How to collect and submit to Symantec Security Response suspicious files found by the SymHelp utility

Article:TECH203027  |  Created: 2013-02-21  |  Updated: 2014-08-01  |  Article URL http://www.symantec.com/docs/TECH203027
Article Type
Technical Solution

Product(s)

Environment

Issue



The Symantec Help (SymHelp) utility identified suspicious files, and you want to collect and submit them to the Symantec Security Response team for analysis.

 


Solution



SymHelp is a cross-product diagnostic utility designed for troubleshooting and identifying common issues that customers encounter.

SymHelp is designed to support Symantec Endpoint Protection 12.1 RU2 and the Windows 8 & Windows 2012 operating systems.

When running the legacy Symantec Endpoint Pprotection Support Tool on any computer running Windows 8 / Windows 2012 or Symantec Endpoint Protection 12.1 RU2, then you may receive the following error:

Symantec Endpoint Protection is not supported on the following Windows operating systems:

Windows Server 2012 and Windows 8

To troubleshoot Symantec Endpoint Protection on this OS and previous OS's
use Symantec Help (SymHelp):

This error box includes a link to download SymHelp (see Related Articles below).

 

Supported Products

Currently SymHelp supports the following Symantec products:
  • Symantec Backup Exec 11d to 2012   
  • Symantec Backup Exec System Recovery 6.5 to 8.x
  • Symantec Data Loss Prevention 11.0 and later
  • Symantec Endpoint Protection 11.0 and later
  • Symantec Mail Security for Microsoft Exchange 6.5.2 and later 
  • Symantec System Recovery 2010 to 2012
  • VIP Access

 

How to collect and submit suspicious files to Symantec Security Response:

  1. Start Symantec Help (SymHelp). To download, see the following page:
    http://www.symantec.com/business/support/index?page=content&id=TECH170752
     

  2. Run the Load Point Analysis scan as outlined in the following article:
    http://www.symantec.com/business/support/index?page=content&id=TECH203028
     

  3. Once the scan is complete, the report displays any suspicious files or processes detected by Symantec. Click Copy files to a folder... and then navigate to and then choose a folder of your choice in which to save the suspicious files. Click OK.
     


     


  4. Close the report, and then exit SymHelp.
     

  5. To submit these files for analysis, you must compress the folder into a .zip archive. Do not include more than nine (9) files per archive. The archive should not be more than 20 MB in size, nor should you password it.  Additional tips can be found in the Connect article Symantec Insider Tip: Successful Submissions!

  6. To submit the files to Symantec Security Response for analysis, click on one of the following links:
     

  7. Fill out the form, and upload the file(s).
    Note: For Essential and BCS license holders, check with your Technical Support representative if you are not sure what your Support ID is.

 

You will receive a confirmation email with a tracking number.  Once the submission has been processed, an email will be dispatched with a detremination regarding the file submitted. If it is a threat, you will be provided with a set of Rapid Release Definitions. These can be applied to the affected system so that Symantec Endpoint Protection (SEP) can then detect the infected file and prevent a reinfection

You can also submit the file for analysis to Threat Expert, which is owned by Symantec. Automated analysis can be performed for some types of threats through http://www.threatexpert.com. This step can quickly identify the sites the threat is coded to contact so they can be blocked at the firewall. Symantec Support does not provide troubleshooting for http://www.threatexpert.com, and this step does not replace the need to submit files to Symantec Security Response.

To create a case with Symantec Technical Support using MySymantec or by phone, see the following page:

Contact Business Support
http://www.symantec.com/support/contact_techsupp_static.jsp

Note: To run the Legacy SEP Support Tool, please follow the instructions provided in the following article:
https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

 





Article URL http://www.symantec.com/docs/TECH203027


Terms of use for this information are found in Legal Notices