Server Security 10.50 keeps deleting eicar.txt
we are running Server Security 10.50 on a Windows 2008 R2 server and encountered a strange problem:
In Real-Time scan, the action on infection is set to "Report Only".
However, when copying an eicar.txt file to the server, it is deleted:
Malicious code found in file C:\Users\xxxxxx\Desktop\eicar.txt.
Action: The file was deleted.
But on another server running Windows 2008 R2 server, the file is not deleted:
Malicious code found in file C:\Documents and Settings\xxxxxx\Desktop\eicar.txt.
Both servers have exactly the same Antivirus policy.
However, the first mentioned server has stricter requirements to security settings and therefore has some additional settings in its Active Directory group policy. Is it possible that any group policy setting foces the antivirus software to delete infected files?
In order to troubleshoot this issue, we will need to analyse the settings on your server.
Could you open a support ticket and attached an fsdiag of the server that keeps deleting the eicar file despite the "Report only" setting?