Key Logger Detection | SEP vs SWG??
We have discovered a key logger on one of our servers with the help of the Symantec Web Gateway. The server is also running SEP-11 (the latest AV definitions installed on 2011-02-23 rev. 019) and found that it has the latest signature sets, but the SEP could not detect the key-logger, nothing in its risk log either.
Just wondering as to why is the SEP incapable of detecting a key logger (we have seen it detect a few in the past) and the Symantec Web Gateway detect the same? Wouldn’t key loggers actually be part of SEP signature-based detection?
Appreciate any inputs.