Video Screencast Help

Symantec antivirus rescue in pre-windows enviroment pxe-boot

Created: 09 Oct 2012 | 3 comments

Hi,

    Other antivirus companies have some kind of pre-windows rescue antivirus versions on usb, cd, hdd etc. In most situations you can boot form it, run live internet definition update and scan hard disks. Is such tool from symantec? 

    We have SEP 12.1 upgraded to latest version, but sometimes i need to scan really infected computers before Windows loads, sometimes i use avg free rescue on usb, or kaspersky, but i bought symantec and i would like to use such tool from this company.  Actually my dream goal would be make pxe boot enviroment, we already have virtualization, i woukd set up small/free/linux pxeboot server with antivirus and scan computer remotely. I already found few examples with pxe-boot and kaspersky, here is one http://www.youtube.com/watch?v=BKYQtLELFcI , and found in web about other solutions. But what about symantec? Is there such thing from one of biggest av vendor? 

Sorry if there already is such step-by-step guide in forum, but i posted new one.

Thanks,

janis.

Comments 3 CommentsJump to latest comment

elango252006's picture

 

Hi Janis,

SERT (Symantec Endpoint Recovery Tool) is one that could be most relevant to your expectation. More info about this tool is found in the links below:

 http://www.symantec.com/docs/TECH131732

http://www.symantec.com/connect/videos/symantec-endpoint-recovery-tool-sert

http://www.symantec.com/connect/forums/download-symantec-endpoint-recovery-tool

Hope this information is useful to you...

 

Cheers!

Elango M.

 

 

 

Best Regards,

Elango Mathivanan

CCNA, SCS (SEP 12.1)

Please do not miss out to mark "solution" for those posts that meet your expectations:)

Chetan Savade's picture

Hi,

How To Use the Symantec Endpoint Recovery Tool with the Latest Virus Definitions

http://www.symantec.com/docs/TECH131732

How to make the Symantec Endpoint Recovery Tool boot from a USB memory stick

http://www.symantec.com/docs/TECH131578

Please go thought the following article as well:

How to Customize Symantec Endpoint Recovery Tool (3rd Party Utility Integration)

https://www-secure.symantec.com/connect/articles/h...

Symantec other tools information:

https://www-secure.symantec.com/connect/articles/s...

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Mithun Sanghavi's picture

Hello,

As with any AV product, make sure you have the latest Antivirus signatures. For Symantec products, start with downloading the latest Rapid Release definitions.

Next, boot into safe mode and running a Disk Cleanup (right-click the C drive, Properties, Disk Cleanup) - that will delete all the files that are in these temporary locations, as well as IE's temporary files, etc.  Perform a full system scan in Safe Mode.

If your AV fails to detect and remove the infection, there are useful tools provided by Symantec for help with finding those hard to detect threats.

1. The Power Eraser Tool eliminates deeply embedded and difficult to remove threats that traditional virus scanning doesn't always detect.

2. If you have access to Fileconnect, the SERT (Symantec Endpoint Recovery Tool) is useful in situations where computers are too heavily infected for the Symantec Endpoint Protection client installed upon them to clean effectively. The Consumer version of this tool is the Norton Bootable Recovery Tool.  The tool is free, so there is no need for a Fileconnect account to download the software.

3. The Load point Analysis Tool generates a detailed report of the programs loaded on your system. It is helpful in listing common load points where threats can live.

4. If you are running Symantec Endpoint Protection, you can use the Network Activity Tool to identify suspicious processes.

5. There are several Threat-Specific Removal Tools provided by Security Response. These tools are designed to detect and remove the most pervasive threats seen in the current landscape. Note, these Threat-Specific tools are not updated, and may prove less helpful as new variants of threats are released in the wild.

If you are unable to remove the threat(s) from your systems, please submit the suspected files to Symantec Security Response or ThreatExpert for analysis. New signatures will be created, and included in future definition sets for detection.

Reference Article:

Is your system infected? Symantec tools to help clear an infection

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.