What should I do if Endpoint Protection detects malicious software on my computer?
Updated: April 1, 2012
Applies To: System Center 2012 Configuration Manager, System Center 2012 R2 Configuration Manager, System Center 2012 Endpoint Protection SP1, System Center 2012 Configuration Manager SP1, System Center 2012 Endpoint Protection, Windows Intune, Forefront Endpoint Protection, System Center 2012 R2 Endpoint Protection
If Endpoint Protection detects malicious software or potentially unwanted software on your computer (either when monitoring your computer using real-time protection or after running a scan), it notifies you about the detected item by displaying a notification message in the bottom right-hand corner of your screen.
The notification message includes a Clean computer button and a Show details link that lets you view additional information about the detected item. Click the Show details link to open the Potential threat details window to get additional information about the detected item. You can now choose which action to apply to the item, or click Clean computer. If you need help determining which action to apply to the detected item, use the alert level that Endpoint Protection assigned to the item as your guide (for more information see, Understanding alert levels).
Alert levels help you choose how to respond to viruses, spyware, and other potentially unwanted software. While Endpoint Protection will recommend that you remove all viruses and spyware, not all software that is flagged is malicious or unwanted. The following information can help you decide what to do if Endpoint Protection detects potentially unwanted software on your computer.
Depending on the alert level, you can choose one of the following actions to apply to the detected item:
Remove—This action permanently deletes the software from your computer.
Quarantine—This action quarantines the software so that it can't run. When Endpoint Protection quarantines software, it moves it to another location on your computer, and then prevents the software from running until you choose to restore it or remove it from your computer.
Allow—This action adds the software to the Endpoint Protection allowed list and allows it to run on your computer. Endpoint Protection will stop alerting you to risks that the software might pose to your privacy or to your computer.
If you choose Allow for an item, such as software, Endpoint Protection will stop alerting you to risks that the software might pose to your privacy or to your computer. Therefore, add software to the allowed list only if you trust the software and the software publisher.