Endpoint Protection

This popped up repeatedly but there was nothing in any of the SEP Client logs registering it. It was just popping up repeatedly in the gold shield.

I have run a MWB scan and it found some junk, I also cleared out temp and history. Removed and re installed SEP. The user said it happened when the laptop was NOT on the docking station, but once it was back on the docking station it did not happen. Not sure what happened here, did the wireless connection cause this to happen?

The SEP is the most current version as are the definitions, it is a Windows7 64 BIT Operating system 

Does it show a remote IP in the log?

It's likely this attack attempt came from a user out browsing a site.

Check the Security log on the client to see what it shows

Guessing while off the network and no web filtering, a dangerous site was visited.

Can't check the logs now, removed and re installed.

Yea as long as it's being blocked you should be good.

Hello,

When laptop was NOT on the docking station, does it start with automatic wireless connection? Did the user visit any malicious websites ?

System Infected: Trojan.Fakeavlock Activity 2

http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=26882

As a precautionary measure, I would suggest you to run the SymHelp and check for any suspicious files.

Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/using-symantec-help-symhelp-tool-how-do-we-collect-suspicious-files-and-submit-same-symante

Hope that helps!!!

A little old but I assume you're good?