Video Screencast Help

Home Anytivirus 2010

Created: 21 Jul 2009 • Updated: 27 Jul 2010 | 16 comments

If this is posted in the wrong area I am sorry.

Why does Symantec Endpoint not see Anything like Home Antivurus 2010 Or that older version Antivirus 2009. It would be nice if Endpoint could not only see these but fix them on the spot.

While it's true the users click on the email or website but my question is why can't Symantec Endpoint A/V catch it?

Comments 16 CommentsJump to latest comment

Peterpan's picture

what do you mean in home antivirus 2010 and what SEP cannot see?

:-)

StevenD 2's picture

Thats the newer version of Antivirus 2009 "I did not pick the name" But I have seen it with several customers.

Beppe's picture

Hi,

all malwares are continuosly updated by their writers to be undetected. If you find some undetected variants, you have to submit them to our Security Response, call the Support for more details.

Regards,

Regards,

Giuseppe

Saeed's picture

I Agree to Giuseppe

If a forum post solves your problem, please flag it as a solution. If you like an article, blog post or download vote it up.
 

StevenD 2's picture

I would agree if it was NEW, However this is not a new Virus/Malware It is old still Symantec Endpoint Did NOT catch it, like the Antivirus 2009 version. I would really like to know why.

If you want you can email me direct on this one. steven@Deltyme.com.

Beppe's picture

Did you compare the samples you have with the samples we have? Do you think the malware writers stay calm when their "product" cannot work because it is detected? They modify it until it is again not detected...

Regards,

Giuseppe

Peterpan's picture

Every malware have different behavior and malicious contents, malware authors create new variant every time the old one has already cured in other word the author continously develop what AV cant detect and malware exploit the vulnerability of the system.
I suggest that  your AV is always up to date

:-)

agus's picture

As interesting as the mechanics and history of malware is...

Has Symantec or anyone else made any headway on a removal tool or at a least publishing a manual removal guide?

Thanks.

PDG's picture

Has Symnatec created a removal tool for this Home Antivirus 2010, I have not done anything yet to remove it and Endpoint can't even find it.

Please let me know ASAP

Thank You

Beppe's picture

Did you send us the viral sample as suggested above?

Regards,

Regards,

Giuseppe

PDG's picture

what viral sample are you looking for

Beppe's picture

Hi,

to detect a malware not already detected we need a sample of it. Did you already find in your machine any suspicious files that run the malware?

If you are not able to find it, you can call our Technical Support to obtain help on this.

Regards,

Regards,

Giuseppe

jstrowe's picture

Without discussing the malware in a specific manner, one issue is this: 

This malware in particular I have seen change the userinit.exe link for login.  One version changed the userinit.exe to wsausupdater.exe.  What this means is that IF an AV program just deletes the EXE file without first repairing the registry link that has been changed, the client computer will no longer have login's work.  This can be fixed of course with a Bartpe CD or a remote registry editor, but it does kick the level of complexity up much higher to resolve the workstation.

So the question for Symantec would be:  How do you handle that type of malware that changes the userinit.exe setting in the registry.  Is the SEMP product sophisticated enough to fix that registry link without just deleting the bad EXE file?

Vikram Kumar-SAV to SEP's picture

 Yes..Symantec is seeing this old trick from long time..Certified definitions for Symantec will be able to repair it.However RapidRelease Def might delete that entry..As I had faced similar issue 2-3 yrs back.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

jstrowe's picture

Obviously that would be an advanced FAQ but it would be helpful to have out there.