Video Screencast Help

SEP 12.1 doesnt detect nothing and a "Microsoft Essential could do it "

Created: 13 Jun 2013 | 6 comments
J3d1's picture

SEP 12.1 doesnt detect nothing, but micosoft essential discovera ftp trojan what i can do if my SEP is not doing nothing..

Operating Systems:

Comments 6 CommentsJump to latest comment

.Brian's picture

Submit the sample here

https://www.symantec.com/security_response/submits...

See here as well:

Scanning a file with a competitor's antivirus program detects a virus, but scanning with Symantec AntiVirus or Symantec Endpoint Protection does not

Article:TECH98929  |  Created: 2000-01-06  |  Updated: 2012-09-13  |  Article URL http://www.symantec.com/docs/TECH98929

 

What did MSSE detect it as?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Rafeeq's picture

Please submit the samples

What to do when a competitor's antivirus, adware scanner, or spyware scanner detects a threat that Symantec AntiVirus does not detect

http://www.symantec.com/business/support/index?page=content&id=TECH99494

 
J3d1's picture

What did MSSE detect it as?

TrojanDonwloader:BAT/Ftper.gen

.Brian's picture

Do you still have the file?

Submit to Symantec as well as virustotal to verify that Symantec is/is not detecting:

https://www.virustotal.com/

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture

Hello,

As per VirusTotal, TrojanDonwloader:BAT/Ftper.gen is being detected as "Trojan.Gen" and "Trojan.ADH",  however, this could be a new variant.

https://www.virustotal.com/en/file/36e4f70d2a05ae115b8f0e01dd1c5a7264f9c7063e6aca5a69b9f92034b8d640/analysis/

https://www.virustotal.com/en/file/711c038277f0ee407ec0f1ba3e8a4e26c2af7cda329f509e77b164d2e57ff91c/analysis/

Could you please zip each of the files and submit the zip files (without password) to the Symantec Security Response Team on : 

https://submit.symantec.com/websubmit/essential.cgi

We also offer a self-service site to analyze files, at http://www.threatexpert.com, which can give you more information on the files you submit to it.

Check these Articles:

What to do when you suspect that a Symantec AntiVirus product is not detecting viruses

http://www.symantec.com/docs/TECH99222

Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/using-symantec-help-symhelp-tool-how-do-we-collect-suspicious-files-and-submit-same-symante

Check this Thread with similar issue:

https://www-secure.symantec.com/connect/forums/trojandownloaderwin32stegvobd-not-detecting-ysmantec

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

J3d1's picture
This case was in the client where i give support. they used the AV competitor and
delete the sample