Why does KES endpoint report a virus infection which cannot be removed or keeps returning after deletion?
As the first step to ensure the highest protection level we recommend
to apply all the available patches for your MS Windows Operating System -
this step is extremely important as many viruses use security holes in outdated operating systems.
2. Ensure the endpoint has the latest AVG signature updates - check this on the Security > Protection > Manual Update pageFor the next steps, log onto the desktop of the infected system and use the AVG user interface (c:\program files\avgx\avgui.exe)
Enable the "Scan files on close" feature in AVG Resident Shield to
increase the system protection - Launch AVG User Interface -> choose
"Advanced settings" from the "Tools" menu -> select "Resident Shield"
from the left tree menu -> tick the "Scan files on close" checkbox
and confirm by clicking the "OK" button.
4. Restart the computer.
5. Run the "Scan whole computer" test.
6. Please answer the following questions:
- Is the virus detected by the "Scan whole computer" test?
- Is the virus detected only by AVG Resident Shield?
- Is it possible to Delete, Heal or Move to Vault this infected file?
- Is this virus detected repeatedly? Is it the same file?
- When is the infected file detected: after restarting the PC or after connecting to Internet?
We may need to check the list of processes running on the computer for
any suspicious files. To provide us with this list, please proceed as
Download the AVG service utility from this location to your computer
(we recommend saving it to your desktop) and run it. Detailed information will be displayed on your screen:
8. Attach theresulting "result.7z" file from step 7 to your support ticket9. Run AVG diagnostics as described in KB Article KKB000275 and attach the resulting zip file to your support ticket
sending us the gathered data, we recommend to disable the "Scan files
on close" option (as described in step 3), to reduce the resources
Kaseya Endpoint Security (KES)AVG Anti-virus