Endpoint Protection

 View Only
  • 1.  Has anyone hear of Trojan.Rerdom.A

    Posted Feb 24, 2014 02:39 PM

    We have a product called FireEye here in my office and a piece of malware called Trojan.Rerdom.A was detected but I am unable to find any information about this.

    Has anyone seen this before?

    SEP 11 didn't detect it and I am wondering if SEP 12 would?



  • 2.  RE: Has anyone hear of Trojan.Rerdom.A
    Best Answer

    Posted Feb 24, 2014 02:43 PM

    Do you have a sample you can submit to Symantec?

    http://www.symantec.com/security_response/submitsamples.jsp

    Scan it at https://www.virustotal.com and it will show if SEP has defs.

    SEP 12.1 has different detection capabilities as compared to 11.x so it may detect it. They do use the same AV definitions though so you would need to rely on SONAR, Download Insight.

    Symantec may detect this as Trojan.Gen, see here:

    http://www.symantec.com/security_response/writeup.jsp?docid=2010-022501-5526-99

    It's a generic name and the variant constantly changes..I would submit to Symantec first off and scan it over at virustotal to see who all has defs for it.



  • 3.  RE: Has anyone hear of Trojan.Rerdom.A

    Posted Feb 24, 2014 02:45 PM

    try this tool

    http://www.symantec.com/business/support/index?page=content&id=TECH134803

    if SEP 11 does not detect, SEP 12 will not detect as well ,

    You may need to submit the sample to Symantec for analysis so that they can release new defs

    Scanning a file with a competitor's antivirus program detects a virus, but scanning with Symantec Endpoint Protection does not

     

    http://www.symantec.com/business/support/index?page=content&id=TECH98929



  • 4.  RE: Has anyone hear of Trojan.Rerdom.A

    Posted Feb 24, 2014 03:06 PM

    Thanks guys, I am running a scan right now to see if I can find it and if I do the sample will be on its way.



  • 5.  RE: Has anyone hear of Trojan.Rerdom.A

    Posted Feb 24, 2014 03:10 PM

    Happy to help, check back in if anything comes up



  • 6.  RE: Has anyone hear of Trojan.Rerdom.A

    Posted Feb 24, 2014 03:25 PM

    SONAR is a real-time protection that detects potentially malicious applications when they run on your computers. This will not help with your manual scan as it monitors process and not files, this works with Autoprotect which is the core component of SEP

    Auto-Protect includes a feature that is called Download Insight, which examines the files that users try to download through Web browsers, text messaging clients, and other portals this also works with AP.

    SEP 11 Autoprotect SEP 12  Autoprotect will work the same way.

    when are already infected , we all say update the defs and not the product...:)

    These two features has nothing to do to manual scan which you have started. Anyways keep the thread updated with the results.

    Correct me if i'm wrong

     

     

     



  • 7.  RE: Has anyone hear of Trojan.Rerdom.A

    Posted Feb 25, 2014 07:56 AM

    Definitely ensure that SONAR, Insight, IPS and other technologies are in use!  A good illustration can be found in this blog post....

     

    Targeted Attacks - Following the path of least resistance

    https://www-secure.symantec.com/connect/blogs/targeted-attacks-following-path-least-resistance

    ...

     

    Classic AV alone is not enough

     

    At Symantec, we've seen a gradual shift over the past two to three years where the classic AV engine in our flagship Symantec Endpoint Protection 12.1 offering catches roughly 49% of threats, while the remaining 51% of threads are thwarted by proactive protection technology; file reputation analysis with Symantec Insight, behavioral analysis with SONAR and intrusion protection with Network Threat Detection.