Endpoint Protection

I keep getting alerts from SEP about client machines that have a Trojan.Gen.2 risk. The users on these machines connect to a server application that uses Sun Java so I am not sure if this is a false positive or a real risk. What do I do for this type of situation? Is there a log or something that I can submit to have is analyzed by Symantec?

If you suspect a false positive, you should submit the file for analysis ASAP.

Symantec - http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080929132757EN&selected_nav=partner

Threat Expert (owned by Symantec) - http://www.threatexpert.com/submit.aspx

Best Practice when Symantec Endpoint Protection or Symantec AntiVirus is Detecting a File that is Believed to be Safe -

http://www.symantec.com/business/support/index?page=content&id=TECH98360&locale=en_US

Trojan.Gen info -

http://www.symantec.com/security_response/writeup.jsp?docid=2010-022501-5526-99

Hi Mykul,

Can you check the risk log in SEP: is it always the same file that is detected?  What action is specified- cleaned, deleted, quarantined, left alone-?

If it is always triggered by a file that you believe to be safe, do follow the procedure to submit the file and open a suppport case.

Thanks and best regards,

Mick

Thanks for the information.

On a couple of systems it is the same file that is detected. When it is detected SEP deletes the file. I am not sure what to upload since the file is being deleted. The files have the names of mian.class, a.class and h6l4.class.

I am just going to keep an eye on the client machines for any further similar alerts. Maybe it is a real threat and SEP is just doing its job. Thanks!