Endpoint Protection

Conficker.A has invaded our network. A small subset of computers use Symantec Antivirus 10. The rest use McAffee. The McAffee machines are shrugging off the virus nicely. The Symantec machines are dying slow painful deaths. Symantec (even with the most up-to-date version of virus def files) does *NOT* find any signs of infection. This does not work: http://www.symantec.com/security_response/writeup.jsp?docid=2008-112203-2408-99. What else can I do? I know it's Conficker because McAffee is pulling it off left and right. What's the deal?

Sara

Are your Windows machines patched as per MS08-067? That won't fix the Symantec issue but it will help keep them protected against the Conficker worm.

Check your exceptions list in Symantec to make sure that it might not have accidentally been configured as an exception and is being skipped automatically....

Cheers,

Hanré

We had the same thing happen where i work but we run Symantec exclusively. Our process was to run the patch mentioned in the other post and then reinstall or manually update SAV and scan. Win2000 machines were affected much more than XP machines but in almost all cases autoprotect failed miserably to protect the machines.

On a related note my son's computer has norton installed and it completely missed and failed to remove av2009.exe. I am rapidly losing faith in Symantec and looking at alternatives.

Trevor

This is strange, my network came under attack and SEP blocked all attacks successfully.

We are running a mixed environment SAV 10 and Sep 11.  We have had both versions of Symantec with current definitions that get infected multiple times.   We are patched for MS08-067 and have complex passwords.  When the cleanup tool is run is does remove them, but then the machine gets reinfected again.

I would appreciate any tips as it is painful to keep cleaning the same machines over and over again