Video Screencast Help

Malware not detected

Created: 04 Apr 2013 | 10 comments
OomBoom's picture

Hi All

 

I have a client with Win 7 Sp1 and SEP 12.1 with latest Definistions. Full scan shows that the PC is clean. When the technician on site uses malwarebytes it picks up "PUP.Software.Updater". Any ideas why Symantec would mis this or ignore this?

Operating Systems:

Comments 10 CommentsJump to latest comment

Rafeeq's picture

Idelly you should not use two AV active on a single machine.

Symatnec would pick up other AVs sometimes. if you still want to use that then you need to exclude that file under centralized exception

 

Creating Centralized Exceptions Policies in the Symantec Endpoint Protection Manager 12.1

 

http://www.symantec.com/business/support/index?page=content&id=TECH183201

OomBoom's picture

Not sure nut I think you misunderstood. I am wondering WHY SEP does not pick up the virus.

Rafeeq's picture

I'm sorry I totally misread that. Please submit the sample to symantec for further analysis. 

 

What to do when a competitor's antivirus, adware scanner, or spyware scanner detects a threat that Symantec AntiVirus does not detect

W007's picture

You will  need to submit the sample to security response

http://www.symantec.com/security_response/submitsa...

 

Using Symantec Help (SymHelp) Tool, how to Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

http://www.symantec.com/docs/TECH203027

https://www-secure.symantec.com/connect/articles/using-symantec-help-symhelp-tool-how-do-we-collect-suspicious-files-and-submit-same-symante

 

Look this discussion

https://www-secure.symantec.com/connect/forums/vir...

 

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Chetan Savade's picture

Hi,

It might be a false positive by other antivirus.

Folowing point is very important in this article: http://www.symantec.com/docs/TECH99494

Be aware that third-party antivirus products are often designed with a different purpose in mind, and therefore employ a different scope of detection. Symantec security products such as SAV and Symantec Endpoint Protection (SEP) are intended to balance detection of legitimate threats with a level of false positive detection acceptable to enterprise-class computing environments with thousands or even hundreds of thousands of seats. A repair tool-type product that runs on a single machine and is not centrally monitored or managed may be far more aggressive - thus detecting some threats that SAV or even SEP may not - but often at the cost of a much higher false positive detection rate, sometimes as high as 40%. When evaluating the detection performance of antivirus products, it is important to understand that a straight apples-to-apples comparison between such third-party products and SAV or SEP is not valid, because the high false positive detection rate associated with such products would have an unacceptable impact on a large computing environment.

However to get it assured submit the suspicious files to Symantec security response team for further analysis.

Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files in SEP 12.1  and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/u...

Symantec Help (SymHelp)

http://www.symantec.com/docs/TECH170752

You can scan the machine using Symantec power eraser tool also.

Use Power Eraser to detect threat and remove them

http://www.symantec.com/theme.jsp?themeid=spe-user...

 

 

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

SameerU's picture

Hi

Please log a case with Symantec on 0008004401457 and submit the file to Security Response for analysing

Regards

 

 

.Brian's picture

What is the installer?

"PUS" stands for Potentially Unwanted Software which doesn't necessarily mean it is bad. Not sure which AV you used but other AV vendors could handle this differently.

But to be safe I would submit to Symantec for review

https://submit.symantec.com/websubmit/gold.cgi

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

OomBoom's picture

the technician used malwarebytes to scan.

Virus that was picked up - PUP.Software.Updater

 

I will submit the files to Symantec.

Mithun Sanghavi's picture

Hello,

Submit the Suspicious file to Symantec Security Response Team on 

https://submit.symantec.com/websubmit/essential.cgi

We also offer a self-service site to analyze files, at http://www.threatexpert.com, which can give you more information on the files you submit to it.

I would suggest you to work on the Steps provided in the Article:

What to do when you suspect that a Symantec AntiVirus product is not detecting viruses

http://www.symantec.com/docs/TECH99222

Scanning a file with a competitor's antivirus program detects a virus, but scanning with Symantec AntiVirus or Symantec Endpoint Protection does not

http://www.symantec.com/docs/TECH98929

Later, incase of suspicious activity still happening, then follow the steps provided in the Article below:

Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

Here's some advice from Security Response on how to make the best use of SEP.  Auto-Protect with traditional AV derfinitions alone is not enough for a complete defence against today's sophisticated threats: using IPS, Insight etc is crucial.  And, of course, educated users following best security practice... that';s the best protection.

http://www.symantec.com/theme.jsp?themeid=stopping_malware&depthpath=0

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.