Why does KES endpoint report a virus infection which cannot be removed or keeps returning after deletion?
1. As the first step to ensure the highest protection level we recommend to apply all the available patches for your MS Windows Operating System - this step is extremely important as many viruses use security holes in outdated operating systems.
2. Ensure the endpoint has the latest AVG signature updates - check this on the Security > Protection > Manual Update page
For the next steps, log onto the desktop of the infected system and use the AVG user interface (c:\program files\avgx\avgui.exe)
3. Enable the "Scan files on close" feature in AVG Resident Shield to increase the system protection - Launch AVG User Interface -> choose "Advanced settings" from the "Tools" menu -> select "Resident Shield" from the left tree menu -> tick the "Scan files on close" checkbox and confirm by clicking the "OK" button.
4. Restart the computer.
5. Run the "Scan whole computer" test.
6. Please answer the following questions:
- Is the virus detected by the "Scan whole computer" test?
- Is the virus detected only by AVG Resident Shield?
- Is it possible to Delete, Heal or Move to Vault this infected file?
- Is this virus detected repeatedly? Is it the same file?
- When is the infected file detected: after restarting the PC or after connecting to Internet?
7. We may need to check the list of processes running on the computer for any suspicious files. To provide us with this list, please proceed as follows: -
Download the AVG service utility from this location to your computer
(we recommend saving it to your desktop) and run it. Detailed information will be displayed on your screen:
8. Attach theresulting "result.7z" file from step 7 to your support ticket
9. Run AVG diagnostics as described in KB Article: https://kaseya.zendesk.com/entries/33832736-How-do-I-collect-AVG-diagnostic-data-from-KES-endpoints- and attach the resulting zip file to your support ticket
After sending us the gathered data, we recommend to disable the "Scan files on close" option (as described in step 3), to reduce the resources usage.
Kaseya Endpoint Security (KES)