Recommended Actions for Malware Detection by AV

Recommended Actions for a Malware Detection Alert from Securepoint Antivirus Pro

New article: 11.2025

notempty

This article refers to a Beta version

-

To avoid possible infection, various measures should already be taken in advance:

Webfilter/Content Filter

from the cloud so that malware is filtered out in advance and does not reach employees' inboxes

If our AV reports a malware infection, it has detected and quarantined at least one malicious file.

In most cases, the malware infection is blocked by this, however, we cannot guarantee this.

The affected system and its network environment(s) should be monitored more closely after a malware detection and, if necessary, subjected to further analysis. Logs can be helpful here, e.g., Logs.
In the case of a malware infection, the user of the system has usually done something dangerous.
Similar actions should be prevented in the future through restrictions and employee training.
Analysis of the Infection Path
- In the AV client
  Vorlage:Image
  and in the AV portal
  Dashboard section Devices with Status: Critical
  , the location of the detected file can be viewed.
  Often, an infection path can be interpreted based on the location.
- If the file is located, for example, in the Downloads directory, it is likely that it was actively downloaded and saved by the user via the browser or another program. Discussing with the user can often help narrow down the infection path.
Check if, for example, HTTP Proxy with Virus Scanner,

Webfilter, Cloud Shield, Mobile Security, and Mobile Device Management are correctly set up

For systems and networks with particularly high security requirements, the affected system should be reinstalled.