Posted by Sajid
Henagon

What to do if ITbrain anti-malware can't clear a threat

Hello. Can someone please tell me what should I do if ITbrain anti-malware can't clear a threat. I don't see any options for manual deletion or anything so I was wondering how does ITbrain tackle such a situation.

1 Accepted Solution

Accepted Solutions
Posted by Remote Management Staff
Remote Management Staff
Solution

Re: What to do if ITbrain anti-malware can't clear a threat

Dear @Sajid

 

Thanks for the message. 

 

When Itbrain Anti-malware will create an Alert with status Threat Detected More details will be provided about the alerts in Alert Details. 

Please have a look at the post below maybe it will help you: 

https://community.teamviewer.com/t5/General/Anti-Malware-declared-a-file-as-quot-Infected-quot-in-Ou...

Theoreticaly if a threat cannot be handled by ITbrain Anti-Malware engines you will need to investigate that threat manually by: Deleting the file, sending the file to us for investigation ( support@itbrain.com) or follwing the actions from the Alert details

Please attach a screenshot of the alert details window and I will guide throght the cleaning process. 

Product Owner, Remote Management services.
7 Replies
Posted by Remote Management Staff
Remote Management Staff
Solution

Re: What to do if ITbrain anti-malware can't clear a threat

Dear @Sajid

 

Thanks for the message. 

 

When Itbrain Anti-malware will create an Alert with status Threat Detected More details will be provided about the alerts in Alert Details. 

Please have a look at the post below maybe it will help you: 

https://community.teamviewer.com/t5/General/Anti-Malware-declared-a-file-as-quot-Infected-quot-in-Ou...

Theoreticaly if a threat cannot be handled by ITbrain Anti-Malware engines you will need to investigate that threat manually by: Deleting the file, sending the file to us for investigation ( support@itbrain.com) or follwing the actions from the Alert details

Please attach a screenshot of the alert details window and I will guide throght the cleaning process. 

Product Owner, Remote Management services.
Posted by Sajid
Henagon

Re: What to do if ITbrain anti-malware can't clear a threat

Hello Stanislav. Thank you so much for replying. I have fixed the issue by running a scan using malwarebytes and spybot and they cleared out the malwares. I guess ITbrain was not able to handle the threats. At first I tried to delete them manually but couldn't for some reasons I still don't know. However they are deleted now.

Here's a screenshot of the detail of that infected file. As I wasn't able to do something about it so I have "acknowledged the threat".
send.png
By the way, can you tell me what does "acknowledge threat" actually do?

Highlighted
Posted by Remote Management Staff
Remote Management Staff

Re: What to do if ITbrain anti-malware can't clear a threat

Hi @Sajid

Alert Acknowledgement is a way to handle all alerts and make sure that everything is in order and it is monitored or handled by a technician. 

The alert Acknowledgement does not really od anything on the system but acknowledge that a technician had a look and "acknowledged" those alerts.  This system is particularly interesting for Managed service providers or for uses were more than one technician is working with the system.

More information about this you can find in our support center: https://www.itbrain.com/en/support/

 

 

Product Owner, Remote Management services.
4 Replies
Posted by Davor
Henagon

Re: What to do if ITbrain anti-malware can't clear a threat

Hello,

Can you tell me, is it possible to delete reported malware, without connection to remote PC?

Posted by Remote Management Staff
Remote Management Staff

Re: What to do if ITbrain anti-malware can't clear a threat

Hi @Davor

 

Thanks for the question. 

 

At this moment there is no way to delete a threat if the engines could not perform actions on that file. 

Our Anti-Malware engines have system-wide access to perform various tasks depending on the routines from malware signatures.  Usually, if a threat cannot be resolved and it is flagged as infected only if there is a very good reason why the engines took that decision. 

From my experience working with Anti-malware engines for more than 5 years I would recommend treating each detection with top priority and if necessary to connect to the machine in order to investigate or isolate the detected threat. 

We always tend to try an automize some tasks in our IT environment but I would advise against automatizing malware tasks fully. 

Small off topic here:  Many IT technologies move slowly to be fully autonomous with various AI integrations, we want to make everything automated. In the Malware and Security sector, this will happen very slowly due to the fact that malware writing takes advantage of different vulnerabilities previously unknown to the system. There will be always a need for a trained eye to have a look at each malware code submitted or detected for a proper solution or deeper investigation.  For the next 5-10 years I would rely on Malware signatures and if something does not feel right always submit samples for analysis. 

Product Owner, Remote Management services.
Posted by apcdigital1
Digon

Re: What to do if ITbrain anti-malware can't clear a threat

Hi @Stanislav ,

We continue to have issues with alerts from ITBrain Endpoint Protection (EP).  We get alerts from several computers we manage - there are viruses and EP is unable to resolve them.  We've tried a number of the recommended suggestions here without luck.   

The thing which has worked- is uninstalling EP, installing a trial of another antivirus program, which cleans up any malware viruses, etc. then uninstalling the trial software, and reinstalling EP. 

We're looking for solutions or recommendations.  

Thank you very much.

 

Kind Regards
@apcdigital1
D. Fowler
Posted by Remote Management Staff
Remote Management Staff

Re: What to do if ITbrain anti-malware can't clear a threat

Hi @apcdigital1 

Thanks for sharing your experience. 

We made some changes to the outlook add-in and released a new version the last week.

More changes needed to be done here. At the same time, we are looking into better ways to handle OST  e-mail attachments better. This will take a while as it is very difficult to reproduce these things internally.  We have a few ideas and will try them out in the next month. I expect a new update with more changes will come somewhere in March. 

From a security standpoint, malware in Outlook which is detected and cannot be resolved does not pose a threat to the system as it is isolated in the Outlook database file. Even if someone will try to run it the Real-time protection will stop it, as it is already known. 

It would be good if you could send us via support ticket the Anti-malware logfiles and the logs from the other solution you used. We could compare and see what went wrong and why we could not remove certain threats form Outlook.

Product Owner, Remote Management services.