Endpoint Protection

 View Only

  • 1.  SEP11 with ccapp.exe

    Posted May 12, 2010 04:12 AM
    Hi

    Recently, I am having a lot of users complain that the SEP11 is disable and does not show up at the right bottom there.
    Another user's pc cannot be shut down and the SEP11 icon is disable too and my colleague found out that because of the ccapp.exe.

    Please kindly advise on why the SEP11 can be disable so easily although there are Trojan like Fire Killer can disable it and how to prevent this from happen again.

    Thank you


  • 2.  RE: SEP11 with ccapp.exe

    Posted May 12, 2010 04:23 AM
    Assure that all SEP services are running.Also enable tamper protection.


  • 3.  RE: SEP11 with ccapp.exe

    Posted May 12, 2010 05:21 AM
    The tamper protection do you mean the Proactive Threat Protection?

    Becausee the SEP11 icon is totally disable and cannot be start back.

    From the CEH study, the solution is to reinstall the SEP11 but how come the SEP11 can so easily be disable?


  • 4.  RE: SEP11 with ccapp.exe

    Posted May 12, 2010 05:38 AM
    tamper protection and Proactive Threat Protection are not same .Both are both.Proactive Threat Protection is behaviour virus scanning and Tam per protection is the protection for thew processes of SEP.


  • 5.  RE: SEP11 with ccapp.exe

    Posted May 12, 2010 05:55 AM
    May I know how to check and enable the Tamper Protection?


  • 6.  RE: SEP11 with ccapp.exe



  • 7.  RE: SEP11 with ccapp.exe

    Posted May 12, 2010 08:37 AM

    Thank you AravindKM.

    If not mistake my SEPM has this setting to protect the Tamper but how come this thing still can happen?


  • 8.  RE: SEP11 with ccapp.exe

    Posted May 12, 2010 08:50 AM
    I don't know the exact reason for this.I am also seen this.SEP will get corrupted and most of the case there will be some virus also will be present.In my observation this is happening mostly to those PCs which is not getting regular updates.In some such cases we have to do a re imaging only.But may times following procedure helped me
    Remove SEP
    Delete following folders if present
    C:\Program Files\Symantec
    C:\Program Files\Symantec AntiVirus
    C:\Program Files\Common Files\Symantec Shared
    C:\Documents and Settings\All Users\Application Data\Symantec
     
    Also delete following reg keys
    HKLM\Software\symantec
    HKCU\Software\symantec
    Install SEP


  • 9.  RE: SEP11 with ccapp.exe

    Posted May 12, 2010 09:12 AM

    I know reinstall is the solution but I don't believe that Symantec does not realize that the SEP11 can be disable by virus so easily.

    I do hope that Symantec can really increase the protection since that I have facing a lot of malware or fake AV which cannot really detect by the SEP11.