Endpoint Protection Small Business Edition

 View Only

  • 1.  Can anyone identify Threat Name SAPE.Gotango.1?

    Posted Feb 04, 2016 10:49 AM

    Symantec Endpoint Protection Small Business Edition (SEP.cloud) issued the following alert on a  client's computer:

    Threat Name
    SAPE.Gotango.1

    Threat Type
    Heuristic Virus

    File Name
    c:\users\maxine\appdata\local\temp\xy8abjdd.dll

    Action Required
    Resolved - No Action Required

    While I am pleased that there is no need for action on my part for this one item, I have been unable to find any information about the actual threat itself.

    For instance, was this part of a PUM/PUA/PUP installation?

    Was it simply downloaded from the internet in the background?

    Are there any other associated components that need to be remediated?

    If anyone has any information, I would really like to know.

    Thanks!



  • 2.  RE: Can anyone identify Threat Name SAPE.Gotango.1?

    Posted Feb 04, 2016 10:59 AM

    It's likely part of a PUA app. Did SEP give a hash in the log? If so, you can put it into virustotal to see what it displays.

    I believe this is the tango toolbar (PUA):

    http://www.2-spyware.com/remove-tango-toolbar.html



  • 3.  RE: Can anyone identify Threat Name SAPE.Gotango.1?

    Posted Feb 04, 2016 11:20 AM

    No hash, no real log entry (this is SEP.cloud after all).  The only key information available:

    SymSAPE.jpg

    There have been three occurrences in the past three days, with the dll name changing each time.

     



  • 4.  RE: Can anyone identify Threat Name SAPE.Gotango.1?

    Posted Feb 04, 2016 11:24 AM

    Does the link under the threat name take you any where useful?



  • 5.  RE: Can anyone identify Threat Name SAPE.Gotango.1?

    Posted Feb 04, 2016 11:49 AM

    Just this generic "solutions" page:

    http://www.symantec.com/security_response/detected_writeup.jsp?name=SAPE.Gotango.1&vid=4294590907&prod=scss&product=Symantec%20Endpoint%20Protection.cloud&version=21.5.0.19&plang=sym:EN&layouttype=SOS&buildname=SymantecPartner&heartbeatID=98F9A380-651B-48B7-8F08-FDE92EDB5974&env=prod&ispi

    According to the internal log the file was already submitted/uploaded to Symantec.

    Scan with Malwarebytes business edition didn't turn up any threats.

    HitManPro scan elicited a few traces of the Ask tool bar, but that was it.

     



  • 6.  RE: Can anyone identify Threat Name SAPE.Gotango.1?

    Posted Feb 04, 2016 04:14 PM

    A call from Symantec instructed me to zip up the three files and submit them to Symantec Security Response for review.

    Will wait to see what the result is...

     



  • 7.  RE: Can anyone identify Threat Name SAPE.Gotango.1?

    Posted Feb 11, 2016 07:47 AM

    I am not certain what to make of this.

    sym_huh.JPG

    This file is not a threat, yet the alias is identified as software other companies rate as a severe threat.

    Thanks Symantec!

     



  • 8.  RE: Can anyone identify Threat Name SAPE.Gotango.1?

    Posted Feb 20, 2016 10:08 AM

    I've been dealing with this for over a week now.  I've even had support logged into the PC and they can't find anything - twice in two days.  Following the second time wiht support I was Gotango free for one day and it returned yesterday and back again today. This morning I was very selective in what I was opening and each time I opened an app, I scanned the Local/Temp file.  It only appeared after opening a pdf in Adobe Acrobat DC.  Any known connection?



  • 9.  RE: Can anyone identify Threat Name SAPE.Gotango.1?

    Posted Feb 21, 2016 09:47 AM

    I don't know what to tell you.

    I was able to load the three files from my client's computer to mine without any issue and then zip and send them.  Sure enough, one week later, Symantec woke up and quarantined that zip file on my PC.

    My client's computer has not reported this issue again, nor has any other.

    Screwy friggin' code...