locked
ForeFront Client Automated Virus removal RRS feed

  • Question

  • Hi all, I am a newbie here and I am having trouble with all the machines that I have deployed FF to.
    Well the Issue is apparently the ForeFront client does find viruses but does not remove them automatically, each time it finds a virus the user has to right click on the system tray Icon and choose "take recommended actions".

    Does someone know how to make Forefront client remove the virus automatically after it finds the virus.

    Really confused here since I have added a policy override to remove anything that is "severe" and tried the Eicar test virus but it detects the Eicar as severe but does not delete it automatically.

    Your help is greatly appreciated
    Tuesday, December 29, 2009 10:46 AM

Answers

  • Hi!

    This is the way it works:

    The malware is immediately suspended. This means that it is harmless to the system.
    After a non-configurable time of 10 minutes it will automatically take recommended action. (default recommended action to each threat is defined in the definition file).
    or, like you said, the user can take action.

    /Johan
    MCSE, forefront spec | www.msforefront.com
    • Marked as answer by Nick Gu - MSFT Saturday, January 2, 2010 1:43 PM
    Tuesday, December 29, 2009 7:05 PM

All replies

  • Hi!

    This is the way it works:

    The malware is immediately suspended. This means that it is harmless to the system.
    After a non-configurable time of 10 minutes it will automatically take recommended action. (default recommended action to each threat is defined in the definition file).
    or, like you said, the user can take action.

    /Johan
    MCSE, forefront spec | www.msforefront.com
    • Marked as answer by Nick Gu - MSFT Saturday, January 2, 2010 1:43 PM
    Tuesday, December 29, 2009 7:05 PM
  • Hello,

    I have wondered this as well. So if I set an override to Remove it will Remove the threat after 10 minutes, is there anything which can be set so the user does not have any input when a threat is detected and that it wont alert the user.

    The reason for this is that we are having quite a few calls and we have set the overrides up and that they can only remove the threat. So if the system tray icon goes red with an X and then in 10 minutes it will automatically get removed and there will be no user popup?

    Could someone confirm this is the case?

    Many Thanks

    Thursday, April 7, 2011 10:47 AM