Elements Endpoint Protection is unable to remove the infection found inside an archive automatically, no action was taken

Issue:

Elements Endpoint Protection portal's Security Events-tab shows a new event found during Manual / Scheduled scanning flagged for "Action required", but the threat description shows that no action was taken.

Resolution:

If the detection shows that a harmful / malicious file has been located inside an archive file (for example a ZIP,RAR,7z,tar.gz, Chrome browser cache etc.), then it means you will have to remove the infected item from the archive manually, or delete the whole archive completely.

Elements Endpoint Protection products cannot open an archive, remove an infected file and then re-archive the files, thus manual action is needed by the administrator. Note that a malicious file is harmless until you extract it from the archive.

Try the following instructions to manually remove the detected item(s):

Make sure you have the administrator right or permission to delete the file
Some files may be hidden, so set your folder option to show hidden files, folders and drives

Open File Explorer
Copy the filepath (without the item filenames) where the detected item is located
Paste the copied path into the Address Bar in File Explorer
Delete the detected file / the whole archive manually

Note: If the file path indicates that the file is placed inside an email folder (Outlook, Thunderbird etc.) file, then you can delete all your emails with attachments and empty the trash, deleted and spam emails folders. It is possible to locate the file, but that process is complicated. The file is not dangerous, because the Elements Endpoint Protection program has identified the file, and will not allow the file to run on the computer.

Article no: 000031853