We have files that are listed in our exclusions list as well as files that have already been quarantined and released before being detected and listed as infections.
The issue we mainly have now is that we cannot trust the infections list meaning we cannot proactively protect our clients as we do not know is this is true or false; and trying to perform the quarantine and release on these files as they are critical DLLs and EXE for applications break them meaning you have to perform a re-install; to find this does not work most of the time.
We need a better and improved way of doing this; a method of maybe classifying a file or reporting the false positive which releases it and does not report it again until properly checked and reported back.
That is part of the last update bug with V10 were it captures mmc.exe, powershell.exe, outlook.exe and many many others.
Not the issue with this one, these are other applications and files we have had since V8 which have never gone away even after trying supports quarantine and restore and exclude.
We’re also seeing PCs running slowly at times and CCS not opening. Today, I set up a new PC for a client and Acrobrat Reader would not install until containment was disabled, despite nothing slowing the containment logs.
Install downloaded v8 using the following command from an UAC elevated CMD prompt (Change BOLD to your path): - msiexec /i path_to_msi /quiet REBOOT=ReallySuppress CESMCONTEXT=1 MAKE_CESM_DEFAULT_CONFIG=1 CES_SANDBOX=1 CES_FIREWALL=1 CES_ANTIVIRUS=1 INSTALLFIREWALL=1
See attached scripts but here is some information about them: -
CCS-check checks if CCS is installed and then uninstalls it with 2 mins countdown for restart. You can modify the script and increase the countdown by modifying/editing line number two ie. j=2*60 to specify the required seconds after which system will restart