Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 1 subscriber
  • Views 2619 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

javab-jd.ide in place. Now what? So frustraiting!!!!

apeeler

I have been pretty patient since wednesday evening when all of this started. My SEC has always had the live protection enabled and i also included the exclusions when they posted that suggestion. My update managers have the javab-jb.ide file. My endpoints do as well. Now what?  i have over 630 machines still reporting this virus/spyware. Do we do a manual cleanup? they need to create a patch that will remove this from quarentine. This is rediculous!!

How do i clean these up?...someone please help!!

:32395


This thread was automatically locked due to age.
Parents
  • 0
    apeeler wrote:

    I have been pretty patient since wednesday evening when all of this started. My SEC has always had the live protection enabled and i also included the exclusions when they posted that suggestion. My update managers have the javab-jb.ide file. My endpoints do as well. Now what?  i have over 630 machines still reporting this virus/spyware. Do we do a manual cleanup? they need to create a patch that will remove this from quarentine. This is rediculous!!

    How do i clean these up?...someone please help!!

    If all that is left is clearing everything from the QM, then all you need to do now is first acknowledge the alerts in SEC, then clear the Quarantine Manager on the endpoints. Since Acknowledging the alerts in SEC doesn't clear the QM on the Endpoint, you'll need to do both. To clear the QM on the endpoints, you can create a batch file that stops the Sophos Anti-Virus service, deletes quarantine.xml, then starts the Sophos Anti-Virus service. Push the batch file using your favorite method. For more details on clearing the Endpoint QM, please see the Advisory KBA 118311 which has some helpful VB scripts as well.

    :32401
Reply
  • 0
    apeeler wrote:

    I have been pretty patient since wednesday evening when all of this started. My SEC has always had the live protection enabled and i also included the exclusions when they posted that suggestion. My update managers have the javab-jb.ide file. My endpoints do as well. Now what?  i have over 630 machines still reporting this virus/spyware. Do we do a manual cleanup? they need to create a patch that will remove this from quarentine. This is rediculous!!

    How do i clean these up?...someone please help!!

    If all that is left is clearing everything from the QM, then all you need to do now is first acknowledge the alerts in SEC, then clear the Quarantine Manager on the endpoints. Since Acknowledging the alerts in SEC doesn't clear the QM on the Endpoint, you'll need to do both. To clear the QM on the endpoints, you can create a batch file that stops the Sophos Anti-Virus service, deletes quarantine.xml, then starts the Sophos Anti-Virus service. Push the batch file using your favorite method. For more details on clearing the Endpoint QM, please see the Advisory KBA 118311 which has some helpful VB scripts as well.

    :32401
Children
No Data