Responding to Power Eraser detections
Power Eraser does not remediate any detections during a scan because its aggressive detection capability is prone to false positives. You must request remediation for detected events from the logs after you review the detections and decide whether to remediate them or leave them alone. If you choose remediation, Power Eraser removes the files that are associated with the detection. However, you can restore the removed files until the logs are purged.
The log retention policy determines how long Power Eraser events are available. By default, the events are available for 14 days.
For more information, see:
- To respond to Power Eraser detections
- Make sure that the Power Eraser analysis completed.
- The Computer Status log includes an icon that indicates the scan is complete.
- The Scan log shows whether or not Power Eraser finished the analysis.
- In the Risk log or on theScan log > View detectionspage, select a single detection or multiple detections to which to apply an action.
- Next to a particular risk that is labeledPotential risk found (Pending admin action), click the plus icon in theActioncolumn.
- Select multiple risks that are labeledPotential risk found (Pending admin action), and then select the action from theActiondrop-down menu.
- Choose one of the following actions:
- Delete risk that Power Eraser detectedRemediates the risk by removing it from the computer. Power Eraser saves a safe backup file that can be restored.
- Ignore risk that Power Eraser detectedAcknowledges that you reviewed the detection and do not want to remediate the risk.This action changes the event action to “Left alone by Admin” in the management console logs only. The acknowledgement does not update the corresponding event action on the client. The client log view continues to show the event action as “Pending analysis.”
- If you selected an action from theActiondrop-down menu, clickApply.
If you selected
Ignore risk that Power Eraser detected, the detection now appears as
Potential risk found (left alone).
You can restore a removed detection that is labeled
Potential risk found (Removed)by selecting the
Restore risk that Power Eraser deletedaction.
Pending admin action
Power Eraser detected the risk as a potential threat. You should review the risk and decide if Power Eraser should remediate the risk or acknowledge the risk and leave it alone.
An administrator restored any files that were moved when an administrator requested that Power Eraser remediate the risk.
An administrator requested that Power Eraser remediate and delete the risk. When Power Eraser deletes a risk, it deletes the files that are associated with the risk but makes safe backup copies that can be restored. You might want to restore a deleted risk that you later determine is not a risk. You can restore the files until the log events are purged.
Left alone by admin
An administrator requested that Power Eraser leave the risk alone.