Sophos - Quarantine - No rights

Discussions around the setup, operation, replacement, and disposal of clerk computers, not to include using MLS
Post Reply
User avatar
greenwoodkl
Member
Posts: 288
Joined: Sun Jan 21, 2007 1:59 am
Location: Orem, Utah, Utah, United States
Contact:
Contact greenwoodkl

Sophos - Quarantine - No rights

#1

Post by greenwoodkl »

I just updated our clerk computer from Symantec to Sophos. After a long update period and a reboot, it did a scan. It found a file: C:\WINDOWS\service.exe that it quarantined for containing two viruses. I did not see the file in C:\WINDOWS but in hindsight I didn't verify hidden files were visible, I'll check that at Church later. However, it said I did not have rights to take any action against the files. The computer only has two accounts listed in the Control Panel - CLERK and Guest and CLERK is an Administrator account. Do I just leave those files in Quarantine forever? Is it a random quirk?
Top
russellhltn
Community Administrator
Posts: 34490
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#2

Post by russellhltn »

kgthunder wrote:It found a file: C:\WINDOWS\service.exe that it quarantined for containing two viruses. I did not see the file in C:\WINDOWS but in hindsight I didn't verify hidden files were visible,
I'd think you wouldn't see them because they've been moved to quarantine. A quick look at my home machine running XP Pro doesn't show any "service.exe" file in the C:\Windows directory. Nor do I find that file in any subdirectory.
kgthunder wrote:However, it said I did not have rights to take any action against the files. [...] Do I just leave those files in Quarantine forever? Is it a random quirk?
It's not random, but It's unclear if that's policy or not. As such, I hesitate to explain how fix that as it may be construed as "Methods for circumventing Church policies or security mechanisms" which is prohibited. As long as it doesn't keep complaining about those quarantined files, I don't see a problem with leaving them there.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
Top
scgallafent
Church Employee
Church Employee
Posts: 3025
Joined: Mon Feb 09, 2009 4:55 pm
Location: Riverton, Utah

#3

Post by scgallafent »

RussellHltn wrote:A quick look at my home machine running XP Pro doesn't show any "service.exe" file in the C:\Windows directory. Nor do I find that file in any subdirectory.
You won't find it (unless you've got the infection). There is a file in \Windows\System32 called services.exe.

This is a technique used to make the infection look almost legitimate. From the virus writer's standpoint, this serves to either look important enough that a typical user won't touch it or be close enough to a legitimate file that an experienced user looks at it and misses the slight discrepancy.
Top
Post Reply

Return to “Clerk Computers”