Endpoint Protection

 View Only
  • 1.  BackDoor.Maxplus.5220

    Posted Jul 20, 2012 05:46 AM

    Could you tell me if this one is recognized by SEP 12.1?

    I've seen that it's seen as a "generic trojan" and it's not present in the threats list.

     

    Thanks!



  • 2.  RE: BackDoor.Maxplus.5220

    Broadcom Employee
    Posted Jul 20, 2012 06:54 AM

    Hi,

    Every Antivirus company have it's own naming policy.

    Could you please share where you found name "Backdoor.maxplus.5220" ?

    Check technical details about Backdoor.trojan: http://www.symantec.com/security_response/writeup.jsp?docid=2001-062614-1754-99

    SEP 12.1 will definitely give you full protection against new emerging threats.

     



  • 3.  RE: BackDoor.Maxplus.5220

    Posted Jul 20, 2012 07:31 AM

    Have you seen this Threat name in Symantec? f yes please post the screen shot, can't coment just on the basis of name. If Symantec Doesn't have the Definitions for it we can Upload the Sample and get the Defifitions from the Security Response TEam.



  • 4.  RE: BackDoor.Maxplus.5220

    Trusted Advisor
    Posted Jul 20, 2012 09:13 AM

    Hello,

    I agree with the above comment by Chetan.

    Every Antivirus company uses different naming conventions to Identify Threats.

    I believe you are talking about  - Trojan.Zeroaccess

    http://www.symantec.com/security_response/writeup.jsp?docid=2011-071314-0410-99

    However, I would request you to submit the suspicious file to the Symantec Security Reponse Team and find out.

     

    Check these Articles:

    Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

    How to Use the Web Submission Process to Submit Suspicious Files

    Also, 
     
     
    Automated analysis can be performed for some types of threats through http://www.threatexpert.com. This step can quickly identify the sites the threat is coded to contact so they can be blocked at the firewall. Symantec Support does not provide troubleshooting for http://www.threatexpert.com, and this step does not replace the need to submit files to Symantec Security Response.
     
    Hope that helps!!


  • 5.  RE: BackDoor.Maxplus.5220

    Posted Jul 20, 2012 09:19 AM

    Ok, I'll retrieve the info we need... I don't know the different naming convention, sorry sad

    I "vote" for SEP so I'll be very happy to beat my collegue in this situation wink



  • 6.  RE: BackDoor.Maxplus.5220

    Posted Jul 20, 2012 10:14 AM

    Here we are.

    SEP mark it as Trojan.Gen.2

    Multiple quarantines, files are like:
    C:\Windows\INSTALLER\{61B58A5D-381E-1CA3-163A-44F1B7CA261A}\U\00000004.@

    Let me say... like 70 quarantines in 1 hour.



  • 7.  RE: BackDoor.Maxplus.5220

    Broadcom Employee
    Posted Jul 20, 2012 10:26 AM

    Hi,

    Trojan.Gen.2 is a generic detection for many individual but varied Trojans for which specific definitions have not been created. A generic detection is used because it protects against many Trojans that share similar characteristics.

    http://www.symantec.com/security_response/writeup.jsp?docid=2011-082216-3542-99&tabid=2

    Before proceeding further we recommend that you run a full system scan. If that does not resolve the problem you can try one of the options available below.

    Removal Tools:

    1. Power Eraser
     
    2. SERT
     
    http://www.symantec.com/connect/forums/symantec-endpoint-recovery-tool-sert-not-found
     
     
    If above steps couldn't help then you should submit suspicious files to Symantec.

    Check this article: How do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

    https://www-secure.symantec.com/connect/articles/u...