaning
2, once the policy has been applied, create a new on-demand scan task for the client(s) that will have cleaning enabled and will use the In-depth scan profile.

[mstroud_pfi 0]

Marcos,

 

So I followed your steps above but it did not resolve the issue.  I still see 14 unresolved threats after a successful scan with no detection. 

[MichalJ 434]

Hello, basically, you have two ways how threats are reported:

1. Threats "TAB" (menu item in the left-side menu in ERA). This one is basically "threat log" meaning, all detection are transferred here, with there respective time stamp.
   1. Only way how to "get rid of the alert" from this part, is to manually mark those as resolved. That will decrease the "unresolved threat" count in the computers TAB, and also the alert counter in the threats tab
   2. If you then execute another on demand scan, it won´t trigger another entry in the Threats TAB.
2. Active Threats report / dynamic group (this one is reporting the last state of the particular threat)
   1. Only way how to "get rid of the alert" from this report / computer presence in dynamic group, is to trigger an in-depth scan with strict cleaning. You can adjust your scanning profile by the steps provided by Marek above.
   2. If you then execute this on-demand scan, the threats will be removed from the report, and also computer will not be present in the dynamic group "active threats"

But what I have understood from what you were writing in your post, you want to get rid of the alerts from the "Threats Tab", so the first 2 steps are valid for you.