Endpoint Protection

 View Only

  • 1.  SEP v11 and Malware takeovers

    Posted Aug 15, 2009 09:28 PM
    Hello all,
    Not sure if anyone on here would be able to shed some light on an issue I just encountered.  I run Endpoint V11, with latest definitions for the AV as of yesterday and the Network Protection as of a few days ago.  This morning my Computer was hacked by the Malware "PC Security 2009"....and after several frustrating hours of trying to locate the executable file to rename and delete...I have functionality back.  In the process of running a detailed scan now.  My question is this...how do I configure my Endpoint to better fight off these attacks from malware if it's even possible.  Fully understand that nothing is totally 100% especially with so many are out there looking to do harm.  Any advice would help greatly.

    Thanks,
    Zen


  • 2.  RE: SEP v11 and Malware takeovers

    Posted Aug 15, 2009 09:44 PM
    First start off by saying I am glad you were able to locate the .exe and delete it, but you should also do a full scan in safe mode (with system restore off). This is step number 1 when facing a virus. Deleting the .exe alone is not enough since virus can make new .exe change registry values ect ect. So do that first. Next to your question I will ask you a question ; ) . What components of SEP do you currently have installed? Is this a business or personal computer? Is it connected to a network? We really need to know these sorts of specifics because the answers are different in different situations. In general I would say one thing to do if you haven't already is disable autorun. If you are someone like me that uses thumb drives a lot this is a priority. Not safe anymore without disabling it. Second thing to do is to make sure all the computers on your network are staying fully up to date. Last general piece of advice I have is to not do stupid things with your computer. Like download torrents or visit questionable sites, or open attachments without scanning. These sorts of things. The number 1 reason people get viruses is because of users not treating their computers correctly. However with how things are today even the smartest users still can get viruses, so being smart about things isn't always enough.

    If you are able to give me more specifics on your network/machine I can give more specific advice. Oh and one thing I forgot is to have a more aggressive scanning schedule ie) full scan at least once a week.

    Hope this helps,
    Grant-


  • 3.  RE: SEP v11 and Malware takeovers

    Posted Aug 16, 2009 02:13 AM

     

    Please follow the following steps :
    1.       Install all the 3 components of SEP ( AV and AVS, NTP and PTP)
    2.     Always update the virus definition Virus definitions and IPS signatures
    3.     Use the lowest privileged user possible:
    4.     Disconnect Mapped Drives:
    5.     Disable autorun functionality:
    6.     Patch your OS with latest security Updates
    7.     Password protect any shared folders, close open shares and enforce the use of strong passwords:
     
     
    The 5 Steps of Virus Troubleshooting
    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007011014341948


    Security Best Practice Recommendations from Symantec

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009010808340848