Symantec Support Tool: How to collect suspicious files and submit the samples to the Symantec Security Response Team.

Article:TECH147870  |  Created: 2011-01-11  |  Updated: 2012-05-01  |  Article URL http://www.symantec.com/docs/TECH147870
Article Type
Technical Solution

Product(s)

Subject

Issue



Symantec Support Tool: How to collect suspicious files and submit the samples to the Symantec Security Response Team.


Solution



If there is a suspected outbreak under way, be sure to read Best practices for troubleshooting viruses on a network and take the necessary actions!
 
 
Please follow the steps below to collect and submit suspicious files to Symantec's Security Response Team:
 
 
 
2) To generate this data for Technical Support, please use the following steps:
 

1. Open the utility and accept the license agreement.
2. Place a check mark next to each category that is relevant to your issue.  Be sure to collect Load Point Analysis information! Click Next when ready.
3. After the utility has finished collecting data, click Save full data for support.

 
3) To submit this data to Technical Support, please use the following steps:
 

1. This data is saved by default to the root of drive C with a filename in the following format :
"<computer name>_<date>_<time>_full.sdbz" 
2. Submit this report to the Technical Support agent by attaching the .sdbz file as a file attachment to the email the agent has sent. This will automatically attach the report file to the case. 


4) While running the utility, collect the suspicious files as shown in the following picture:
 
 
  

 
 

1. Click on the button Copy the files to a single location. The suspicious files can then be saved to a chosen directory.
2. Please add the files to a zip archive before submitting. Make sure that the zip archive file does not include more than 9 files and /or 10MB of size.


5) Submit these suspicious files to Symantec Security Response for analysis.
 

1. Click on this link to begin the process: https://submit.symantec.com/basic 

Note: This link is for customers with a Basic entitlement. If there is a different entitlement associated with the case, check with the Technical Support agent for the needed link.

2. Fill out the form and upload the file(s). If unsure on the Support ID number, check with the Technical Support agent.
3. A confirmation email will be sent with a tracking number and within 24 to 48 hours a follow-up email should arrive explaining if the file is viral or not. If it is viral, a set of rapid release definitions will be referenced as addressing the associated threat. These can be installed so that Symantec Endpoint Protection (SEP) or Symantec AntiVirus (SAV) can then detect the infected file and prevent a re-infection.


6) Submit the file to Threat Expert (owned by Symantec).
 

Automated analysis can be performed for some types of threats through http://www.threatexpert.com. This step can quickly identify the sites the threat is coded to contact so they can be blocked at the firewall. Symantec Support does not provide troubleshooting for http://www.threatexpert.com and this step does not replace the need to submit files to Symantec Security Response.
 

For more information, please see How to submit files to the Threat Expert website





Article URL http://www.symantec.com/docs/TECH147870


Terms of use for this information are found in Legal Notices