SEP 11: Newbie trying to battle browser hijacking and fake AV apps
Updated: 25 Sep 2010 | 5 comments
We have SEP 11.05 on our corporate network. But in the last month we have been getting crushed by fake AV app infections, seemingly thru browser hijacking. Being a little new to this Im trying to wrap my head around methods to combat this and understand why SEP11 is not protcting us from these. Wrong product for the job? All components of SEP are on and set to protect.
Any insights and education appreciated!
discussion Filed Under:
Comments
Following this article
Following this article should help curbing those
https://www-secure.symantec.com/connect/articles/how-use-sep-protect-against-rogue-browser-helpers
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Hi some thngs to try. Frist
Hi some thngs to try. Frist make sure you are doing windows updates and all pcs are updated.
Next try to run some free online scanners. House call is one of them from Trend Micro.
Does SEP find any thing when you scan the PCs?
Thnks for the info. I will
Thnks for the info. I will get reading.
SEP hasnt caught any of these either before the attack, during or after. Kinda weird. Combofix and Superantivirus blow SEP out of the water in terms of detection and removal of these fake AV attackes and browser hijacks.
Thread that May Help
Hi Gunslinger,
Make sure that you are using SEP's IPS (not just AV alone) and have heuristic / bloodhound protection at its Maximum level.
There are some details and links in the following thread that may help: SEP and FakeAV
Thanks and best regards,
Mick
With thanks and best regards,
Mick
I would make sure to block
I would make sure to block sites such as facebook, myspace, youtube and the like. These FakeAV threats are spread *mostly* by these kinds of sites. The thread that Mick posted would be helpful as well.
Mike
Would you like to reply?
Login or Register to post your comment.