Endpoint Protection

If this is posted in the wrong area I am sorry.

Why does Symantec Endpoint not see Anything like Home Antivurus 2010 Or that older version Antivirus 2009. It would be nice if Endpoint could not only see these but fix them on the spot.

While it's true the users click on the email or website but my question is why can't Symantec Endpoint A/V catch it?

what do you mean in home antivirus 2010 and what SEP cannot see?

Hi,

all malwares are continuosly updated by their writers to be undetected. If you find some undetected variants, you have to submit them to our Security Response, call the Support for more details.

Regards,

I Agree to Giuseppe

Thats the newer version of Antivirus 2009 "I did not pick the name" But I have seen it with several customers.

I would agree if it was NEW, However this is not a new Virus/Malware It is old still Symantec Endpoint Did NOT catch it, like the Antivirus 2009 version. I would really like to know why.

If you want you can email me direct on this one. steven@Deltyme.com.

Did you compare the samples you have with the samples we have? Do you think the malware writers stay calm when their "product" cannot work because it is detected? They modify it until it is again not detected...

Every malware have different behavior and malicious contents, malware authors create new variant every time the old one has already cured in other word the author continously develop what AV cant detect and malware exploit the vulnerability of the system.
I suggest that  your AV is always up to date

As interesting as the mechanics and history of malware is...

Has Symantec or anyone else made any headway on a removal tool or at a least publishing a manual removal guide?

Thanks.

Can you submit a sample file to Symantec for analysis?

Retail products: https://submit.symantec.com/websubmit/retail.cgi

All others

Basic: https://submit.symantec.com/websubmit/basic.cgi
Gold: https://submit.symantec.com/websubmit/gold.cgi
Essential: https://submit.symantec.com/websubmit/essential.cgi
Platinum: https://submit.symantec.com/websubmit/platinum.cgi

Regards,
Thomas

Has Symnatec created a removal tool for this Home Antivirus 2010, I have not done anything yet to remove it and Endpoint can't even find it.

Please let me know ASAP

Thank You

Did you send us the viral sample as suggested above?

Regards,

what viral sample are you looking for

Hi,

to detect a malware not already detected we need a sample of it. Did you already find in your machine any suspicious files that run the malware?

If you are not able to find it, you can call our Technical Support to obtain help on this.

Regards,

Without discussing the malware in a specific manner, one issue is this: 

This malware in particular I have seen change the userinit.exe link for login.  One version changed the userinit.exe to wsausupdater.exe.  What this means is that IF an AV program just deletes the EXE file without first repairing the registry link that has been changed, the client computer will no longer have login's work.  This can be fixed of course with a Bartpe CD or a remote registry editor, but it does kick the level of complexity up much higher to resolve the workstation.

So the question for Symantec would be:  How do you handle that type of malware that changes the userinit.exe setting in the registry.  Is the SEMP product sophisticated enough to fix that registry link without just deleting the bad EXE file?

 Yes..Symantec is seeing this old trick from long time..Certified definitions for Symantec will be able to repair it.However RapidRelease Def might delete that entry..As I had faced similar issue 2-3 yrs back.

Obviously that would be an advanced FAQ but it would be helpful to have out there.