Video Screencast Help

Found suspected file and content in NAS

Created: 07 Nov 2013 | 5 comments

Dear All,

We have found suspected file on one of our NAS server, has anybody face this issue before.

We are having SEP 12.1 version installed and no alert were generated or detection.

File Name : - #acopia-writetest-1205-1886194

File content : "Today I Traded my work ethic for a banana"

Please suggest.

Operating Systems:

Comments 5 CommentsJump to latest comment

.Brian's picture

Submit it and let security response look at it. If it's malicious, they will write a signature for it.

Also, submit to https://www.virustotal.com and it will be analysed by multiple AV engines.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture

Hello,

I would recommend you to use the Symantec Protection Engine for Network Attached Storage

http://www.symantec.com/protection-engine-network-attached-storage

Check the Difference:

https://www-secure.symantec.com/connect/forums/sep-best-practices-nas-and-san-storage

Secondly, 

Could you please zip each of the files and submit the zip files (without password) to the Symantec Security Response Team on : 

https://submit.symantec.com/websubmit/essential.cgi

We also offer a self-service site to analyze files, at http://www.threatexpert.com, which can give you more information on the files you submit to it.

 

Check these articles:

Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/using-symantec-help-symhelp-tool-how-do-we-collect-suspicious-files-and-submit-same-symante

What to do when you suspect that a Symantec AntiVirus product is not detecting viruses

http://www.symantec.com/docs/TECH99222

 

Here are some excellent suggestions on how to keep your computers, their users and data safe:

http://www.symantec.com/theme.jsp?themeid=stopping_malware&depthpath=0

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Mick2009's picture

Hi Bhautik.suthar,

What kind of a file is it?  If that Dilbert quote is in a text file or similar, I doubt it is capable fo causing any harmful activity.  If it is in a Word document from an unknown source then tehre may be something to be concerned about.

 

With thanks and best regards,

Mick

Mick2009's picture

Just a ping to see if there is any outcome to report or anything additional needed?  This thread is still marked "needs solution." 

With thanks and best regards,

Mick