Endpoint Protection

 View Only

  • 1.  How come virus pass Symantec Endpoint Protection

    Posted Jan 04, 2010 05:48 AM

    We maintain networks for several clients. We've installed SEP (latest build MR5) on each location.
    We're also using SIFMM latest build on the exchange servers.

    Still de Internet Security 2010 mallware passes the checks and installs on client systems. How come that both the client security as the mail security wont stop the installation of this mallware? When it's installed SEP recognizes this risk, but then its to late. I've to restore a system state with wininternals cd, because even in safe mode, the system restore option won't start.

    What's the client doing that he got infected by this irritation mallware? What can I do to prevent this? 



  • 2.  RE: How come virus pass Symantec Endpoint Protection

    Posted Jan 04, 2010 05:59 AM
    I think it is better to submit the suspected files to symantec
    How to Use the Web Submission Process

    Applying rapid release definitions to a Symantec Endpoint Protection Client

     


  • 3.  RE: How come virus pass Symantec Endpoint Protection

    Posted Jan 04, 2010 06:01 AM
    also refer below article
    How to find Suspected Threats on your computer. 



  • 4.  RE: How come virus pass Symantec Endpoint Protection

    Posted Jan 04, 2010 06:10 AM
     these malwares keep updating themselves and best way to get rid of them is keep submitting them to security response..others are also submitting so thats the reason few get caught..


  • 5.  RE: How come virus pass Symantec Endpoint Protection

    Posted Jan 04, 2010 08:58 AM
    May I know what are the symptoms shown on an infected machine .And does Symantec mention any thing in the log files or not .Also what are the User rights who gets infected.


  • 6.  RE: How come virus pass Symantec Endpoint Protection

    Posted Jan 04, 2010 09:13 AM
    Call SEP support to have step by step assistance in treating the Virus.
    @ 800-721-3934 Option 3

    Or...


    Refer to this thread: https://www-secure.symantec.com/connect/forums/internet-security-2010 I think someone had resolve the issue..


  • 7.  RE: How come virus pass Symantec Endpoint Protection

    Posted Jan 04, 2010 09:42 AM

    Thanks for the fast responses. Getting rid of the virus always succeeds but i've to explain everytime to the customer why they pay €€ and still got infected by virusses.
    So the conclusion is that the vendor is alway's one step behind.  Most of the clients are local administrator and thats obviously the reason that the virus can install himself, only i don't get it that the scanner doens't prohibit this symptons (even if i select this option in the policy).
     
    Tomorrow i'm at the customers side and will ask him what he did before he got infected with the mallware.



  • 8.  RE: How come virus pass Symantec Endpoint Protection
    Best Answer

    Posted Jan 04, 2010 10:11 AM
     No antivirus is 100% percent secure and its also possible that even if you are using 3 antivirus on a system still you can get infected because of the huge amount amount of advanced malware codes written daily..
    Antivirus should always be your last defence you should always use layered security approach to keep everything secured 


  • 9.  RE: How come virus pass Symantec Endpoint Protection

    Posted Jan 04, 2010 12:47 PM
    To expand on Vikram. Just take a new piece of malware to VirusTotal.  The first person who finds it is not going to get any alerts.  The suspect files have to be submitted to the A/V vendors.  I suggest using limited user rights and a software restriction policy (or SEP's Application and Device control) as additional, low/no cost solutions to reduce malware.