I need a way to clean the infected files detected by Traps agent

Reply
Highlighted
L0 Member

I need a way to clean the infected files detected by Traps agent

In our Environment the traps detected a lot of threats and blocked them from execution,however after they are blocked they still exist in our network,
we  need a way to clean or delete these infected files.

Tags (1)
Highlighted

Think the only way is to identify the path and delete them manually or use some scripts.

As far as I am aware traps does not scan or delete files automatically. It will only stop the execution of exploits and malicious files.

Tags (1)
Highlighted
L3 Networker

It's the same for us.
We use Traps with another Sophos Endpoint antivirus. The problem is that Sophos detects the files in the trap quarantine and we want to delete them manually and we can't.

We've tried it:

-Connect to the remote Traps console and perform a deletion of the /f pathfile. I thought that the Traps console already had enough permissions to delete their files. (bummer!)
-I tried to run from the same console a /User rune:... but it asks me for the password and I can't type it.
-I tried to connect through Windows Explorer with a domain user who is a member of the machine's administrator. I see the file but it won't let me delete it.

What permissions and what do I have to do to delete it?
Can someone share the way to do it?
Palo Alto could take note of improving the product. He can be very good at detecting viruses but if he doesn't improve the console and management tools we don't do anything.

 

Regards

Highlighted
L2 Linker

Not sure if this is updated or not or if a resolution has been provided. You can configure quarantine settings in the Malware profile on the TMS. I believe it's disabled by default. 

 

This article speaks to this better than I can. Hope it helps. 

https://docs.paloaltonetworks.com/traps/tms/traps-management-service-admin/assess-and-remediate-secu...

Highlighted
L3 Networker

Hi,

 

Thank you for your answer. But it does not indicate how to remove a malicious element that is in the quarantine.

 

I don't understand why there's no option in the console to tell the agent to delete it.

 

I still think the console has a long way to go to catch up with other similar products.

 

Regards

Highlighted
L4 Transporter

Hi there- if you can send me a private message with your contact info, I can log a feature request for this function. 


David Falcon 
MDR Systems Engineer, Cortex
Palo AltoNetworks® 
Highlighted
L3 Networker

Hi,

 

I tried to send you a private message but it showed:

 

You do not have sufficient privileges for this resource or its parent to perform this action.

Click your browser's Back button to continue.

 

 

Tags (1)
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!