SEP's detection of Antivirus Plus
bjohn
June 22nd, 2009
User with the latest version of SEP with the latest definitions, clicked on some web pop-up and managed to get Antivirus Plus installed on her machine. Shouldn't SEP have stopped the installation of this program? I ran a scan afterwards, it did detect Trojan.Fakeavalert. Although when I tried to delete the file that the scan found, the SMC gui froze.
I had to manually remove the fakeav installation.
sigh... wish SEP worked better.
Misconfiguration?
Two things come to mind rather than blaming SEP immediately..
1. Was TruScan enabled? The default is to log only. Yes, infect me, and log it, don't do anything about protecting me. It needs to be changed to quarantine or terminate.
2. Was IPS enabled? Many people only deploy the AV/AS package in fear of breaking things.. But today's viruses are nasty requiring things like IPS.
In regards to the trojan.fakeavalert trojan, it was first detected and def's created in late 07.
Why do people complain about support wait times, when there is an online portal?
http://mysupport.symantec.com
Is it removed now??? Is
Is it removed now??? Is symantec detecting and deleting those viruses?? If not u may use a third party utility calledCombofix.exe to clean it
Regards'
Ajit Jha
TechSuport Engineer
STS
Trojan.Fakeavalert is threat
Trojan.Fakeavalert is threat for which Symantec has signature. If the file was downloaded on the system, then I guess the autoprotect is not functioning, because if you scan the file it is detecting the threat. Hence Autoprotect might have been disabled or you would have excluded the files from scanning.
Cheers
Pete
Re
Hi, the does the user have admin rights on the PC? this could have caused the installation.
Would you like to reply?
Login or Register to post your comment.