none
SCEP Scan via network remediated (removed), but files still exist on host. Now, not getting picked up as infected

    Question

  • One system was used to scan another via network mapped drive.  Virus found.

    Initially, the scan policy was set to quarantine.  READ access was in place to the shared folder location. 

    SCEP reports show that remediation occurred...  Though no action was actually possible given READ only access.

    Next, the scan was run with policy set to REMOVE.  FULL Access was in place to the shared folder location

    After the scan, the files are still on the remote system and now are NOT being detected as infected via scans from initial and third system.  Additionally, only the initial scan information made it into CM reports...

    Modified dates on infected system don't show that files were recently modified... would this change anyhow

    If SCEP is trying to remove, but can't for whatever reason... will it attempt to clean it? 

    If it doesn't have access to take action due to permissions, will it THINK that it accomplished the goal and ignore files going forward?

    thank you in advance,


    Jay D

    • Moved by Torsten [MVP]MVP Wednesday, October 16, 2013 2:12 PM moved to Security & Compliance
    Wednesday, October 16, 2013 1:56 PM

Answers

  • Ok, I know this is an old post, I'm just trying to clean them up.

    I'm a bit confuse, IF SCEP can't remove the file (aka need full access to the file), How can SCEP possible clean a file that it can't remove (aka have full access to the file)?  What am I missing? Why do you think it should work on one method if it doesn't work on the other?


    http://www.enhansoft.com/

    Saturday, November 02, 2013 1:42 PM
    Moderator

All replies