RE: Quick Norton AV question
From: O'Reilly, Tom (oreilt@jacobsons.com)Date: 09/21/01
- Previous message: Hernan Moya: "RE: EVENT ID 1000 and 1202 events in Application Log after import ing a security template"
- Maybe in reply to: Gullett, Chris: "RE: Quick Norton AV question"
- Next in thread: Robert Clark: "RE: Quick Norton AV question"
- Next in thread: Hillensbeck, Preston: "RE: Quick Norton AV question"
- Reply: Robert Clark: "RE: Quick Norton AV question"
- Reply: Patrick Andry: "Re: Quick Norton AV question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <BF47093ACF37D4119A9000A0C9B41DE00213BFAB@email.jacobsons.com> From: "O'Reilly, Tom" <oreilt@jacobsons.com> To: "'Kinsey, Robert'" <Robert.Kinsey@Veridian.com>, "'Gullett, Chris '" <Chris.Gullett@anchorgaming.com>, "''Panger, Erick' '" <erick.panger@trueposition.com>, "''focus-ms@securityfocus.com' '" <focus-ms@securityfocus.com> Subject: RE: Quick Norton AV question Date: Fri, 21 Sep 2001 17:01:37 -0400
Since we're taking Norton here maybe someone can help me. I use Norton Corp
Ed 7.51 on my clients and I have certain clients that always seem to have a
status of virus found in SSC. I reset the status, but soon they end up
virus found again. If I do a complete scan of their hard drive including
the quarantine from my machine they have no infected files. Also the log
will show the virus being found several times with the action being left
alone in every instance. I find this weird, because I have clean as the
primary action and quarantine as the secondary so I don't understand why it
could be left alone. I search their hard drive for the file listed and it
isn't there anywhere. What am I missing here?
Thanks,
Tom
-----Original Message-----
From: Kinsey, Robert [mailto:Robert.Kinsey@Veridian.com]
Sent: Friday, September 21, 2001 2:16 PM
To: 'Gullett, Chris '; ''Panger, Erick' '; ''focus-ms@securityfocus.com'
'
Subject: RE: Quick Norton AV question
Chris wrote...
>Norton Corp Ed quarantined the file the first time it was found. Then a
>definition update came in, which scans the quarantine folder to see if
>any files in quarantine can now be cleaned and restored. Since the file >in
quarantine could not be cleaned it was "Left Alone".
And this will also generate another alert and listing in the Virus History
(both on the client AND on the SSC if used).
>This will happen every time a definition comes in until you either
>delete the file from quarantine or it's cleaned and restored.
>When you run a manual scan the quarantine folder is NOT scanned.
Once you have scanned and ensured you are not infected (hopefully) you can
delete from the Quarantine folder. If an essential file is in there you
haven't been using it any way and it should not be used either. This will
remove a file the AV cannot clean. Also, if you are using the SSC you
should also remove the virus status off the client and Parent.
Good luck.
rob
- Previous message: Hernan Moya: "RE: EVENT ID 1000 and 1202 events in Application Log after import ing a security template"
- Maybe in reply to: Gullett, Chris: "RE: Quick Norton AV question"
- Next in thread: Robert Clark: "RE: Quick Norton AV question"
- Next in thread: Hillensbeck, Preston: "RE: Quick Norton AV question"
- Reply: Robert Clark: "RE: Quick Norton AV question"
- Reply: Patrick Andry: "Re: Quick Norton AV question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
