Endpoint Protection

 View Only

  • 1.  How to black list spyware in Symantec endpoint protection manager

    Posted Jul 16, 2013 11:14 AM

    Hi , Is there any option to balck list the spyware  (funweb prodcuts spyware) from Symantec endpoint protection manager.

    may be by prodcut name or URL anything .. just we need to balcklist the above mention product.



  • 2.  RE: How to black list spyware in Symantec endpoint protection manager

    Posted Jul 16, 2013 11:16 AM

    There is no way to blacklist specific software like this. If it is considered a risk and there is a detection signature than it will happen automatically via the SEP client.

    You can create a firewall rule to block access to their website.

    http://www.symantec.com/docs/TECH95248

    If you know the EXE name and it doesn't change, you can add it as an application to monitor and block it

    https://www-secure.symantec.com/connect/articles/how-utilize-sep-121-incident-response-part-1



  • 3.  RE: How to black list spyware in Symantec endpoint protection manager

    Broadcom Employee
    Posted Jul 16, 2013 11:21 AM

    you can use the application control rules if you know the checksum value.



  • 4.  RE: How to black list spyware in Symantec endpoint protection manager

    Trusted Advisor
    Posted Jul 16, 2013 11:37 AM

    Hello,

    You could block such websites / software, check these Articles:

    How to use Symantec Endpoint Protection to block or log legitimate but unauthorized software usage

    http://www.symantec.com/docs/TECH97618

    How to Restrict Users to Specific Web Sites by Creating Firewall Rules for Managed Clients

    http://www.symantec.com/docs/TECH92097

    You can also submit these suspicious files to the Symantec Security Response Team on : 

    https://submit.symantec.com/websubmit/essential.cgi

    We also offer a self-service site to analyze files, at http://www.threatexpert.com, which can give you more information on the files you submit to it.

    What to do when you suspect that a Symantec AntiVirus product is not detecting viruses

    http://www.symantec.com/docs/TECH99222

    Check this Article:

    Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

    Hope that helps!!



  • 5.  RE: How to black list spyware in Symantec endpoint protection manager

    Broadcom Employee
    Posted Jul 17, 2013 11:40 AM

    Hi,

    Thank you for posting in Symantec community.

    I would be glad to answer your query.

    Adware:W32/FunWeb is a family of adware programs that are used to display unsolicited advertising content, often through the use of pop-up windows. FunWeb variants are often bundled with other applications, games and browser plug-ins. Some variants of FunWeb may also redirect users’ browser home page and download additional code functionality.

    Check this PDF to know more about adware and spyware.

    http://www.symantec.com/avcenter/reference/techniques.of.adware.and.spyware.pdf?src=symsug_us

    SEP is not taking action as you think it's a spyware? Get it confirm with the help of Symhelp tool.

    Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

    Could you please work on this Article for Web Submission Process TECH102419

    Before that, make sure this:

    1) SEP is updated with the latest definitions and with all three features (AV/AS, PTP & NTP)

    2) SEP installed machine is having latest windows patches and service packs.

    3) Use Symantec power eraser tool to scan the system.

    4) Scan the full system in safe mode.

    Check this steps also to remove funwebproducts

    http://www.funwebproducts.com/uninstall.html

    It's worth to check this discussion as well : http://forums.cnet.com/7723-6132_102-103207/funweb-products-how-to-remove-isolated-registry-entries/