Long story short, clicked on a link I shouldn't have, Symantec Endpoint detected and blocked a malware infection (smg.heur gen) . After it reviewed the file, it was determined a threat. I looked in the risk details, the action taken was "Cleaned by deletion" (as said under corrective action) with the remediation status as Successful. In the action Description it even says it was deleted successfully. However, I look over in the left hand side it says its current location is where it was originally with status still as "infected" . It is also still in my Quarantine with status as infected. I downloaded Norton power eraser, and ran a system scan from under advance and nothing came up. I still need to reboot for the scan now option, but I intend to do that after I type this. If I delete if from my quarantine am I all clear or is there anything else i should do?
Hello ARandomDuck
Since this is the Forum for Home Computers, we are not as familiar as how the Endpoint programs work. For better exposure, you should post your issue in the location that SendOfJive provided.
Thanks.
To me this looks like the file has been isolated by the Quarantine feature, I suggest making sure your protection is up to date, do a full scan, then clear the Quarantine. If you are not noticing any other unusual activity you should be fine. Also, as a secondary precaution I suggest backing up your important files.
Now, If I understand your help as well as the links you posted , I should be Malware free, right (screen shot below)? The action take was clean by deletion and the remediation status was successful. I sometimes need a second opinion on things. I feel real stupid. I had no idea that Symantec created a backup in quarantine on the off chance that its a legit file, hence why the file type is listed as BACKUP in quarantine. I think I just got a little bit paranoid when I saw something in quarantine and when I double clicked it ( the one on the right) I saw status as infected and got worried.
Thanks for your help.
For questions concerning SEP, you should post to the enterprise product forum:
https://www.symantec.com/connect/security/forums/endpoint-protection-antivirus
@ARandomDuck:
What did the Status tab say? "Your Computer is protected."?
Then, look into View Quarantine. What does the Action tab behind the detection say? Quarantined? - Plz refer to the below img.
Then, you double-click on the quarantined "smg.heur gen" and take a closer look@ Risk Details. Can you read the following info?
- Primary action: Clean security risk
- Secondary action: Quarantine
- Action taken: Quarantined
For instance... did you see similar info as follows?
If so, take it easy and, your PC or server is still protected.
Further, you may submit quarantined items to Symantec; then you may remove that item later.
Re-run LiveUpdate, then re-scan your system.
If you're still new to SEP, plz review the below pages.
- System requirements for Endpoint Protection 14
- System Requirements for Symantec Endpoint Protection 12.1.6
- System requirements for Endpoint Protection 12.1.2 and 12.1.3
And, if you're running a PC only, you may consider uninstalling your SEP via PowerShell, if the common uninstall methods do not work for U. Then, reuse other Norton product (e.g., Norton Security Premium) that works for you.
For more info, plz pay a visit to forums@ Symantec Connect.
Thx :)
References: install and configure Symantec Endpoint Protection for Windows