I need a way to clean the infected files detected by Traps agent

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

I need a way to clean the infected files detected by Traps agent

L0 Member

In our Environment the traps detected a lot of threats and blocked them from execution,however after they are blocked they still exist in our network,
we  need a way to clean or delete these infected files.

6 REPLIES 6

Think the only way is to identify the path and delete them manually or use some scripts.

As far as I am aware traps does not scan or delete files automatically. It will only stop the execution of exploits and malicious files.

It's the same for us.
We use Traps with another Sophos Endpoint antivirus. The problem is that Sophos detects the files in the trap quarantine and we want to delete them manually and we can't.

We've tried it:

-Connect to the remote Traps console and perform a deletion of the /f pathfile. I thought that the Traps console already had enough permissions to delete their files. (bummer!)
-I tried to run from the same console a /User rune:... but it asks me for the password and I can't type it.
-I tried to connect through Windows Explorer with a domain user who is a member of the machine's administrator. I see the file but it won't let me delete it.

What permissions and what do I have to do to delete it?
Can someone share the way to do it?
Palo Alto could take note of improving the product. He can be very good at detecting viruses but if he doesn't improve the console and management tools we don't do anything.

 

Regards

L3 Networker

Not sure if this is updated or not or if a resolution has been provided. You can configure quarantine settings in the Malware profile on the TMS. I believe it's disabled by default. 

 

This article speaks to this better than I can. Hope it helps. 

https://docs.paloaltonetworks.com/traps/tms/traps-management-service-admin/assess-and-remediate-secu...

Hi,

 

Thank you for your answer. But it does not indicate how to remove a malicious element that is in the quarantine.

 

I don't understand why there's no option in the console to tell the agent to delete it.

 

I still think the console has a long way to go to catch up with other similar products.

 

Regards

Hi there- if you can send me a private message with your contact info, I can log a feature request for this function. 


David Falcon 
Senior Solutions Architect, Cortex
Palo Alto Networks® 

Hi,

 

I tried to send you a private message but it showed:

 

You do not have sufficient privileges for this resource or its parent to perform this action.

Click your browser's Back button to continue.

 

 

  • 9082 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!