Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 1 subscriber
  • Views 2617 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

javab-jd.ide in place. Now what? So frustraiting!!!!

apeeler

I have been pretty patient since wednesday evening when all of this started. My SEC has always had the live protection enabled and i also included the exclusions when they posted that suggestion. My update managers have the javab-jb.ide file. My endpoints do as well. Now what?  i have over 630 machines still reporting this virus/spyware. Do we do a manual cleanup? they need to create a patch that will remove this from quarentine. This is rediculous!!

How do i clean these up?...someone please help!!

:32395


This thread was automatically locked due to age.
  • 0
    apeeler wrote:

    I have been pretty patient since wednesday evening when all of this started. My SEC has always had the live protection enabled and i also included the exclusions when they posted that suggestion. My update managers have the javab-jb.ide file. My endpoints do as well. Now what?  i have over 630 machines still reporting this virus/spyware. Do we do a manual cleanup? they need to create a patch that will remove this from quarentine. This is rediculous!!

    How do i clean these up?...someone please help!!

    If all that is left is clearing everything from the QM, then all you need to do now is first acknowledge the alerts in SEC, then clear the Quarantine Manager on the endpoints. Since Acknowledging the alerts in SEC doesn't clear the QM on the Endpoint, you'll need to do both. To clear the QM on the endpoints, you can create a batch file that stops the Sophos Anti-Virus service, deletes quarantine.xml, then starts the Sophos Anti-Virus service. Push the batch file using your favorite method. For more details on clearing the Endpoint QM, please see the Advisory KBA 118311 which has some helpful VB scripts as well.

    :32401
  • 0

    Nathan how does one use the script Sophos provided with a network share? I can't figure out the command to get to the path then run the script?

    :32407
  • 0

    Nathan,

    I think the point being expressed here is that YOU need to produce something to do this not us. We cannot visit all endpoints and also we cannot expect all our users to do it either. While a simple login script could be used to fix this, it would be appropriate for you to add something to the console to do it from a central location. With all items in the quarantine still, we face the rediculous scenario that a user opens the GUI, screems at the big list of problems, panics and clicks 'delete' rendering the machine useless and facing a complete reinstall. A real central solution needs to be expressed out now!

    It's about time anyway that the SEC can clear the endpoint quarantines - ludicrous that this option has never existed IMO.

    Matt

    :32413
  • 0

    I dont mind acknowledging these issues , but to need to do this on each individual machine is rediculous. I can assure you if this is the only fix we will be switching products.

    :32417
  • 0
    101Techguy wrote:

    Nathan how does one use the script Sophos provided with a network share? I can't figure out the command to get to the path then run the script?

    Which script are you referring to, and how are you trying to use it?

    :32423
  • 0
    apeeler wrote:

    I dont mind acknowledging these issues , but to need to do this on each individual machine is rediculous. I can assure you if this is the only fix we will be switching products.

    Hi,

    If you are able to execute a batch file on bulk systems using tools like Altiris, PSEXEC, or Zenworks, then you can clear the endoint QM without having to touch every system by using the process I mentioned earlier. The other thread on this subject has many examples that others have used for clearling the QM that you can use to speed the development of a batch file for your environment that fits your needs.

    :32425
  • 0
    MawfTech wrote:

    Nathan,

    I think the point being expressed here is that YOU need to produce something to do this not us. We cannot visit all endpoints and also we cannot expect all our users to do it either. While a simple login script could be used to fix this, it would be appropriate for you to add something to the console to do it from a central location. With all items in the quarantine still, we face the rediculous scenario that a user opens the GUI, screems at the big list of problems, panics and clicks 'delete' rendering the machine useless and facing a complete reinstall. A real central solution needs to be expressed out now!

    It's about time anyway that the SEC can clear the endpoint quarantines - ludicrous that this option has never existed IMO.

    Matt

    Hi Matt,

    Your frustration is understandable, and if we could do what you suggest we would have. Please be sure to check back on the advisory KBA often as we are regularly updating it with various scripts and directions to assist with remediation.

    :32433
  • 0

    Hi Nathan,

    Are you really saying that e.g. management agent couldn't be tweaked to have this feature in future? Would seem like childsplay to me. Let's think about what it can already do, it can apply policy to SAV, it can apply policy to NAC, it can apply policy to SAU but it couldn't open the quarantine.xml and remove entries?

    I realise that it cannot be done now to fix this current situation for people with ongoing lack of update but it could EASILY be done for up and running systems and an option in the alerts screen added to SEC  e.g. 'clear end client alerts'.

    Think about it, please!

    Matt

    :32443