How to run Symantec Power Eraser with the SymHelp utility

Article:TECH203683  |  Created: 2013-03-08  |  Updated: 2014-03-10  |  Article URL http://www.symantec.com/docs/TECH203683
Article Type
Technical Solution


Issue



You want to know how to run the Symantec Power Eraser with the Symantec Help (SymHelp) utility.


Solution



Threat Analysis Scan replaces Symantec Power Eraser

In SymHelp version 2.1.22 and later, running a Basic scan in the Threat Analysis Scan while the reputation database is available is equivalent to running Symantec Power Eraser.  To learn more about the Threat Analysis Scan see:

TECH215519: 'How to run the Threat Analysis Scan in Symantec Help (SymHelp)'

TECH215550: 'About the Threat Analysis Scan'

 

 

The Symantec Power Eraser is aimed at the detection and clean-up of "zero-day" threats as well as other threats which may have infected the user’s system. Zero-day threats are those that take advantage of a newly discovered hole in a program or operating system before the developers have made a fix available – or before they are even aware that a hole exists.

NOTE: An Internet connection is required when using Symantec Power Eraser, which requires access to the Symantec Reputation Database to obtain reputation information about the files it discovers and examines.

To Remove a Threat Using Symantec Power Eraser

  1. Start Symantec Help (SymHelp). To download, see the following page:
    http://www.symantec.com/business/support/index?page=content&id=TECH170752
     
  2. In the Home page, click 'Run threat analysis tools' and then click 'Symantec Power Eraser'
     

     
  3. The Symantec Power Eraser gives the following options: 
     
    • Scan for Risks: Click this button to start the scan.  The optional selection Include a Rootkit Scan requires a reboot.
    • History: Check results of previous Power Eraser sessions, you can as well recover from here files that were previously detected
    • Settings: Also offers the Include a Rootkit Scan option and/or set up a network proxy configuration.
    • NEW:  Settings also offers a new option Scan other user profiles.  This option will add the load points for all other user profiles on the system to the scan enabling the scanning of otherwise inaccessible (corrupted) user profiles. 




       
  4. When the scan completes, note what files were identified (some legitimate files may be identified) and select any suspicious programs you wish to remove and click Fix (this will cause the system to reboot). You may wish to select to save a copy of the log records to the desktop.
     
  5. Continue to operate the computer and verify that suspicious or problematic behaviors have been addressed.

To restore a previously removed file using Symantec Power Eraser

  1. Launch Symantec Power Eraser as noted above.
     
  2. From the three available options, click History.
     
  3. Select the session you want to restore, and then click Restore.
     

 

FAQ

  1. Is Symantec Power Eraser (SPE) safe to use on a Windows server?
    • Yes.
       
  2. Which ports need to be open?
    • We recommended that in order to get SPE to work on a restricted network, you will need to open all http and https traffic from *.symantec.com and *.norton.com.
       
  3. When should I use the product in safe mode with networking vs. regular mode?
    • The tool should be run in normal mode first. Some threats block the tool from running in normal mode or block all .exe files from running. In these cases, a second attempt should be made by running the tool in safe mode with networking.
       
  4. Which threat families is the tool most effective at remediating?
    • SPE is effective against known and unknown threats with the exception of file infectors.

Consider Using Symantec Power Eraser when you are experiencing:

  • An outbreak on a small number of workstations or Windows servers
  • Symptoms seen of fake/rogue AV such as:
    • A reoccurring pop up notification
    • Alerts indicating that they are infected
    • Prompts to register (buy) the solution
    • Fake "Blue Screen Of Death" messages

Important to note:

Symantec Power Eraser:

  • Is not a solution to be deployed or implemented on large scale outbreaks.
  • Is not a replacement for regular daily AV scanners.
  • Will go through the process of rebooting the machine up to 2 times if it suspects that the machine is infected with malware, using the remediation workflow.
  • Will not protect against re-infection. Users should verify that their Symantec product is receiving updated virus definitions. This will ensure they are protected.

The Benefits of Running Symantec Power Eraser

  • Expedites your helpdesk team process by using Symantec Power Eraser as a first response remediation tactic.
  • Reduces employee downtime by allowing users to return to work more quickly.
  • Requires no backup and restoring of files as compared to the reimaging of systems.
  • Common alternatives such as either individual threat remediation with threat specific remediation tools, or reimaging of the workstations and restoring files require more time and decreases productivity of the helpdesk team and the impacted employee.

 




Article URL http://www.symantec.com/docs/TECH203683


Terms of use for this information are found in Legal Notices