Checklist for scanning suspicious files
1. Disconnect any drive mappings and check to see if the PC has any shared folders
2. Stop the shares if they are present, they can be reestablished if necessary after cleanup
3. Take the PC OFF the network
4. Check disk space, lack of disk space can cause multiple issues
5. Check to see if any users have local admin rights, if they do, remove them
6. Check the “Run” Key in the registry for any suspicious entries (Check on HKEY_LOCAL_MACHINE AND HKEY_CURRENT_USER
Delete any suspicious entries from
7. Check for old windows user profiles, check with the current user before deletion of old profiles
8. Check the C:\ProgramData (Hidden folder) for any suspicious entries
9. If you can, clear C:\TEMP and C:\Windows\temp
10. Clear content from C:\Users\Username\AppData\Local\Temp
11. Clear content in %userprofile%\AppData\Local\Microsoft\Windows\Temporary Internet Files
12. Check the control panel for any suspicious programs or toolbars (Yahoo, Ask, etc)
13. Remove all toolbars or suspicious programs, verify with the user of the validity of the program
14. Check and verify versions and definitions are up to date on Malwarebytes and SEP
15. Check the SEP Client for suspicious entries
16. Run a full scan with SEP, then Run a full scan with Malwarebytes and remove suspicious entries
17. Select the “View Quarantine” section, if there is anything check to see what it is and verify with the user (s) if it can be removed.
18. Restart the PC after scanning is complete.
19. It would be highly advisable to run a Load Point Analysis and submit the output file to Symantec Support.
Suspicious files can be submitted to Symantec through the following link.
20. I will use NPE as a last resort, I am wondering if I should use it as a PRIMARY resort
Do not submit a file with a .exe extension, rename it to something like .zip or .rtf
To open a support case, user the following link.