Antivirus Software Fails to Quarantine Malware

Hello, we have System Center Endpoint Protection for our antivirus product and we get email alerts when the software detects malware on a client.  However we are noticing that occasionally the software "fails" to quarantine some malware.  Below is a sanitized example email reporting the failure.  As an experiment we have tried giving Everyone full permissions on the infected PST file and then running the scan again but it still fails.  We are sure the file is not in use since it is a user who has long since retired.  Any tips on how to make SCEP not fail to quarantine?  Thanks.

Configuration Manager Endpoint Protection has detected malware on one or more computers in your organization

Collection name: All Clients

Malware Name: Worm:Win32/Sober.Z@mm!CME681 Number of infections: 1 Last detection time(UTC time): 3/31/2015 2:07:19 PM

These are the infections of this malware:
1. Computer name: WS1
Domain: Domain.local
Detection time(UTC time): 3/31/2015 2:07:19 PM Malware file path: file:_C:\Users\Administrator.WS1\Desktop\IJones\Email\backup.pst->Message.7701: "Department@fbi.gov [Your IP was logged]" [2005/12/22 23:38:32]: Attachment.9899: "list.zip"->File-packed_dataInfo.exe;file:_C:\Users\Administrator.WS1\Desktop\IJones\Email\backup.pst->Message.7737: "info@nwurce.com [Paris_Hilton_&_Nicole_Richie]" [2005/11/22 02:26:32]: Attachment.9946: "downloadm.zip"->File-packed_dataInfo.exe;file:_C:\Users\Administrator.WS1\Desktop\IJones\Email\backup.pst->
Remediation action: Quarantine
Action status: Failed
KishwaukeeAsked:
Who is Participating?
 
Fred MarshallPrincipalCommented:
A couple of thoughts:

- no antimalware program is perfect.  So, you might productively use another tool to see if you can't get past this issue.

- it appears that the offending file in in a .zip file which was an email attachment / download.  That's "drilling down" quite a bit as the .pst is also a file unto itself.  So, this level of  encapsulation may well be the issue for you here.  I would consider removing the .pst file altogether as it's a backup.  If that's not acceptable practice then another approach would be to open the .pst file with Outlook and delete the offending attachment.
0
 
Judit Camacho DíazCommented:
I propose trying SUPERAntiSpyware, I have the free version download and it was by far more efficient that Microsoft Security Essentials.

http://www.superantispyware.com/

Detect and Remove Spyware, Adware and Remove Malware, Trojans, Dialers, Worms, KeyLoggers, HiJackers, Parasites, Rootkits, Rogue Security Products and many other types of threats.

Light on System Resources and designed not to slow down your computer like many other anti-spyware products. Designed not to conflict with your existing anti-spyware or anti-virus solution!

Repair broken Internet Connections, Desktops, Registry Editing and more with our unique Repair System!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.