Symptoms
A computer virus is a type of computer program that, when executed, replicates itself by modifying other computer programs and inserting its own code.[1] When this replication succeeds, the affected areas are then said to be "infected" with a computer virus.
When TeamViewer Endpoint Protection detected a file or an application which is a virus and reported it as infected.
Diagnosis
In general, Viruses cannot be quarantined. The only action which can be done with a virus is: Disinfect or Delete. The primary action is disinfect. In this situation, both actions failed to be applied to the detection and manual intervention is needed.
The reason for a failed disinfection could be:
- The virus protected itself from the disinfection attempt on the infected application.
- The malware signatures detected a Generic Virus and did not have the proper routines for disinfection of this type of virus.
The reason for a failed delete operation could be:
- The virus protected itself from the deletion attempt.
- The application infected by the virus is locked by the system or another application.
Solution
In this situation, the best course of action is to collect a sample of the infected application for investigation and deleting the infected file.
- Make sure that the reported application is not system critical or an important application needed for day to day operations. A re-install of the application might be required.
- Use the Threat detail dialogue in the Management Console to see where exactly the application was detected in order to collect a sample and then delete it.
- Send us the Sample for analysis using the steps below(False Positive). Mark your subject: Virus - Infected
False Positive
In the rare case that the Infected file is a legitimate application/file please submit it for analysis and we will remove the detection within 24 hours if the investigation confirms that the application is not a Virus.
Please get in touch with our support for further investigation into the situation. Create a ticket
1) Mark your Subject: Virus - False positive detection
2) Attach a copy of the threat details from the Management Console and the path of the infected item.
3) Archive the file as zip/rar and password protect it with the password: infected
- A non-password protection file will be blocked by our internal systems.