Posted by Remote Management Staff
Remote Management Staff

Anti-Malware declared a file as "Infected" in Outlook PST or OST

What can I do when an attachment in Outlook is flagged as “infected” by ITbrain Anti-Malware?

It seems that an Outlook attachment was detected by ITbrain Anti-Malware as a threat and declared as “infected”. At the time of the detection, Outlook was running and the cleaning process could not be finished due to permissions in Outlook, the file was only declared as infected. 

 

In this situation there are several possibilities to clean the infected e-mail/s. 

 

  • In the Alert details, ITbrain Anti-Malware shows the exact path of the database(.ost or .pst) and the subject of the e-mail. The e-mail could be searched in the Outlook folders and deleted*.

                                                                                                                      *Please clean the “deleted items” folder as well. 

 

  • Schedule a custom scan in ITbrain Anti-malware policy using the path of the .ost or .pst archive when the Outlook is not running. The declared as infected threats in Outlook would be cleaned when the custom scan will run.

 

  • Connect with Remote Control to the affected computer, navigate with File Explorer to the path of the outlook database(.pst or .ost). With Outlook closed perform a contextual scan*

                                                                                                                  *right click to scan with Anti-Malware

 

In some cases, depending on the settings for downloaded messages in Outlook only a shadow copy of the e-mail gets downloaded and thus being detected and flagged as “infected” .

Please remove the message from the server side and Outlook will synchronize with the server. 

In case the detected message cannot be found in Outlook or on the Exchange server it could mean it is an older message or another security solution tried to clean the message before.

 

For these situations Microsoft has a Knowledge base article on how to compact Outlook folders and e-mails in order to delete older messages which are no longer present and save space on the drive. https://support.microsoft.com/en-us/kb/289987

Product Owner, Remote Management services.
3 Replies
3 Replies
Posted by JMG89
Henagon

Re: Anti-Malware declared a file as "Infected" in Outlook PST or OST

Unfortunately 3 + months of scans still show this infection. Manual removal, changing the backup storage of emails to a lesser time, and all the other suggestions have not worked in my case. It was first an "exploit", next a "Trojan", and now "Ransomware".
Posted by Remote Management Staff
Remote Management Staff

Re: Anti-Malware declared a file as "Infected" in Outlook PST or OST

HI @JMG89

Thanks for the post. Could you get in touch with our support to get the samples analyzed? 

Product Owner, Remote Management services.
Posted by JMG89
Henagon

Re: Anti-Malware declared a file as "Infected" in Outlook PST or OST

Submitted sample resulted in being referred to Microsoft...................

Weeks later we discovered our valued customer was using external hard drive(s) for backup, deleting all of his .pst files after the first infection notification was the only workable solution.