How to collect and submit to Symantec Security Response suspicious files found by the SymHelp utility
|Article:TECH203027|||||Created: 2013-02-21|||||Updated: 2013-05-23|||||Article URL http://www.symantec.com/docs/TECH203027|
The Symantec Help (SymHelp) utility identified suspicious files, and you want to collect and submit them to the Symantec Security Response team for analysis.
SymHelp is a cross-product diagnostic utility designed for troubleshooting and identifying common issues that customers encounter.
SymHelp is designed to support Symantec Endpoint Protection 12.1 RU2 and the Windows 8 & Windows 2012 operating systems.
When running the legacy Symantec Endpoint Pprotection Support Tool on any computer running Windows 8 / Windows 2012 or Symantec Endpoint Protection 12.1 RU2, then you may receive the following error:
Symantec Endpoint Protection is not supported on the following Windows operating systems:
Windows Server 2012 and Windows 8
To troubleshoot Symantec Endpoint Protection on this OS and previous OS's
use Symantec Help (SymHelp):
This error box includes a link to download SymHelp (see Related Articles below).
- Symantec Backup Exec 11d to 2012
- Symantec Backup Exec System Recovery 6.5 to 8.x
- Symantec Data Loss Prevention 11.0 and later
- Symantec Endpoint Protection 11.0 and later
- Symantec Mail Security for Microsoft Exchange 6.5.2 and later
- Symantec System Recovery 2010 to 2012
- VIP Access
Start Symantec Help (SymHelp). To download, see the following page:
Run the Load Point Analysis scan as outlined in the following article:
Once the scan is complete, the report displays any suspicious files or processes detected by Symantec. Click Copy files to a folder... and then navigate to and then choose a folder of your choice in which to save the suspicious files. Click OK.
Close the report, and then exit SymHelp.
To submit these files for analysis, you must compress the folder into a .zip archive. Do not include more than nine (9) files per archive. The archive should not be more than 10 MB in size, nor should you password it.
To submit the files to Symantec Security Response for analysis, click on one of the following links:
Fill out the form, and upload the file(s).
Note: For Essential and BCS license holders, check with your technical support representative if you are not sure what your Support ID is.
You will receive a confirmation email with a tracking number, and within 24 to 48 hours you should receive an email telling you if the file is a threat or not. If it is a threat, you will be provided with a set of Rapid Release Definitions. These can be applied to the affected system so that Symantec Endpoint Protection can then detect the infected file and prevent a reinfection
You can also submit the file for analysis to Threat Expert, which is owned by Symantec.Automated analysis can be performed for some types of threats through http://www.threatexpert.com. This step can quickly identify the sites the threat is coded to contact so they can be blocked at the firewall. Symantec Support does not provide troubleshooting for http://www.threatexpert.com, and this step does not replace the need to submit files to Symantec Security Response.
To create a case with Symantec Technical Support using MySymantec or by phone, see the following page:
Contact Business Support
Note: To run the Legacy SEP Support Tool, please follow the Instructions provided in the following article:
Article URL http://www.symantec.com/docs/TECH203027