Views:

Apply the recommended settings

Applying the recommended settings offers the best protection against malware. Please refer to the KB article on the best practices in configuring Apex One for malware protection.

Temporarily disable the scan exclusion until the outbreak is stopped

 
There's a high possibility that scan exclusion maybe preventing Apex One from cleaning infected files. Temporarily disable the scan exclusion to ensure that Apex One will be able to scan and clean all files/directories including itself.
 
  1. Log on to the Apex One management console.
  2. Go to Agents > Agent Management.
  3. In the Agent Tree, select the Apex One Server/Domain/Computer.
  4. Go to Settings > Scan Settings > Real-time Scan Settings.
  5. Uncheck Enable scan exclusion.

    scan exclusion

  6. Do the same for the other scan types:
    • Manual Scan Settings
    • Scheduled Scan Settings
    • Scan Now Settings
  7. Click Save.

Identify and clean the infection sources

 
Change the file extension of ATTK from .exe to .com. This will prevent certain viruses like PE_SALITY from infecting it.
 
    1. Export the Virus/Malware Logs.
    2. Check for infection sources under the Infection Source column.

      logs

    3. Clean the infection sources using ATTK and ensure that they have Apex One Agent installed
 
Should you need additional recommendation, submit the Virus/Malware Logs to Trend Micro Technical Support for analysis.
 

Check for Unmanaged Endpoints

Computers that do not have antivirus software installed are prone to infection. They could potentially compromise other computers in the network.

The Unmanaged Endpoints in Apex One can be found under Assessment > Unmanaged Endpoints. It can display computers with the following status:

  • Managed by another Apex One server
  • No Apex One agent installed
  • Unreachable
  • Unresolved Active Directory assessment

security status

Run a regular security assessment to check for Unmanaged Endpoints and install Apex One agent on unprotected computers.

What to do when Apex One fails to clean an infected file

  1. Ensure that you are using specific scan action for Virus. The recommended scan actions are:
    • 1st scan action: Clean
    • 2nd scan action: Quarantine
     
    Unlike Trojans or Worms which can immediately be deleted or quarantined, the the 1st scan action for Virus should be Clean - Apex One will attempt to remove the virus code that was injected into the file. If the 1st scan action is different, ex. delete, then you will not be able to recover the file which may be critical to your system/application.
     
  2. A bandage pattern maybe required for the cleanup. Submit the infected file to Trend Micro Technical Support for analysis.
Keywords: virus outbreak,virus out break,out break,control virus outbreak,control outbreak,Biological virus,clean virus outbreak,virus outbreak what to do