Endpoint Protection

I have a problem on a windows xp sp2 machine.on which sep was installed and was updated daily from sepm . but today suddenly sep stoped working. I was even unable to  open the sep gui . it gave some error as unable to start the smcgui service. so I removed sep and tried to install install it again but to my bad luck it gave error as  unable to find the msi file of the installer and location of the file is temp directory. I browsed the directory and was surprised to see no msi installer of sep there . it is deleted auto matically. one thing I noticed that everytime i try to install sep drwatson starts automatically.

i checked the drwatson.exe file in virustotal but no one detected it.

how to install sep now.

Run NSS and see it something gets detected. 

drwatson.exe  is the exe for Dr Watson that is a diagnostic tool that gathers information about your computer when a problem occurs with a program. It is not a THREAT.

http://support.microsoft.com/kb/185837

Paste the SEP _Inst.log

Also it is not recommeded to uinstall the Antivirus program if there is a  an infection or you suspect infection on the machine

If you are suspecting an Infection run NSS

ftp://ftp.symantec.com/misc/tools/nss/NortonSecurityScan.exe

I don't think it is an infection. and if it is then symantec is unable to detect it  as Sep was fully updated before it stoped working.

 IF you think this is virus infection then plz submit the file to https://submit.symantec.com/gold

Assuming there is not an infection, the MSI installer service could be having problems.  Can you install any MSI files successfully?  Can you run cleanwipe and then install SEP again?

HI Happy
               I am unable to find the infected file as in task manager nothing extra runs except drwatson.exe .
how to know which file is infected.


in another machine I found some files not detected by syamantec. submited to security  response and Tracking #13257944

 Hi the file you submitted are still undetermined.. Based on the file submitted is suspect this a new variant of trojan.clampi.gen..
you will still need to find the source file because the file you submitted are i presume from temp folder.. You can run loadpoint & send the logs me & i will tell what all file you need to submit..

The files  were submitted 25 mins ago you need to wait while the files analyzed.

Out 0f 6 files that were submitted 3 are corrupt they are 30.exe , 83.exe and 15.exe  is corrupted. Please delete this file, and re-copy the file from a known clean backup.

Hi happy
           I will run the esuglpdu2.8    and let you know but while running nss.exe it gives an error as it is expired i tried to doenload it from ftp site but after downloading it says it is currupt.i tried 3 times but same error.

where to download a good one and why it is expired after some days.

and prachand
the files i submited are from system32 directory. not from temp.
other av s are detecting these.

fINALLY NSS IS WORKING NOW.
BUT WHY IT SHOWS EXPIERED AFTER SOME DAYS.

There could be  a possiblity that you may be running an OLD setup for NSS that's the reason it was showing as expired

Finally I installed sep on that client .

First I installed sep as unmanaged from the cd then updated it through lates intelligent updater which detected some threats as infostealer. after this I used sylink droper to make it managed.

Now client is running.
But confused why sep failed to detect that virus while it was running with full update. how the threat got entered to the machine.