To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Server Security 10.50 keeps deleting eicar.txt

jopal
jopal Posts: 3 Security Scout

Hello,

 

we are running Server Security 10.50 on a Windows 2008 R2 server and encountered a strange problem:

 

In Real-Time scan, the action on infection is set to "Report Only".


However, when copying an eicar.txt file to the server, it is deleted:

 

Malicious code found in file C:\Users\xxxxxx\Desktop\eicar.txt.
Infection: EICAR_Test_File
Action: The file was deleted.

 

But on another server running Windows 2008 R2 server, the file is not deleted:

 

Malicious code found in file C:\Documents and Settings\xxxxxx\Desktop\eicar.txt.
Infection: EICAR_Test_File
Action: none.

 

Both servers have exactly the same Antivirus policy.

However, the first mentioned server has stricter requirements to security settings and therefore has some additional settings in its Active Directory group policy. Is it possible that any group policy setting foces the antivirus software to delete infected files?

 

 

Any ideas?

 

Best Regards,

Johannes

 

Comments

  • Ben
    Ben Posts: 664 Cybercrime Crusader

    Hello Jopal,

     

    In order to troubleshoot this issue, we will need to analyse the settings on your server.

     

    Could you open a support ticket and attached an fsdiag of the server that keeps deleting the eicar file despite the "Report only" setting?

     

     

  • jopal
    jopal Posts: 3 Security Scout

    Hi Ben,

     

    thanks for your answer.

     

    I opened a support ticket.

     

     

    Regards,

    Johannes

This discussion has been closed.

Categories