Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

SEP's detection of Antivirus Plus

Updated: 21 May 2010 | 4 comments
bjohn's picture
bjohn
0 0 Votes
Login to vote

User with the latest version of SEP with the latest definitions, clicked on some web pop-up and managed to get Antivirus Plus installed on her machine. Shouldn't SEP have stopped the installation of this program? I ran a scan afterwards, it did detect Trojan.Fakeavalert. Although when I tried to delete the file that the scan found, the SMC gui froze.
I had to manually remove the fakeav installation.

sigh... wish SEP worked better.

discussion Filed Under:
, ,

Comments

teiva-boy's picture
22
Jun
2009
0 Votes 0
Login to vote
teiva-boy

Misconfiguration?

 Two things come to mind rather than blaming SEP immediately..

1.  Was TruScan enabled?  The default is to log only.  Yes, infect me, and log it, don't do anything about protecting me.  It needs to be changed to quarantine or terminate.
2.  Was IPS enabled?  Many people only deploy the AV/AS package in fear of breaking things..  But today's viruses are nasty requiring things like IPS.



In regards to the trojan.fakeavalert trojan, it was first detected and def's created in late 07.  

There is an online portal, save yourself the long hold times. Create ticket online, then call in with ticket # in hand :-) http://mysupport.symantec.com "We backup data to restore, we don't backup data just to back it up."

Ajit Jha's picture
22
Jun
2009
0 Votes 0
Login to vote
Ajit Jha
Accredited

Is it removed now??? Is

Is it removed now??? Is symantec detecting and deleting those viruses?? If not u may use a third party utility calledCombofix.exe to clean it

Regards'

Ajit Jha

Technical Consultant

STS

pete_4u2002's picture
22
Jun
2009
0 Votes 0
Login to vote
pete_4u2002
Symantec Employee

Trojan.Fakeavalert is threat

Trojan.Fakeavalert is threat for which Symantec has signature. If the file was downloaded on the system, then I guess the autoprotect is not functioning, because if you scan the file it is detecting the threat. Hence Autoprotect might have been disabled or you would have excluded the files from scanning.

Cheers
Pete

Cheers!
Pete

Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619

Paul Mapacpac's picture
22
Jun
2009
0 Votes 0
Login to vote
Paul Mapacpac

Re

Hi, the does the user have admin rights on the PC? this could have caused the installation.

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,794