A computer virus is a type of computer program that, when executed, replicates itself by modifying other computer programs and inserting its own code. When this replication succeeds, the affected areas are then said to be "infected" with a computer virus.
When TeamViewer Endpoint Protection detected a file or an application which is a virus and reported it as infected.
In general, Viruses cannot be quarantined. The only action which can be done with a virus is: Disinfect or Delete. The primary action is disinfect. In this situation, both actions failed to be applied to the detection and manual intervention is needed.
The reason for a failed disinfection could be:
- The virus protected itself from the disinfection attempt on the infected application.
- The malware signatures detected a Generic Virus and did not have the proper routines for disinfection of this type of virus.
The reason for a failed delete operation could be:
- The virus protected itself from the deletion attempt.
- The application infected by the virus is locked by the system or another application.
In this situation, the best course of action is to collect a sample of the infected application for investigation and deleting the infected file.
- Make sure that the reported application is not system critical or an important application needed for day to day operations. A re-install of the application might be required.
- Use the Threat detail dialogue in the Management Console to see where exactly the application was detected in order to collect a sample and then delete it.
- Send us the Sample for analysis using the steps below(False Positive). Mark your subject: Virus - Infected
In the rare case that the Infected file is a legitimate application/file please submit it for analysis and we will remove the detection within 24 hours if the investigation confirms that the application is not a Virus.
Please get in touch with our support for further investigation into the situation. Create a ticket
1) Mark your Subject: Virus - False positive detection
2) Attach a copy of the threat details from the Management Console and the path of the infected item.
3) Archive the file as zip/rar and password protect it with the password: infected
- A non-password protection file will be blocked by our internal systems.