Endpoint Protection

We are getting trojan daily at our mail gateway. Everyday whaen we monitor through our Symantec Endpoint console maximum risks are found in mailserver.We are using symantec endpoint 11.0.4.Can anybody tell about the precaution for that. Soumya Ghosh

Looks to me like you're finding the quarantine folder from another antivirus product.  You probably just want to remove all those files.

Make sure you aren't running two A/V programs on the same computer, though I could see a different program tying into the mail server software.  Regardless, you should make sure performance is not hindered with 2 AV programs.

We are not using two antivirus applications, basically we are using IMSS application of Trendmicro for mail server (sending mails) and antivirus solution is Symantec Endpoint. 

Hi soumya,

The folder you have mentioned is a quarantine folder of Trend micro Gateway antivirus....
Tren micro gateway antivirus has detected quarantined a mail containing netsky virus and it has moved these mail to that folder.

Since SEP is scanning that folder you are getting virus alerts...

Check the trend micro logs and find out from which pc these mails are getting generated. patch that pc. You can even block the sender in IMSS

Netsky is a mass mailing virus.. that is why you are getting many alerts. You can put a exception to this folder in SEP so that alerts will decrease. IMSS takes care of the files present in that folder so no need to worry..

 Typically if you have an email scanning product, and a locally installed AV scanner, you MUST create exclusions in the AV scanner to exclude the quarantine and some temp locations of the email scanning app.

Read Trend's documentation for best practices.  Symantec's email scanner has it's own best practices too that are well documented (two paths I recall)