Endpoint Protection file reported as infected - Virus - TeamViewer Support
<main> <article class="userContent"> <h2 data-id="symptoms">Symptoms</h2><p>A <strong>computer virus</strong> is a type of <a href="https://en.wikipedia.org/wiki/Computer_program" rel="nofollow noreferrer ugc">computer program</a> that, when executed, replicates itself by modifying other computer programs and inserting its own code.<a href="https://en.wikipedia.org/wiki/Computer_virus#cite_note-Stallings_2012_p.182-1" rel="nofollow noreferrer ugc">[1]</a> When this replication succeeds, the affected areas are then said to be "infected" with a computer virus.</p><p>When TeamViewer Endpoint Protection detected a file or an application which is a virus and reported it as infected. </p><h2 data-id="diagnosis">Diagnosis</h2><p>In general, Viruses cannot be quarantined. The only action which can be done with a virus is: Disinfect or Delete. The primary action is disinfect. In this situation, both actions failed to be applied to the detection and manual intervention is needed.</p><p>The reason for a failed disinfection could be: </p><ul><li>The virus protected itself from the disinfection attempt on the infected application. </li><li>The malware signatures detected a Generic Virus and did not have the proper routines for disinfection of this type of virus. </li></ul><p>The reason for a failed delete operation could be:</p><ul><li>The virus protected itself from the deletion attempt.</li><li>The application infected by the virus is locked by the system or another application.</li></ul><h2 data-id="solution">Solution</h2><p>In this situation, the best course of action is to collect a sample of the infected application for investigation and deleting the infected file.</p><ul><li>Make sure that the reported application is not system critical or an important application needed for day to day operations. A re-install of the application might be required. </li><li>Use the Threat detail dialogue in the <strong>Management Console</strong> to see where exactly the application was detected in order to collect a sample and then delete it. </li><li>Send us the Sample for analysis using the steps below(False Positive). Mark your subject: <em>Virus - Infected</em></li></ul><p><strong>False Positive</strong></p><p>In the rare case that the Infected file is a legitimate application/file please submit it for analysis and we will remove the detection within 24 hours if the investigation confirms that the application is not a Virus.</p><p>Please get in touch with our support for further investigation into the situation. <a href="https://support.teamviewer.com/" rel="nofollow noreferrer ugc">Create a ticket</a></p><p>1) Mark your Subject: <em>Virus - False positive detection</em></p><p>2) Attach a copy of the threat details from the Management Console and the path of the infected item.</p><p>3) Archive the file as zip/rar and password protect it with the password: <em>infected</em></p><ol><li>A non-password protection file will be blocked by our internal systems.</li></ol> </article> </main>
