Is any one else seing this alert - Shh/Updater-B False positives

---

Nathan wrote:

---

<snip>

---

Unfortunately there is no mechanism to centrally clear all the items from the endpoint Quarantine Manager.

The quarantine manager does not prevent the files from being executed. The scanning engine itself carries out that function, so if you've obtained javab-db.ide but HAVEN'T cleared the items from the QM and HAVEN'T moved or deleted anything, then the files detected and listed in the QM will be allowed to run.

The actions to delete the quarantine.xml file can be carried out via a batch file pushed using a tool like PSEXEC. Check this thread for some example batch files and PSEXEC commands if you aren't familiar with these tools. I'm working on getting the advisory updated with some of this information.

---

Thanks for the update Nathan, I'll take a look about the thread, but I'll keep an eye on the advisory for next recommended course of action.

---

Nathan wrote:

---

<snip>

---

Unfortunately there is no mechanism to centrally clear all the items from the endpoint Quarantine Manager.

The quarantine manager does not prevent the files from being executed. The scanning engine itself carries out that function, so if you've obtained javab-db.ide but HAVEN'T cleared the items from the QM and HAVEN'T moved or deleted anything, then the files detected and listed in the QM will be allowed to run.

The actions to delete the quarantine.xml file can be carried out via a batch file pushed using a tool like PSEXEC. Check this thread for some example batch files and PSEXEC commands if you aren't familiar with these tools. I'm working on getting the advisory updated with some of this information.

---

Thanks for the update Nathan, I'll take a look about the thread, but I'll keep an eye on the advisory for next recommended course of action.