Agreed. I just got done submitting (several days late) to virustotal.com a set of .LNK files that were marked on our file server. By the time I had submitted them, nobody thought that they were dangerous (except esafe, which is really weird.)
They were marked as report only, so it was no big deal, but if I'd had to rescue them, it would have been more interesting. Kurt On Fri, Jul 30, 2010 at 15:52, Alex Eckelberry <al...@sunbelt-software.com> wrote: > This is actually a really good idea. > > > > > > From: Angus Scott-Fleming [mailto:an...@geoapps.com] > Sent: Thursday, July 29, 2010 9:43 PM > To: NT System Admin Issues > Cc: Alex Eckelberry > Subject: Re: Vipre false positives? > > > > On 26 Jul 2010 at 9:08, Jeff Cain wrote: > > > >> These should have been addressed in def version 6636. If not please >> let us know right > >> away. > > > > IMHO VIPRE needs a "Rescan Quarantined Files" option -- an "auto-recover > from FP" feature. > > > > The "Rescan" should allow us to select, from the console, an agent or set of > agents, and allow us to tell each agent to rescan its quarantined items > using the current set of defs, which presumably has corrected the FP. There > should be an option to unquarantine -- to restore -- anything that scans > "clean", with an option to email the report to the administrator either way. > There should be an option to time-limit the items being rescanned so we only > scan a given date range, this would allow us to limit the scanning to the > last day or week of quarantined items. We should be able to schedule the > rescan, too, so the scan happens when it won't interfere with work. > > > > This would allow us to recover easily from an episode of False Positives > that erroneously quarantines files on multiple systems (as long as those > systems are still bootable and the VSE Agent is running there). It is > tolerable if you have a few machines with FPs. I can't imagine cleaning up > an FP episode on hundreds of machines. > > > > We all understand that all AV products either suffer from FPs or infections > that get by. I'd rather have the FPs, but having a "Rescan Quarantine" > would really set VIPRE apart from other AV products. I don't know of any > other product which offers this. > > > > Discussion welcome. > > > > Angus > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
