• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Question on understanding Risk Details

Long story short, clicked on a link I shouldn't have, Symantec Endpoint detected and blocked a malware infection (smg.heur gen) . After it reviewed the file, it was determined a threat. I looked in the risk details, the action taken was "Cleaned by deletion" (as said under corrective action) with the remediation status as Successful. In the action Description it even says it was deleted successfully. However, I look over in the left hand side it says its current location is where it was originally with status still as "infected" . It is also still in my Quarantine with status as infected. I downloaded Norton power eraser, and ran a system scan from under advance and nothing came up. I still need to reboot for the scan now option, but I intend to do that after I type this. If I delete if from my quarantine am I all clear or is there anything else i should do?

Labels: Quarantine, Virus

Replies

Kudos0

Re: Question on understanding Risk Details

@ARandomDuck:

What did the Status tab say? "Your Computer is protected."?

Then, look into View Quarantine. What does the Action tab behind the detection say? Quarantined?  - Plz refer to the below img.

Then, you double-click on the quarantined "smg.heur gen" and take a closer look@ Risk Details. Can you read the following info?

  • Primary action: Clean security risk
  • Secondary action: Quarantine
  • Action taken: Quarantined

For instance... did you see similar info as follows?

 If so, take it easy and, your PC or server is still protected.

Further, you may submit quarantined items to Symantec; then you may remove that item later.

Re-run LiveUpdate, then re-scan your system.

If you're still new to SEP, plz review the below pages.

And, if you're running a PC only, you may consider uninstalling your SEP via PowerShell, if the common uninstall methods do not work for U. Then, reuse other Norton product (e.g., Norton Security Premium) that works for you.

For more info, plz pay a visit to forums@ Symantec Connect.

Thx :)

References: install and configure Symantec Endpoint Protection for Windows

PUP Hunter PRO: Just TRYING to save the world (U) from cyber threats, A single blog post, at a time, and ONCE & FOR ALL. (A fan of Nadia_Kovacs)
Kudos2 Stats

Re: Question on understanding Risk Details

For questions concerning SEP, you should post to the enterprise product forum:
https://www.symantec.com/connect/security/forums/endpoint-protection-ant...

Kudos0

Re: Question on understanding Risk Details

Now, If I understand your help as well as the links you posted , I should be Malware free, right (screen shot below)? The action take was clean by deletion and the remediation status was successful.   I sometimes need a second opinion on things. I feel real stupid. I had no idea that  Symantec created a backup in quarantine on the off chance that its a legit file, hence why the file type is listed as BACKUP in quarantine. I think I just got a little bit paranoid when I saw something in quarantine and when I double clicked it ( the one on the right) I saw status as infected and got worried.Thanks for your help.

Kudos0

Re: Question on understanding Risk Details

To me this looks like the file has been isolated by the Quarantine feature, I suggest making sure your protection is up to date, do a full scan, then clear the Quarantine.  If you are not noticing any other unusual activity you should be fine.  Also, as a secondary precaution I suggest backing up your important files.

Kudos0

Re: Question on understanding Risk Details

Hello ARandomDuck

Since this is the Forum for Home Computers, we are not as familiar as how the Endpoint programs work. For better exposure, you should post your issue in the location that SendOfJive provided.

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NSBU 22.17.0.183 Core Firmware 282 I E 11 Chrome latest version.

This thread is closed from further comment. Please visit the forum to start a new thread.