• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Processing Unresolved Risks

I just ran a full scan on my Mac. Norton indicated 14 issues found. All of them were  located on the backup drive. The Virus scan results indicate they are all viruses (JS.Downloader x 4; Trojan.Gen.NPE x 3; JS.Nemucod x 5; Trojan.Gen.6 x 1; JS.Downloader.D x 2).

Virus scan results indicate that Norton cannot delete the items, cannot report them, and cannot quarantine them, so they appear in the Unresolved Risks window of Security History. 

I searched the file path indicated in the Unresolved Risks window to look for the files in the backup drive, and on the hard drive to see if I could locate the original offending downloads, but I could not find either. 

I tried to export all the items from Unresolved Risks to Quarantine, but the Export function does not work. I also could not print the list of Unresolved Risks.

4 questions:

  1. How can I delete these items or at least move them over to quarantine?
  2. Does placing the items in Unresolved Risks remove them from their previous location?
  3. Do items in the Unresolved Risks window continue to pose a threat?
  4. Why won't the Export and Print functions work?

Replies

Kudos0

Re: Processing Unresolved Risks

Hi @TRL16

when you say "backup drive", do you mean time machine or separate drive in your mac?If you can't export them could you please print screen them to see exactly what they are? If you highlight one of the risks ,and you forllow the "Recommended Action" in the "Details pane" what happens?

Kudos0

Re: Processing Unresolved Risks

Thank you.

  1. Time Machine backs up to an external drive, in my case, Drive G:
  2. 2 screen shots attached:
    1. Unresolved Risks View (Screen Shot 1).
    2. Threat Detections View (Screen Shot 2).
  3. After the Scan:
    1. I do not get a "Recommended Action" response; just a status that indicates the file cannot be deleted (Screen Shot 3).
    2. The Delete button is activated, but clicking on it results in an error message (Screen Shot 4).
Kudos0

Re: Processing Unresolved Risks

Hi @TRL16

All the detections are for email attachments that have been backed up with time machine. Norton is scanning the content of "backups.backupdb" (timemachine) and find the issues under "Library/Mail". You can also see that some of the files are "emlx" extension which is apple formal related to emails (http://www.reviversoft.com/file-extensions/emlx)

If you want to navigate to the specific folder you will have to go to the actual backups.backupdb and right click "view content". What most likely happened is that at some point in the past you had emails with attachment that symantec is now detecting as malicious

There is no action for you to take as the files are not live in your system anymore (just at the timemachine backup). if you do not want to have those entries in the security history you can select "clear entries" from the menu and remove them. To answer your questions:​

How can I delete these items or at least move them over to quarantine?

No need as they do not pose security concern . You can either locate the specific timemachine mackup instance and browse to it and remove the files one by one OR delete the specific timemachine backup and create another one

Does placing the items in Unresolved Risks remove them from their previous location?

No it doesn't  

Do items in the Unresolved Risks window continue to pose a threat?

If you were to restore from time machine probably yes. I would personally delete the specific timemachine (as it was dated 26-8-2016) assuming no important files are there and just create a new one

Why won't the Export and Print functions work?

I do not use norton for mac so I use downloaded it and fire a vmwage and it seems to export the logs fine for me (running the latest version). do you get the prompt as attached when choosing to export?

Kudos0

Re: Processing Unresolved Risks

Thank you. 

I do have one follow-up question:

You wrote:

  • "You can either locate the specific timemachine mackup instance and browse to it and remove the files one by one..."

I attempted to locate the individual files in the backups as identified, but they were not there. For example, with the first entry in Screen Shot 1, the folder "Library" does not exist in that location in the backup. There is a Library folder, but it is not in the same location, and it does not contain that file indicated in the path identified in the scan. 

The same thing happened when I looked for several of the other identified files...the paths identified int he scan do not exits in the backup. 

Do you have any idea why this might be happening?

Kudos0

Re: Processing Unresolved Risks

Did you manually browse to the files or using timemachine from the mac OS?keep in mind that this is a historic backup from 2016 (Just make sure you are reviewing the correct backup ) Could you please mark the post which gave you the solution so that others will know it's solved and will quickly be able to find the solved post.