Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Malware at SEPM Infrastructure

Created: 27 Apr 2012 | 5 comments
thanos21's picture

Dear all,

We support an infrastructure (SEP Manager 11.0.6 and almost 2000 clients) and i want an answer about the following situation. The following processes have been identified in many of our clients

xz.exe

wcz_hpf2_rosetta.exe

vc.exe

Do you have any information about these processes? I really appreciate it.

Comments 5 CommentsJump to latest comment

pete_4u2002's picture

submit these files to symantec secuirity reponse team to know if these are malware /infected files.

thanos21's picture

Is there a specific procedure that we have to follow about it?

NRaj's picture

Kindly submit these files to Symantec for analysis.

How to Use the Web Submission Process to Submit Suspicious Files

http://www.symantec.com/business/support/index?page=content&id=TECH102419

 

Alternatively you can also submit to the below site.

http://www.threatexpert.com/submit.aspx

Hope this helps.

Mithun Sanghavi's picture

Hello,

I agree with above Comments.

Submit the Files to the Security Response Team.

In your case, you would like to check this Article:

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Beppe's picture

Hi,

just note that nothing can be known about a file just by its name, it is not a unique thing.

You should submit the files to any of the above provided sites (Symantec Security Response, Threat Expert, Virus Total, etc.), the file will be analyzed and you will also get a the MD5 which is something practically unique. You can the use the MD5 to know more about those files if the feedback from the mentioned sites is not enough.

Regards,

Giuseppe