Endpoint Protection file reported as infected - Virus

50% helpful (1/2)

Read this article in: Chinese  | French  | Japanese  | German  | Spanish 


Symptoms

computer virus is a type of computer program that, when executed, replicates itself by modifying other computer programs and inserting its own code.[1] When this replication succeeds, the affected areas are then said to be "infected" with a computer virus.

When TeamViewer Endpoint Protection detected a file or an application which is a virus and reported it as infected.

Diagnosis

In general, Viruses cannot be quarantined. The only action which can be done with a virus is: Disinfect or Delete. The primary action is disinfect. In this situation, both actions failed to be applied to the detection and manual intervention is needed.

The reason for a failed disinfection could be: 

  • The virus protected itself from the disinfection attempt on the infected application. 
  • The malware signatures detected a Generic Virus and did not have the proper routines for disinfection of this type of virus. 

The reason for a failed delete operation could be:

  • The virus protected itself from the deletion attempt.
  • The application infected by the virus is locked by the system or another application.

Solution

In this situation, the best course of action is to collect a sample of the infected application for investigation and deleting the infected file.

  • Make sure that the reported application is not system critical or an important application needed for day to day operations. A re-install of the application might be required. 
  • Use the Threat detail dialogue in the Management Console to see where exactly the application was detected in order to collect a sample and then delete it. 
  • Send us the Sample for analysis using the steps below(False Positive). Mark your subject: Virus - Infected

False Positive

In the rare case that the Infected file is a legitimate application/file please submit it for analysis and we will remove the detection within 24 hours if the investigation confirms that the application is not a Virus.

Please get in touch with our support for further investigation into the situation. Create a ticket

  1. Mark your Subject: Virus - False positive detection
  2. Attach a copy of the threat details from the Management Console and the path of the infected item. 
  3. Archive the file as zip/rar and password protect it with the password: infected
    1. A non-password protection file will be blocked by our internal systems.
Version history
Revision #:
15 of 15
Last update:
February
Updated by:
 
Labels (2)