Endpoint Protection

upon rebooting our Windows 2003 Server, Endpoint gives a warning that is detected a risk while the user was logged out.   It found a Bloodhound.boot risk.  Cannot remove or delete it.   Tried running a system scan and it doesn't pick it up.
Updated the virus definitions, rebooted the server and same result.
What can be done?

Download and update your Client with Rapid Release definitions and Run a full scan in safe mode without networking. 

Hi PPobega,

I recommend checking SEP's risk history.  Is a specific file listed as being that Bloodhound.boot?  If so I would take a closer look at it, and contact Symantec Technical Support if in doubt.

At what level do you have your Bloodhound detections set?  The higher that setting is, ther more likely SEP is to make a "false positive" heuristic detection.  It will err on the side of caution.  If your settings are at their maximum value and there are no future reports, there may not be anything to worry about.

In the meantime, I recommend that  measures are taken to keep the latest definitions on the server, make sure that the SEP version is at least MR4 MP2 throughout the organization, and see that all MS patches and patches from other third-party products like Adobe are up-to-date.  A bit of prevention, before any outbreak, is worth a whole lot of effort after your network has been compriomised!

Thanks and best regards,

Mick

bloodhound is detcted by Heuristic scanning, what is the settings for bloodhound, if it is set to high/max, you may keep on receiving the detections, reduce it to normal or low.

Thanks folks!

Yes we do have the Heuristic scanning set at max.  There is no specific file with reference to the risk.

Thanks folks!

Vikram, can Server 2003 run in safe mode?

 Yes Server 2003 can be booted in safe mode
http://support.microsoft.com/kb/325375