Server Security 10.50 keeps deleting eicar.txt

Hello,

 

we are running Server Security 10.50 on a Windows 2008 R2 server and encountered a strange problem:

 

In Real-Time scan, the action on infection is set to "Report Only".


However, when copying an eicar.txt file to the server, it is deleted:

 

Malicious code found in file C:\Users\xxxxxx\Desktop\eicar.txt.
Infection: EICAR_Test_File
Action: The file was deleted.

 

But on another server running Windows 2008 R2 server, the file is not deleted:

 

Malicious code found in file C:\Documents and Settings\xxxxxx\Desktop\eicar.txt.
Infection: EICAR_Test_File
Action: none.

 

Both servers have exactly the same Antivirus policy.

However, the first mentioned server has stricter requirements to security settings and therefore has some additional settings in its Active Directory group policy. Is it possible that any group policy setting foces the antivirus software to delete infected files?

 

 

Any ideas?

 

Best Regards,

Johannes

 

Comments

  • BenBen Posts: 2,641 F-Secure Product Expert

    Hello Jopal,

     

    In order to troubleshoot this issue, we will need to analyse the settings on your server.

     

    Could you open a support ticket and attached an fsdiag of the server that keeps deleting the eicar file despite the "Report only" setting?

     

     

  • jopaljopal Posts: 3

    Hi Ben,

     

    thanks for your answer.

     

    I opened a support ticket.

     

     

    Regards,

    Johannes

This discussion has been closed.