Video Screencast Help

pre-sales question: why were these not detected by SEP?

Created: 12 Sep 2013 | 4 comments

We're running a trial and before I ran malwarebytes I ran a full scan with the latest updates with Symantec Endpoint Protection 2013 ".cloud".

It left this behind, which Malwarebytes (free edition) cleaned up.  Why did this happen?

1-KAREN3 - Remote Control 962013 42715 PM.jpg.

Operating Systems:

Comments 4 CommentsJump to latest comment

_Brian's picture

SEP does not have current definitions available to detect them.

I would suggest submitting to security response so they can be created. See these:

 

Scanning a file with a competitor's antivirus program detects a virus, but scanning with Symantec AntiVirus or Symantec Endpoint Protection does not

Article:TECH98929  |  Created: 2000-01-06  |  Updated: 2013-08-02  |  Article URL http://www.symantec.com/docs/TECH98929

 

Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/using-symantec-help-symhelp-tool-how-do-we-collect-suspicious-files-and-submit-same-symante

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

seamanjeff's picture

Ok - so I guess my followup question would be what is Symantec's policy with regard to "grayware" programs such as ilivid, smiley central, mywebsearch... things that change home pages, and search engines and steal traffic without actually taking over the system or doing damage ?

Products like Malwarebytes deal with these neatly.  Does SEP?

_Brian's picture

There is no black or white answer here, it just depends on what they have a signature for. MBAM calls it a "PUP" or Potentially Unwanted Program with the keyword being Potentially. It all depends on their definition.

I know Symantec does have signatures for some of the above you mentioned as well as the ability to alert on the changing of a homepage. Perhaps, Symantec doesn't see a few of these as malicious. I can't say one way or the other but only they can comment on it.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

seamanjeff's picture

Sure would be nice if *I* was the one to decide whether something was unwanted.