Sophos - Quarantine - No rights

Discussions around the setup, operation, replacement, and disposal of clerk computers, not to include using MLS
User avatar
greenwoodkl
Member
Posts: 242
Joined: Sun Jan 21, 2007 1:59 am
Location: Orem, Utah, United States
Contact:

Sophos - Quarantine - No rights

Postby greenwoodkl » Sat Oct 16, 2010 11:08 pm

I just updated our clerk computer from Symantec to Sophos. After a long update period and a reboot, it did a scan. It found a file: C:\WINDOWS\service.exe that it quarantined for containing two viruses. I did not see the file in C:\WINDOWS but in hindsight I didn't verify hidden files were visible, I'll check that at Church later. However, it said I did not have rights to take any action against the files. The computer only has two accounts listed in the Control Panel - CLERK and Guest and CLERK is an Administrator account. Do I just leave those files in Quarantine forever? Is it a random quirk?

russellhltn
Community Administrator
Posts: 20723
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Sun Oct 17, 2010 6:36 am

kgthunder wrote:It found a file: C:\WINDOWS\service.exe that it quarantined for containing two viruses. I did not see the file in C:\WINDOWS but in hindsight I didn't verify hidden files were visible,


I'd think you wouldn't see them because they've been moved to quarantine. A quick look at my home machine running XP Pro doesn't show any "service.exe" file in the C:\Windows directory. Nor do I find that file in any subdirectory.

kgthunder wrote:However, it said I did not have rights to take any action against the files. [...] Do I just leave those files in Quarantine forever? Is it a random quirk?


It's not random, but It's unclear if that's policy or not. As such, I hesitate to explain how fix that as it may be construed as "Methods for circumventing Church policies or security mechanisms" which is prohibited. As long as it doesn't keep complaining about those quarantined files, I don't see a problem with leaving them there.
Have you searched the Wiki?
Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

scgallafent
Church Employee
Church Employee
Posts: 1043
Joined: Mon Feb 09, 2009 4:55 pm
Location: Riverton, Utah

Postby scgallafent » Wed Oct 20, 2010 8:00 am

RussellHltn wrote:A quick look at my home machine running XP Pro doesn't show any "service.exe" file in the C:\Windows directory. Nor do I find that file in any subdirectory.


You won't find it (unless you've got the infection). There is a file in \Windows\System32 called services.exe.

This is a technique used to make the infection look almost legitimate. From the virus writer's standpoint, this serves to either look important enough that a typical user won't touch it or be close enough to a legitimate file that an experienced user looks at it and misses the slight discrepancy.


Return to “Clerk Computers”

Who is online

Users browsing this forum: No registered users and 1 guest