I have the Malware Policy default actions for our SCCM EP clients set at:
Severe - Quarantine
High - Quarantine
Medium - Quarantine
Low - Allow.
However, recently, an executable file to run backups on client PCs that was compiled by one of our managers has been seen by SCEP as a virus labelled as Trojan:Win32/Pocyx.F!plock. I suspect it is related to the program that complied the script.
But my question is SCEPs behavior. It just deletes the file when we place it somewhere not in my Exclusion path. I have seen it disappear on a network share just seconds after placing it there, as well as a users desktop when copied there from elsewhere.
I'm not sure how to affect this behavior, how/where it is defined to just obliterate it without sending it to Quarantine.
Any thought would be appreciated.