topic Dealing with a malware infection issue in Endpoint

Dealing with a malware infection issue

m25487 — Tue, 08 Mar 2022 08:42:14 GMT

Hello,

we have recently been using the EPS 86.20 Client.
In order to test the correct functionality of the virus protection, we downloaded the EICAR test virus.
The EPS detects the malware but takes no action. In this case, the file should be quarantined if a cure cannot be performed.
The file remains on the computer and can be run.
The infection status is Untreated and the file has not been Quarantined.
The same problem occurs with Riskware as well.

Why isn't the malware moved to quarantine?
Does Checkpoint have a best-practice setting here?

Thanks for your answers.

Re: Dealing with a malware infection issue

Chris_Atkinson — Wed, 09 Mar 2022 01:44:20 GMT

General best practices are covered in sk154052, but doesn't appear to get this specific for Anti-malware.

@jcortez Any thoughts on the quarantine behaviour, other than a client who's policy was changed and not up to date?

Re: Dealing with a malware infection issue

m25487 — Thu, 17 Mar 2022 13:49:27 GMT

I have now found the solution to the problem.
Forensics Analysis Model: I have now set the "Quarantine"
setting here. The setting "Nothing" was previously stored here.
According to File Reputation, the file is now being quarantined.
However, the "Untreated" message in the Anti-Malware Blade remains "Cleaned Failed"