Follow

Why does the AVG informational test results appear as threats in KES and can't be processed?

KB#:  KKB000311

QUESTION

Files appear under Security tab > View Threats with a description beginning with (?), and cannot be healed or deleted using the Kaseya interface.

A common example is "(?) Runtime Packed Mew". Often the files are genuine, such and Symantec Cleanwipe (scscleanwipe.zip).


The "threat" is in fact an AVG informational test result. This happens when the scan finds a file which is not found to be infected but has some suspicious characteristics. More information about this can be found here -http://www.avg.com/gb-en/index-faq.keyw-information#tba3

These results are currently being reported as threats by the API, but AVG itself does not take any action and the file is not removed to the virus vault. Because of this, trying to heal or delete from the View Threats page will fail.

 

ANSWER

To remove from View Threats, use the "Remove from this list" button. This will not cause any action to be taken on the endpoint, and it may be detected again if the warning occurs again ina future scan. If the file is not genuine, it should be deleted from the endpoint machine.

Development are aware of this issue, and plan to add special handling for this type of event in a future release.

 

APPLIES TO

Kaseya Endpoint Security (KES) v2.1

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.