Community
User Guides
Support
Community
Help Forums
English Forum
General
About our Community
General Discussion
News and Feedback
Products
F-Secure SAFE
F-Secure FREEDOME
F-Secure KEY
F-Secure SENSE Router
F-Secure ID PROTECTION
Other products
Beta programs
Feature Requests
Finnish Forum (Tukifoorumi)
Tuotteet Kotiin
F-Secure SAFE
F-Secure FREEDOME
F-Secure KEY
F-Secure SENSE Router
F-Secure ID PROTECTION
Muut tietoturvatuotteet
Support Articles
Language
English
Suomi
Deutsch
Français
日本語
Svenska
Dansk
Italiano
Nederlands
Norsk
Polski
中文 (繁體)
Products & Services
F-Secure TOTAL
F-Secure SAFE / Internet Security / Anti-Virus
F-Secure FREEDOME
F-Secure KEY
F-Secure SENSE Router
F-Secure ID PROTECTION
Other products
Common topics
User Guides
Support
Login
|
Register
F-Secure Server Security 12 fails to quarantine Microsoft Document OLE files - F-Secure Community
<main> <article class="userContent"> <h3 data-version="2" data-article="000011430" data-id="issue">Issue:</h3> <p>After a Real-time scanning operation, there are many different objects detected as malicious. Some documents or files are blocked but not quarantined.<br>Action on malware detection is set to "decide automatically" and custom action on infection for workstations is set to "quarantine automatically".<br><br>We have noticed, that these files are however not quarantined. Here is some of the entries reported from removal.log:<br><br>09.04.2020 11:44:45 Malware.XF/Agent.A BEGIN<br>;<br>;Log created by USS version 5.8.317<br>;<br>09.04.2020 11:44:45 Malware.XF/Agent.A file "N:\NDATA\XX\xxxxx\applicationxxxx\clients\A\ACENT AG\xxxx\example PEK.xls" quarantined failed <br>09.04.2020 11:44:45 Malware.XF/Agent.A file "N:\NDATA\XX\Ixxxxx\applicationxxxx\clients\A\ACENT AG\xxxx\example PEK.xls" blocked success <br>09.04.2020 11:44:45 Malware.XF/Agent.A END<br>or<br>15.04.2019 01:03:52 Heuristic.HEUR/CVE-2017-0199 file "P:\Daten\XX\XX-xxxxxx\xxxxx\xxxxxx, example.doc" quarantined failed<br>15.04.2019 01:03:52 Heuristic.HEUR/CVE-2017-0199 file "P:\Daten\XX\XX-xxxxxx\xxxxx\xxxxxd, example.doc" disinfected failed<br>15.04.2019 01:03:52 Heuristic.HEUR/CVE-2017-0199 END</p> <h3 data-id="resolution">Resolution:</h3> <p>Old style Microsoft Document OLE files (.xls, .doc, etc.) are explicitly protected from deletion and quarantine in legacy scanning platform (F-Secure Server Security 12.x and F-Secure Client Security 12.x). Those documents will always log as failing quarantine if detected on-access.<br><br>The way to reliably remove those files is to do a manual scan with explicit "delete" or "quarantine" actions. This behavior is controlled by "advanced action table" policy setting, but user/admin modifications for this setting are not possible in any supported product; it's hard-coded for all practical purposes.<br><br>How to manually scan using the F-Secure Policy Manager Web Console:<br></p><ol><li>Login to F-Secure Policy Manager Web Console</li><li>From the standard view, click on the Manual scanning from the left menu</li><li>Set " quarantine automatically" or " delete automatically" for action on infection</li><li>Distribute the policy</li></ol> After the operation is completed, these files should be quarantined or deleted, depending on the option you have set.<br><br>In case those files, or documents are detected false, please <a rel="nofollow" href="https://www.f-secure.com/en/business/support-and-downloads/submit-a-sample">submit </a>a sample to F-Secure for further analyses.<br><br>With latest versions of the Ultralight scanning platform (F-Secure Server Security 14, F-Secure Client Security 13 and 14) document files are quarantined or deleted in the same way as other file types.<br>You can find the latest versions of F-Secure business products at: <a rel="nofollow" href="https://www.f-secure.com/en/business/support-and-downloads">https://www.f-secure.com/en/business/support-and-downloads</a> <p>Article no: 000011430</p> </article> </main>