Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog

Symantec Virus Detection Compared to Other Applications

Created: 10 Mar 2010 • Updated: 18 Mar 2010 • 1 comment
sandeep_sali's picture
+1 1 Vote
Login to vote

Symantec is undoubtedly the world leader in protecting systems and networks from security threats. It also handles the most complicated tasks of avoiding false positive detection and cleaning/deleting the encountered security threat.

Lately, there has been a rise in other antivirus programs catching false positive's and posing them as actual security threats!  As a result, it might give a customer the sense that SEP isn't doing what it was designed to do.  Our response team performs a herculean task of analyzing a number of suspected files submitted to us. 

When I say "Security Threat," I mean Trojans, worms, and hoaxes. Symantec endpoint has a different approach to handle them. Needless to say, the customers data security and software stability is our prime objective, which at times is not targeted by the free antivirus software. Symantec has been known for detecting the lowest percentage of False Positive threats.  This speaks volumes of the care, attention and in depth analysis that our security response team does for its valued customers.  If required, appropriate definitions are made.  Most importantly, the customer is kept informed via e-mail.

For files which seem to be infected but are associated with the Operating System, Symantec Endpoint  quarantines them  and does not delete it directly . Once the suspicious files are analyzed, signatures made for the same, and  the system is patched, the file is cleaned and placed back.

So you may be asking, "So, what's the difference between you and the other companies?"  There are a number of important distinctions, but I will address only one in this writing.

Most AntiVirus and AntiSpyware scans rely predominantly on signatures to detect known threats.  Symantec Endpoint Protection does this as well, but also uses what we call "Proactive Threat Protection."  These proactive scans use heuristics to detect unknown threats. 

The Heuristic process scan analyzes the behavior of an application or a process. The scan determines if the process exhibits the characteristics of a threat, such as Trojan horses, worms, or key loggers. The processes typically exhibit a type of behavior that a threat can exploit, such as opening a port on a user's computer.  This type of protection is sometimes referred to as protection from "Zero-day attacks":

"Zero-day attack vulnerabilities" are new vulnerabilities that are not yet publicly known. Threats exploiting these vulnerabilities can evade signature based detection such as AntiSpyware and AntiSpyware definitions. 
"Zero-day" attacks may be used in targeted attacks and in the propagation of malicious code.  Our Network Threat Protection, however, gives the equivalent protection of a firewall.  Heuristics and Network Threat Protection have changed the game.....for good! 


"Symantec strongly recommends that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts, false virus alerts, and lowered protection. Your best defense against computer viruses and malicious programs is to keep your virus definitions up to date, and keep the antivirus Auto-Protect (real-time protection) enabled ". 

Comments 1 CommentJump to latest comment

deepak.vasudevan's picture

You can also compare scan results at

Login to vote