Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3064
Views
5
Helpful
3
Replies

FireAMP unable to delete outlook attachment on MAC's

Go to solution
Skjalg Eggen
Level 1
Level 1

‎08-25-2016 05:47 AM - edited ‎02-20-2020 09:01 PM

We have couple of MAC's with tons of malware E-mails in their Outlook.

FireAMP detects this, but is unable to delete or quarentine the malware.

we get this: The file was not quarantined. Error: Cannot delete file.

I'm thinking that this looks like a rights issue?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
kwalcott
Cisco Employee
Cisco Employee

‎09-13-2016 10:05 AM

Hello Skjalg,

Deletion of email attachments in Mail.app would cause database corruption. The connector does not delete these attachments for this reason. The event is triggered to alert administrators so that they can can take the necessary actions.

See the AMP documentation for further clarification:

"Email messages containing malware will not be quarantined by the AMP for Endpoints Mac Connector to prevent corruption of the local mail database. Email messages will still be scanned and a detection event will be generated for any malware allowing the administrator to remove the malicious email directly from the mail server but a quarantine failed event will also appear. If Mail.app is configured to automatically download attachments, any malicious attachments will be quarantined as expected."

Let me know if this answers your question and if you need anything else.

View solution in original post

3 Replies 3

Go to solution
Jetsy Mathew
Cisco Employee
Cisco Employee

‎09-02-2016 12:40 AM

Hello Eggen,

You should confirm if there is any other antivirus runs on the same ?

If Fireamp detects and couldnt remove it , then there might be a chance that the other antivirus already quarantined the file . Verify if there is any other antivirus is active in the system.

Rate and mark correct if the post helps you.

Regards

Jetsy 

0 Helpful

Go to solution
Jetsy Mathew
Cisco Employee
Cisco Employee
In response to Jetsy Mathew

‎09-06-2016 10:47 PM

Hello Eggen,

Have you been able to find the issue with our post ?

If so, rate and mark correct if the post helps you.

Regards

Jetsy 

0 Helpful

Go to solution
kwalcott
Cisco Employee
Cisco Employee

‎09-13-2016 10:05 AM

Hello Skjalg,

Deletion of email attachments in Mail.app would cause database corruption. The connector does not delete these attachments for this reason. The event is triggered to alert administrators so that they can can take the necessary actions.

See the AMP documentation for further clarification:

"Email messages containing malware will not be quarantined by the AMP for Endpoints Mac Connector to prevent corruption of the local mail database. Email messages will still be scanned and a detection event will be generated for any malware allowing the administrator to remove the malicious email directly from the mail server but a quarantine failed event will also appear. If Mail.app is configured to automatically download attachments, any malicious attachments will be quarantined as expected."

Let me know if this answers your question and if you need anything else.

Customers Also Viewed These Support Documents