Endpoint Protection

 View Only

  • 1.  Repeted same W32.Downadup.B virus on same clients daily.

    Posted Jul 18, 2009 12:44 AM
    Hi,

            In my organization Symantec Server (SEPM 11.0.4000.2295) is used.

            But every day symantec shows W32.Downadup.B virus on same repeted clients (near about 20 clients) & also shows Actual action (taken by SEP) is Cleaned by deletion.
     
            Why SEP shows same virus on same clients every day.

            Plz guide how i can resolve this problem.

    And also one another problem is SEP shows W32.Downadup.B & Trojan Horse virus infection in d:/Documents and Settings/All Users/Application Data/Symantec/Symantec Endpoint Protection/xfer/4a5968f1.tmp folder, and shows Actual action (taken by SEP) is Quarantined.

          Plz guide for how to fix this problem.

    Thanks,

    Kailas




  • 2.  RE: Repeted same W32.Downadup.B virus on same clients daily.
    Best Answer

    Posted Jul 18, 2009 12:54 AM
    These are 2 diffrent issue.
    if the detction in Xfer folder you need to delete all TMP folder in that location and everything inside quarantine folder.
    For downadup.B are these computer updated with all security patches up to date not just one related to Downadup.
    Run a full scan in safe with Rapid Release.


  • 3.  RE: Repeted same W32.Downadup.B virus on same clients daily.

    Broadcom Employee
    Posted Jul 18, 2009 02:08 PM
    hi,

    But every day symantec shows W32.Downadup.B virus on same repeted clients (near about 20 clients) & also shows Actual action (taken by SEP) is Cleaned by deletion.

    SInce the action taken is deleted, I believe these syste,s are protected, there is/are other syste,m which is infected and spreading the threat. YOu may need to look for such system, one way of approaching to find the infected machine is using the risktracer, risttracer will point to the source machine , you may need to repair that system.

    And also one another problem is SEP shows W32.Downadup.B & Trojan Horse virus infection in d:/Documents and Settings/All Users/Application Data/Symantec/Symantec Endpoint Protection/xfer/4a5968f1.tmp folder, and shows Actual action (taken by SEP) is Quarantined.
    Its safe to remove the tmp files within quranatine folder.

    Cheers
    Pete


  • 4.  RE: Repeted same W32.Downadup.B virus on same clients daily.

    Posted Aug 05, 2009 11:01 AM
    You might want to check the solution at this forum

    https://www-secure.symantec.com/connect/forums/w32downadup

    " Please read this document from Symantec about Downadup

    http://www.symantec.com/security_response/writeup....

    Make sure your systems have the latest windows updates especially the Microsoft Security Update for Windows XP (KB958644)

    You can also download the removal tool which is stated on the KB (Downadup Removal Tool)

    Scan your computer on safe mode and make sure you have the latest virus definition updates."

    from Paul Mapacpac