Antivirus Software Fails to Quarantine Malware

Hello, we have System Center Endpoint Protection for our antivirus product and we get email alerts when the software detects malware on a client.  However we are noticing that occasionally the software "fails" to quarantine some malware.  Below is a sanitized example email reporting the failure.  As an experiment we have tried giving Everyone full permissions on the infected PST file and then running the scan again but it still fails.  We are sure the file is not in use since it is a user who has long since retired.  Any tips on how to make SCEP not fail to quarantine?  Thanks.

Configuration Manager Endpoint Protection has detected malware on one or more computers in your organization

Collection name: All Clients

Malware Name: Worm:Win32/Sober.Z@mm!CME681 Number of infections: 1 Last detection time(UTC time): 3/31/2015 2:07:19 PM

These are the infections of this malware:
1. Computer name: WS1
Domain: Domain.local
Detection time(UTC time): 3/31/2015 2:07:19 PM Malware file path: file:_C:\Users\Administrator.WS1\Desktop\IJones\Email\backup.pst->Message.7701: "Department@fbi.gov [Your IP was logged]" [2005/12/22 23:38:32]: Attachment.9899: "list.zip"->File-packed_dataInfo.exe;file:_C:\Users\Administrator.WS1\Desktop\IJones\Email\backup.pst->Message.7737: "info@nwurce.com [Paris_Hilton_&_Nicole_Richie]" [2005/11/22 02:26:32]: Attachment.9946: "downloadm.zip"->File-packed_dataInfo.exe;file:_C:\Users\Administrator.WS1\Desktop\IJones\Email\backup.pst->
Remediation action: Quarantine
Action status: Failed
KishwaukeeAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Fred MarshallPrincipalCommented:
A couple of thoughts:

- no antimalware program is perfect.  So, you might productively use another tool to see if you can't get past this issue.

- it appears that the offending file in in a .zip file which was an email attachment / download.  That's "drilling down" quite a bit as the .pst is also a file unto itself.  So, this level of  encapsulation may well be the issue for you here.  I would consider removing the .pst file altogether as it's a backup.  If that's not acceptable practice then another approach would be to open the .pst file with Outlook and delete the offending attachment.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Judit Camacho DíazCommented:
I propose trying SUPERAntiSpyware, I have the free version download and it was by far more efficient that Microsoft Security Essentials.

http://www.superantispyware.com/

Detect and Remove Spyware, Adware and Remove Malware, Trojans, Dialers, Worms, KeyLoggers, HiJackers, Parasites, Rootkits, Rogue Security Products and many other types of threats.

Light on System Resources and designed not to slow down your computer like many other anti-spyware products. Designed not to conflict with your existing anti-spyware or anti-virus solution!

Repair broken Internet Connections, Desktops, Registry Editing and more with our unique Repair System!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.