Endpoint Protection

 View Only

  • 1.  Need Advice with Handling Malware

    Posted Oct 03, 2014 09:20 AM

    I am not sure if this is the proper forum for this, so I apologize if I am breaking etiquette here.

    I have been tasked with developing a procedure on how to handel infected machines and I am looking for advice on the best way to handle a machine that is infected. I am under the impression if Symantec detects malware that I should pull the PC and reimage it immediatly. I am wondering if this is overkill.

    For instance on my machine, Symantec detected a Trojan.Zbot and a Trojan.Maljava. SEP (Symantec Enpoint Protection) detected these and deleted them. I did run Malwarebytes and the scan came clean. I am still tempted to pull the PC and reimage it. Then I began to think, if Symantec detected and deleted the malware, do I really need to do this?

    What is the best procedure when Malware is detected? Should I wipe the PC and reimage it or do I trust SEP when it says it has successfully deleted the Malware?

    I really appreciate any advice on this.

    Thank you.



  • 2.  RE: Need Advice with Handling Malware
    Best Answer

    Posted Oct 03, 2014 11:28 AM

    In a perfect world you'd want to reimage and be done with it. If you can do that then great. If not, get the machine removed from the network and run a full scan on it to ensure it's clean. You can also run the threat analysis scan on it to detect some of the more pesky malware. What version of SEP are you running?

    How to run the Threat Analysis Scan in Symantec Help (SymHelp)

    http://www.symantec.com/docs/TECH215519

    How to collect and submit to Symantec Security Response suspicious files found by the SymHelp utility

    http://www.symantec.com/docs/TECH203027

    Security Response recommendations for Symantec Endpoint Protection 12.1 settings

    http://www.symantec.com/docs/TECH173752

    Security Response recommendations for Symantec Endpoint Protection 11.x settings

    http://www.symantec.com/docs/TECH122943

    Security Best Practice Recommendations

    http://www.symantec.com/docs/TECH91705

    How to scan in safe mode with Symantec Endpoint Protection 12.1 RU1 MP1 and earlier

    http://www.symantec.com/docs/TECH176971

    Scanning in Safe Mode is no longer possible with 12.1 RU2 and later

    http://www.symantec.com/docs/TECH205872

    Is your system infected? Symantec tools to help clear an infection

    https://www-secure.symantec.com/connect/forums/your-system-infected-symantec-tools-help-clear-infection

    Symantec Endpoint Protection – Best Practices

    http://www.symantec.com/page.jsp?id=stopping_malware

    Best Practices for Troubleshooting Viruses on a Network

    http://www.symantec.com/docs/TECH122466

    Eliminating viruses and security risks

    http://www.symantec.com/docs/HOWTO27280