Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
m25487
Contributor
Jump to solution

Dealing with a malware infection issue

Hello,

we have recently been using the EPS 86.20 Client.
In order to test the correct functionality of the virus protection, we downloaded the EICAR test virus.
The EPS detects the malware but takes no action. In this case, the file should be quarantined if a cure cannot be performed.
The file remains on the computer and can be run.
The infection status is Untreated and the file has not been Quarantined.
The same problem occurs with Riskware as well.

Why isn't the malware moved to quarantine?
Does Checkpoint have a best-practice setting here?

Thanks for your answers.

screen1.pngscreen2.PNG

0 Kudos
1 Solution

Accepted Solutions
m25487
Contributor

I have now found the solution to the problem.
Forensics Analysis Model: I have now set the "Quarantine" 
setting here. The setting "Nothing" was previously stored here.
According to File Reputation, the file is now being quarantined.
However, the "Untreated" message in the Anti-Malware Blade remains "Cleaned Failed"

check1.png

View solution in original post

0 Kudos
2 Replies
Chris_Atkinson
Employee Employee
Employee

General best practices are covered in sk154052, but doesn't appear to get this specific for Anti-malware.

@jcortez Any thoughts on the quarantine behaviour, other than a client who's policy was changed and not up to date?

CCSM R77/R80/ELITE
0 Kudos
m25487
Contributor

I have now found the solution to the problem.
Forensics Analysis Model: I have now set the "Quarantine" 
setting here. The setting "Nothing" was previously stored here.
According to File Reputation, the file is now being quarantined.
However, the "Untreated" message in the Anti-Malware Blade remains "Cleaned Failed"

check1.png

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events