Malware Found -- - general maintenance/best practice other MSPs are taking

Generally speaking how are other MSPs usually tending (best practice) to Malware being found on a managed device? Are you deleting the file/s on all machines once a month or just leaving in quarantine?.. .

If it is in the temp folder, I delete it right away, if it is elsewhere, I will look into it to ensure it is not a false positive, as I have had some of those in the past. If I am uncertain, and I do not have time to investigate, I leave it in quarantine, until I have time to check it out, or the end user reports an issue, which may fall back on something in the quarantine.

Thanks. . just trying to get an idea- i seem to be spending a lot of time chasing individual alerts/files a little too much – it could be a fulltime job looking into each one. . . so what you said makes sense about making a judgment call if you have the time or not. . .



why not use our endpoint security so that any unknown executable will run in containment hence can’t cause infection?

I plan to try this again, when I get a chance, but have not had good luck with it, things were not working right on the endpoints.

You see, Comodo Endpoint Security is a very very powerful application. The protection it offers is unparalleled but it does need configuring. Why not let our Customer Success team help you with the initial setup so that you can see all the configuration that needs to be done before you do the rest?

I would love to, could you PM me the number, so I can call them when I have time to kick it on again?? Is there a write up on the basics of the configuration of the containment??

If I receive emailed notification, and after looking on ITSM it seems to be malicious, I delete it and run a full scan on the machine. If I feel a manager at the client needs to be aware of the file, I inform them.

Dear BOSS,

Thank you for using Comodo product. I emailed you with our availability for this
ext week. Kindly respond to the email and let us know what works best for you. We are happy to assist you.

Thank you.

The device I was speaking of had the endpoint installed --and ITSM reported via email alert (New Infection detected on device XXX)… . Upon clicking the link for more info- I have the option to quarantine or delete. . . . I was thinking of leaving as is for the moment in case the end user called/complained about something not working and then delete it. OR quarantine it… . wondering other’s philosophies. . . or your advise.


I am sorry, I got very busy, and fear I may of missed our appointment, please let me know.