Endpoint Protection

I'm supporting several non-profit clients running SAV 10.2. Because I'm sometimes forced to reconfigure email profiles (and users do not know their email passwords) I have a series of password recovery utilities that allow me to pull the password from the profiles. I've excluded the folder that these utilities are located in - yet each time a scan runs SAV quarantines the files and I"m forced to recover them manually.

Are there files that just won't pass the "exclusion" logic in SAV - or might I be missing something when I exclude the folders containing the utilities? I'd appreciate any comments or suggestions.

Russ Foszcz

For security risk exception you need to exclude that specific risk by dtection name eg: remaac.radmin etc.
Folder exclusion won't help
http://service1.symantec.com/SUPPORT/ent-security.nsf/0/9af3a5f8ba65fa3d8825713b00653045?OpenDocument&seg=hm

Thanks for the reply and the suggestion. I've already done that for the items that are recognized by SAV and are available in the list of identified threats.

My problem: How to I ADD an exception to the list when the particular item isn't listed in Symantec's list of potential viruses, hacks, etc.? I've got three or four password routines that show up in the QUARANTINE as just "Hacktools" or "InfoStealer". SAV identifies it as a threat - but its not listed in the list of potential threats that I can exclude.

I need to add to Symantec's list so I can specifically exclude the threats but can't see how to do so. Can the list of identified Symantec threats be modified?

Russ

 For hacktools you need to select action for Hack Tool

http://www.whoi.edu/CIS/security/desktop/virus/config_nav.html

go to actions - select "Hack Tool" select action to leave alone 

Again I appreciate your response. Unfortunately, I've been to the specific threat area (in this case Hacktools) and have in fact been able to exclude one of my password utilities - but other specific hacktool threats are not listed so I can exclude them. I need to find out HOW to add to the list so I can exclude the threat items that don't appear in the list of choices. If I can't find the specific hacktool in the list I can't exclude it from the SAV scan(s)

 


Are you looking at this place or at the list of Security risks.
In SEP there is an option to exclude security risk even though they are not there in the list.But i don't remember any such option avaialble for SAV

Unfortunately, no - I am not seeing your window. Clients are using the Symantec AntiVirus (v10.2.x) - and there doesn't appear to be a place to exclude a security risk if it's not in the list. That could be the difference between SEP and SAV - unless I'm still missing a configurable option somewhere...

 Well the screen might be diffrent as I am using this screenshot from SEP..but i thought this option was there in SAV as well
What do you get when you click on action from the first screenshot on this link http://www.whoi.edu/CIS/security/desktop/virus/config_nav.html

Here's the screen I get selecting ACTIONS from the Configure screen. If I select Hack Tools from the list on the left, I can select the Exceptions tab - but then I'm forced to ADD from the list that SAV generates for me. Doesn't seem to be a place to ADD additional threats anywhere. I was hoping there might be an .INI file or something embedded in SAV that would allow me to modify the list and add my own threats.

 that list cannot be modified..that list comes from the virus definitions.
However you can set Action for Hack Tool for Leave Alone.

Thanks for the update. Setting the entire "Hack Tools" list to LOG ONLY worries me if the clients choose to ignore or disregard the processes and files that come up in the scan log.

Thanks for the thread conversation. I'll continue restoring from QUARANTINE as it might be safer for the individual clients...