Endpoint Protection

 View Only
  • 1.  What does "Cleaned by Deletion" mean

    Posted Aug 19, 2009 06:56 AM
    We have an Symantec Antivirus 10.1 environment.
    We have found the Mibling virus in our network and Symantec does detect that virus.

    Within the log we found that the Mibling virus is removed with the "Cleaned by Deletion" option.

    But what does "Cleaned by Deletion" mean ?
    is the virus removed/cleaned ? Is the Mibling created backdoor removed ?

    I hope someone can help me with some usefull info.

    Thanks


  • 2.  RE: What does "Cleaned by Deletion" mean

    Posted Aug 19, 2009 07:07 AM


    If an infection is found soon after the file became infected, the formerly infected file will probably be fully functional. In some instances, however, Symantec AntiVirus may clean an infected file that has already been damaged by the virus. For example, if Symantec AntiVirus finds the Word.Wazzu macro virus in an infected document file, Symantec AntiVirus removes the virus, but does not remove the word wazzu that the virus places in the infected document. In this case, Symantec AntiVirus cannot repair the damage that has been done to the infected file.

    Cleaned by deletion

    View the events where the action configured was "clean," but a file was deleted because that was the only way to clean it. For example, this action is generally needed for Trojan horse programs.


     


     



  • 3.  RE: What does "Cleaned by Deletion" mean

    Posted Aug 19, 2009 07:13 AM
    its only the deletion of changes made by a virus in a file or a special file I think, not the entire file.


  • 4.  RE: What does "Cleaned by Deletion" mean

    Posted Aug 19, 2009 07:41 AM
    Trojans cannot be cleaned they are full of junk..so when Symantec tries to clean it first because first it looks at it as a good file..but when it finds out its full of junk..it will delete it
    So it has cleaned it by deleting it... if the first option would have been to quarantine it would have directly sent it to quarantine rather than trying to clean it...

    Trojans can not be cleaned as they are full of junk/Malicious codes.


  • 5.  RE: What does "Cleaned by Deletion" mean

    Posted Aug 19, 2009 08:31 AM

    M - wrong, it means it was deleted - the file was deleted.
    Otherwise, it would be "cleaned".

    3 things can happen.....
    Infected file - viral code removed, file remains
    Trojan - there is no viral code because the infection IS the file and the file IS the infection, so the file is deleted - cleaned by deletion
    or
    Quarantined. It can't be cleaned, you didn't want it deleted so it was quarantined. Generally things like documents you want to quarantine, or file that may later be cleanable by later new defs you'd quarantine. There are times SAV or SEP know a file is naughty, but it is a very important document for the boss, so you don't want it deleted. Quarantine it in case later defs can clean it, and it happens.

    Trojans have to be deleted - cleaned by deletion, or files that are corrupted or can't be cleaned.
    GOOD files that have viral code inserted are cleaned.
    Quarantined files - files that are infected but can't be cleaned now, but maybe can be cleaned and thus saved later.

    (been doing this since about 1992 so trust me a bit, eh?  LOL  )



  • 6.  RE: What does "Cleaned by Deletion" mean

    Posted Aug 19, 2009 08:53 AM
    Its deleted, I took those lines form Help File, you can trust :) 



  • 7.  RE: What does "Cleaned by Deletion" mean

    Posted Aug 19, 2009 09:15 AM
    LOL. sort of when all else faily, click HELP? 
    Naw, I'm more like Red Green - I throw the manuals away, a real man can assemble anything without the manuals.
    (It's a Canadian and American thing, I guess)


  • 8.  RE: What does "Cleaned by Deletion" mean

    Posted Aug 19, 2009 09:35 AM

    "Cleaned by Deletion" mean Symantec detected the virus & deleted the virus.

    It is the term used by symantec to delete the virus.

    Actually it should be "Deleted"

    Regards...
    Ramji Iyyer



  • 9.  RE: What does "Cleaned by Deletion" mean

    Posted Aug 20, 2009 10:14 AM
    "Cleaned by Deletion", the title speaks for itself... :-)