Responding to Power Eraser detections

Power Eraser does not remediate any detections during a scan because its aggressive detection capability is prone to false positives. You must request remediation for detected events from the logs after you review the detections and decide whether to remediate them or leave them alone. If you choose remediation, Power Eraser removes the files that are associated with the detection. However, you can restore the removed files until the logs are purged.
The log retention policy determines how long Power Eraser events are available. By default, the events are available for 14 days.
For more information, see:
  1. To respond to Power Eraser detections
  2. Make sure that the Power Eraser analysis completed.
    • The Computer Status log includes an icon that indicates the scan is complete.
    • The Scan log shows whether or not Power Eraser finished the analysis.
  3. In the Risk log or on the
    Scan log > View detections
    page, select a single detection or multiple detections to which to apply an action.
    • Next to a particular risk that is labeled
      Potential risk found (Pending admin action)
      , click the plus icon in the
      Action
      column.
    • Select multiple risks that are labeled
      Potential risk found (Pending admin action)
      , and then select the action from the
      Action
      drop-down menu.
  4. Choose one of the following actions:
    • Delete risk that Power Eraser detected
      Remediates the risk by removing it from the computer. Power Eraser saves a safe backup file that can be restored.
    • Ignore risk that Power Eraser detected
      Acknowledges that you reviewed the detection and do not want to remediate the risk.
      This action changes the event action to “Left alone by Admin” in the management console logs only. The acknowledgement does not update the corresponding event action on the client. The client log view continues to show the event action as “Pending analysis.”
  5. If you selected an action from the
    Action
    drop-down menu, click
    Apply
    .
If you selected
Ignore risk that Power Eraser detected
, the detection now appears as
Potential risk found (left alone)
.
You can restore a removed detection that is labeled
Potential risk found (Removed)
by selecting the
Restore risk that Power Eraser deleted
action.
Summary of Power Eraser detection states
Detection state
Description
Pending admin action
Power Eraser detected the risk as a potential threat. You should review the risk and decide if Power Eraser should remediate the risk or acknowledge the risk and leave it alone.
Restored
An administrator restored any files that were moved when an administrator requested that Power Eraser remediate the risk.
Deleted
An administrator requested that Power Eraser remediate and delete the risk. When Power Eraser deletes a risk, it deletes the files that are associated with the risk but makes safe backup copies that can be restored. You might want to restore a deleted risk that you later determine is not a risk. You can restore the files until the log events are purged.
Left alone by admin
An administrator requested that Power Eraser leave the risk alone.