Endpoint Protection

 View Only
  • 1.  Problem with virus

    Posted Jun 02, 2011 12:00 PM

    Hi,

    I'm looking if anyone is having the same problem that I'm having, there is about 2 months I having a problem with a virus that is hidden folders on my file server. 

    I've sent many times the suspicius files to Symantec but every week I get the same problem back.

    I follwed all the steps that has been recommed buy Symantec like disable autorun, virus definitions, microsoft patchs even removable devices are allowed only for people that really need to use, but i still having the problem with the virus.

    In addition all my machines has this patch applyed http://www.securityfocus.com/bid/41732

    Is it anything else that a can do to sort out my problem.

    My SEP version is : Ru6 MP1

    Thanks!



  • 2.  RE: Problem with virus

    Posted Jun 02, 2011 12:20 PM

    What is the risk you are dealing with? Without this information it is nearly impossible to provide any recommendations.

    When you submit the files, are you immediately receiving a report stating that the files are associated with a risk?

    If you run system scans on the file server are the files detected by SEP?

    What features of SEP client are installed in your environment? e.g. Antivirus and Antispyware, Proactive Threat Protection, Network Threat Protection.



  • 3.  RE: Problem with virus

    Trusted Advisor
    Posted Jun 02, 2011 12:24 PM

    Hello,

    Please Explain the Issue in Detail.

    It is important to understand the Symptoms you are facing in detail so that we could assist you appropriately.

    I understand that you are having a Hidden Folders on the File Server. And you have send Suspicious Files to Symantec.

    However, you haven't specified, if they are hidden, how did you come to know about them and What were the results of the Submission?

    How many machines do you have in Network and Is that the hidden folders found only on FileServer?

    Did Symantec ever detect Threats? If yes, what were those?

    If you could upload the Risk Logs from Symantec Endpoint Protection?



  • 4.  RE: Problem with virus

    Posted Jun 03, 2011 09:03 AM

    I got about 400 machines on my network all the workstations are running with all features and the servers are running with Antivirus, anti-spyware and NTP.

    We started having the virus changeup, a few days ago we had trojan.ADH.2.

    I know that is getting hidden when users complain about the folders and the only way to unhidden the folders is using attrib. And most of times when i look insade of the folder after the problems beging with the folder, I find suspicius files and when we submit files to websites like virustotal.com there are many brand that already detect the files but SEP are not detecting.

    I'm getting problem only with the file server. 

    And what is strange is on my SEP console there is nothig point virus the console is always green and health.

    Thanks!

     

     

     

     

     



  • 5.  RE: Problem with virus

    Posted Jun 03, 2011 06:59 PM

    Is the AV software on your fileserver up to date? Have you submitted any files to the Security Response website?