Security Suite Reports

mapper
mapper Posts: 1 New Member
I got the following report,  it is the same as several reports I get that comes from the automatic scan, ran a scan manually and got no hoarmfull files found.

I do not know what to do with this information. 

Is The bullet related to the link? 

CustomRefresh.wim is a file to be kept for refreshing windows.

 

Please advise on all questions.

 

Scanning report

  • Wednesday, July 24, 2019 3:00:02 AM - Thursday, July 25, 2019 4:11:44 PM
  • Scan type: Scan for viruses
Results
  • Items scanned: 15482831
  • Harmful items found: 62
DetailsAdware.ADWARE/DealPly.Gen4
  • C:\RefreshImage\CustomRefresh.wim: Could not quarantine

Comments

  • Ukko
    Ukko Posts: 3,770 Superuser

    Hello,

     

    I am only an F-Secure user (their home solutions). So, only unofficial suggestions.

    I get that comes from the automatic scan, ran a scan manually and got no hoarmfull files found.

    By automatic scan, do you mean "scheduled scan"? And "ran a scan manually" is context scan (rightclick on file) or manually launched Full Scan?

     

    If so - maybe scheduled scan logic with its own settings for some type of files that can be ingored during "manual" scan (for example, zipped or compressed items; certain size of files; or post-reinterpretation for detected items. Difference can be based on pre-defined logic or based on your own setting for manual scanning). As a result, some "riskware" can be undetected (considered as safe) with certain try. For example, if detected item is "false positive".

     

    CustomRefresh.wim is a file to be kept for refreshing windows.

    I am not sure what is content of "CustomRefresh.wim" but based on its ".wim" - sounds that it is container where can be any files. Altough, your further log with detection for entire item.

     

    Adware.ADWARE/DealPly.Gen4
    C:\RefreshImage\CustomRefresh.wim: Could not quarantine

    Detection "Adware.ADWARE/DealPly.Gen4" is about:

    "Adware" type of suspicious software. Description about Adware:

    https://www.f-secure.com/sw-desc/adware.shtml

     

    "DealPly" is about certain type of adware item. Known as certain example.

    For example, it is possible to search web about keywords (Adware DealPly) and read more.

    In general, sounds that it can be browser addon or certain software that show additional advertisements (unwanted) on webpages and even can to perform more tricky hacks.

     

    Such addon can be installed, for example, as a payload when you installing any other software (where such a "payload" is a bundle). Usually, possible to uncheck this option and do not install it.

     

    "Gen4" is about generic type of detection. So, detection can be false positive. Detected item is just about something that was around "Adware DealPly" detection type.

     

    "Could not quarantine" is about inability to quarantine detected item (to remove it).

    I think that it is because of ".wim" extension. And, maybe, detected resource is exist inside this container. It is not recommended to delete entire container where safe items are also exist.

     

    Sorry for my English! And good if you will back with feedback whether is something more clear or not. And with more information about your concern? For example, your quote with "Harmful items found: 62" - but only one file is visible. This one is only concern?

     

    Thanks!

  • Hello @mapper 

     

    Thank you for posting your query,

     

    Based on your subject, it seems you are using customized version of F-Secure which will need to be checked by the respective Internet Service Provider. This is because we have limited knowledge and access to customized version of F-Secure program and license. As such, your Internet Service Provider has a dedicated Technical Support team who would be able to support you. We recommend that you contact them directly to obtain further support. If they are unable to resolve the issue, please get your Internet Service Provider to escalate your case.

This discussion has been closed.
Feedback on New Design