Hi,

In one of the node, we are getting lot of W32.Rontokbro@mm virus detections. it has been found to take lot traffic. Ran many of the tools suggested by Symantec but the issue still persists. Can i create an exception for this known detection from the server level? The user is annoyed because the computer hangs because of the continuos detection of this threat. Please help.

Regards,

Anish

Hi,

Check this tool

http://www.symantec.com/security_response/writeup.jsp?docid=2005-092311-2608-99

Is your system infected? Symantec tools to help clear an infection

https://www-secure.symantec.com/connect/forums/you...

If symantec not detect virus you can submit Supicious file

Submit Suspicious Files

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team. 

https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

Hi Ashish,

The infected computer seems to be running with some application which is also shared by other users. The application is used internally and accessed by only 5-10 people from their computers. It is been found that as and when these users share their folders, they also get those virus detection. Please let me know how to add exceptions for application and what type of exception would be better in my case ?

Regards,

Anish.

Hello Anish,

1) Make sure your system is updated with latest antivirus definiton.

2) Your system should have all patches installed including KB958644

3) Do a full scan on the system and then restart the system.

Please check with this..

http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=22453

Hi Ambesh,

The Computer is updated wiht latest antivirus defintions. Also, the above patch has been installed. Full scan has been done.

Regards,

Anish

HI,

Check this artical how to add

Configuring Exceptions for Symantec Endpoint Protection (SEP) 12.1

Hi Anish,

Thank you for revert,

Please check with this,

http://www.symantec.com/security_response/writeup.jsp?docid=2005-092311-2608-99&tabid=3

http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=22453

http://www.symantec.com/security_response/writeup.jsp?docid=2005-100313-3908-99&tabid=3

And please let me know...

sent one link on PM.

Hi Anish,

Please let me know if your issue is resolved?

Hi,

We are still facing with the issue.

Regards,

Anish

Hello Anish, 

Have you done above thing on system.

Please go through with below link and let me know.

http://www.symantec.com/security_response/writeup....

symantec not detect virus you can submit Supicious file

Submit Suspicious Files

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team. 

https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

Hello,

I would suggest you to check this Thread: https://www-secure.symantec.com/connect/forums/how-delete-0

What version of SEP are you carrying?

Checking it carefully, found this:

Your Symptoms looks very similar to these as below:

You run a scan multiple times and it continually finds threats previously quarantined in C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine. A full system scan will find the files and claim that it successfully quarantined the file but will be found my another full system scan in the same location.

Cause: Unknown. It is suspected that the SRTSP is a middle point for the main quarantine typically located in C:\Documents and Settings\All Users\Application data\Symantec Endpoint Protection\Quarantine 
 
Solution:

Disable the System Restore from the Machine.

When trying to access C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine you will probably get an access denied.

1. Right click on the folder, go to Properties then Security.
2. Add the user who is currently logged on with Full Control.
3. Open command window (Start > Run > cmd).
4. At command prompt, navigate to the directory (cd "C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine")
5. Delete all files by typing the command del *.* and hit enter.
6. Restore the default privileges by removing the user added with Full Control.
7. Initiate a full system scan.

Hope that helps!!

Hi Anish,

Kindly update us about your virus related problem?

Are you able to identify the source?

I'm afraid the attack won't stop until you track the source and clean it all together...

Hi,

whenever a user in our network try to share some folders, the virus is found. Users have been told not to share folders. At the same time, the application currently running on the machine is planned to be put in a dedicated machine. Will have to perform few other stesp once the user is free. Thanks for your suggestions.

Regards,

Anish

Hello,

Are all the client machines installed with Latest and updated SEP client??

Could you please make sure you have the machines run a Full scan on them.

And when the users share a drive or a folder a strong password protection to be used.

I would also recommend you to disable the AutoRun Feature via GPO.

To find the Source of the Threat, it is advised to Enable the "Risk Tracer" feature from the SEPM.

Risk Tracer -

http://www.symantec.com/docs/TECH102539

Hope that helps!!

Hi,

Is there any inbuilt option in windows 7 or XP with this password protection for shared folders?

Regards,

Anish

Hello,

You cannot password protect individual folders in XP. You restrict access by assigning permissions to drives, folders and files.

Check this Article: http://support.microsoft.com/kb/307874

Whereas in Windows 7 you could turn on the password protected sharing, check this Article: 

http://windows.microsoft.com/en-US/windows7/Share-files-with-someone

Hope that helps!!

Hi

Please scan the system in safe mode

Regards