Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

Symantec Anti-Virus question

Created: 19 Feb 2013 | 5 comments
JCP's picture

Not sure if I'm posting this in the right place or not, but here it goes....

Symantec End Point Anti-Virus... Lately i've been seeing alot of PC's on our network who are infected SEP finds the threat, tags it and kills it.  But is that enough? In a recent report (Top sources of attack) i saw over 15pc's with over 500 hits each... I believe the product is working as intended, but I suspect that it may be a better idea to just re-image these machines... I'm hoping someone else has seen something like this...

 

Any thoughts?

Thank you!

Comments 5 CommentsJump to latest comment

.Brian's picture

make sure you have a look at this for best practice:

Security Response recommendations for Symantec Endpoint Protection 12.1 settings

Article:TECH173752  |  Created: 2011-11-07  |  Updated: 2011-11-21  |  Article URL http://www.symantec.com/docs/TECH173752

 

The default out of the box settings need to be tweaked for better protection

Have you been able to investigate some to find out exactly what is causing it? Maybe a user plugged in an infected USB drive? Or they visited a malcious web site?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

JCP's picture

Wow Brian! Thank you for the quick reply... I am looking at the article url now. 

I believe we have SEP setup out of the box.  I'll have to get my head around this KB that you provided.

The reason for my concern was that I'm seeing way too many PC's infected and yet, Symantec kills the threat, I'm just wondering if all were doing here is a Cat and Mouse chase...

I'm pretty sure all of this activity is a result of our large user community and peoples surfing habits.  I'm just thinking it may be best to pick the top 20 machines that are repeat offenders and re-image them.  Once a virus has been found, it will delete/quarantine it, but I'm just curious about installer files remaining behind etc...

 

 

.Brian's picture

Also another good article written by a community member, teiva-boy:

http://www.symantec.com/connect/forums/sep-secret-...

But most definitely will need to tweak if only using out of the box protection. Some protection is there but to get optimal you will need to make some changes

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Seyad's picture

Probably the infection is on one of the computers in the network and is trying to spread to the other computers in the network by some means (the most common way is by using a shared folder and autorun.inf). In such cases, even if the risk is detected and removed on an infected computer, the risk recurs again and again as long as the source of the infection remains in the network. You will need to take measures to stop further spreading of the risks (such as disabling autoplay in the entire network) and then work on finding the source computer of the risk (by using SEP features such as Risk Tracer) and clean it.

You may try follow the article below to help you in completely removing the infection from the network.

Remediating risks on the computers in your network
Article URL http://www.symantec.com/docs/HOWTO81376

Best Practices for Troubleshooting Viruses on a Network
Article URL http://www.symantec.com/docs/TECH122466

Preventing a virus from using the AutoRun feature to spread itself
Article URL http://www.symantec.com/docs/TECH104447

SameerU's picture

Hi

Please scan the systems in safe mode

Regards