Endpoint Protection

dear all ,

Our users are severly attacked by fake antivirus like win7 internet security 2011 viruses 

Is there a way to protect sever attack?

Thank you 

Sep 11.0.6+mp2

1. Bump up your AV settings to the recommended levels.

Security Response recommends the following Scan Settings

 

Security Response recommends the following setting changes to Truscan for best protection

 

2. Follow the "Best Practices", and make sure your users are educated on safe web practices to prevent these types of threats from getting in to your environment.

http://www.symantec.com/business/theme.jsp?themeid=stopping_malware&inid=us_sr_carousel_panel7_best_practices

3. Add Safe Web Lite to your clients to help identify malicious sites.

http://safeweb.norton.com/lite

Best,

Thomas

To this I would add:

- Ensure you're using Network Threat Protection:

Best practices regarding Intrusion Prevention System technology
http://www.symantec.com/docs/TECH95347

- Utilize Application and Device Control to limit how these things access your computers (test first!):

How to use SEP to protect against rogue "browser helpers"
https://www-secure.symantec.com/connect/articles/how-use-sep-protect-against-rogue-browser-helpers

- Ensure systems are fully patched with all Windows critical updates and updates for Adobe (Flash, Reader), Java, Quicktime, etc. [edit: oh, this duplicates your #2 ]

sandra

Hello,

There are number of Articles which suggests wide area of Prevention ways and Resolution steps.

Here are the few of the article which you can go through to get your questions answered.

1) How to troubleshoot FakeAV if it is not detected

http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/containing_an_outbreak.pdf

Hi,

Go through this thread for possible solution.

https://www-secure.symantec.com/connect/forums/windows-recovery-virus-removal#comment-5476231

Let's move back a step from all the boilerplate Best-Practices & HowTos to one of the key areas for the Symantec defense, their authoring & distribution of their definition files. I have a few questions on Symantec denfinition release schedule.

* How long does it take for newly identified viruses/malware variants to be added to a rapid release definition?

* How long does it take for newly added signatures of viruses/malware variants that appeared in a rapid release to be fully tested and migrated over to an official standard definition release?

I saw that the Norton Safe Web was suggested. I personally haven't had any experiences with it. Is it using a signature based definition file or is it scanning the remote website page on the fly? How does NSW handle malicious websites that only live at a particular domain/IP for a few hours before moving shop to another address? 

@ glentc, Please read this page for details on the different types of virus definitions and their publishing frequency.

http://www.symantec.com/business/popup.jsp?popupid=sr_help_popup

Norton Safe Web is a reputation based service, see this link for more information - http://safeweb.norton.com/about