Endpoint Protection

I am a regular user of Symantec endpoint protection. Update Symantec daily basis and scan also. But yesterday I was uninstalled Symantec endpoint protection for testing purpose and installed other AV. I was surprise this AV detects lost of virus in my system. Which was Symantec neglect thats all file. Why this happens again and again with Symantec I don’t know. If this is variants so how would know people about this? And this is not right ways of daily and again again submit virus sample Symantec security response.

Can you post examples of the detections and file locations

This always happens and is usually just due to trace elements left behind during normal cleanups etc.
Run the AV you have installed now for a few months and then uninstall and put Symantec back on there and do a full scan.
I will bet that it finds traces of malware as well.

Thx for reply zer0,

Yes other AV detect this suspicious file most RECYCLER, System Volume Information and other file & folder.I have also put Symantec & update also perform full scan but not detect any virus. Already that’s suspicious file detect other AV.
 
 

Symantec has lowest False positive ratio and thats one of the major reasons for them to be the leaders.  Symantec detects the file on the basis of the hash value & not on the basis of name. hence you will need to submit the suspected file to the security team & they will release the definitions for the suspected threat.

Please read this Symantec KB -

Scanning a file with a competitor's antivirus program detects a virus, but scanning with Symantec AntiVirus or Symantec Endpoint Protection does not

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2000100610314948

I'm curious to know what this other product is.  I hope it is not a 'fake AV' program!

(Whatever you do, please do not post the actual suspected files themselves to the forum.)

sandra

Why this happens is again with Symantec I don’t no.
I fond lots of virus in my machine which was Symantec not detect.
 Earlier I am use SEP MR6 MP1 with latest virus pattern file.
For testing purpose I use other AV, I am surprise this AV detect lots of virus which was Symantec couldn’t.
If this is virus than why Symantec not detect. Symantec person said me send me suspicious file, so its may be Symantec wants go to every folder and search their is any suspicious file or not. I appreciate Symantec further and components, but Symantec detection rats are very poor.
Find attach file for same.

many of them are from System volume information.
You need to disbale the system volume information before scan and can renable after the scan is complete.

Few of the files which are from Symantec are also detcted as a threat, it is obivious :-).

some of the files like keygen and games are detcted as threat, these files can be uploaded to Symantec for further analysis.
https://submit.symantec.com/websubmit/essential.cgi

do let know on forum if these are threat.

I don' t want go every folder of system and submit file to Symantec. why other AV dected this all of thinkg and Symantec couldn't.

@ Sameer,

Are you running SEP with the recommended Security Settings?

Security Response recommends the following Scan Settings

Antivirus Security Setting	Default Setting	High Security Policy	Security Response Recommendation
Lock settings	Some	Some	All
Remediation: terminate processes	No	No	Yes
Remediation: terminate services	No	No	Yes
Auto-Protect action taken for security risks	Quarantine/Log	Quarantine/Log	Quarantine/Delete
Network Auto-Protect	Disabled	Enabled	Enabled
Bloodhound Level	Default (2)	Default (2)	Maximum (3)

Security Response recommends the following setting changes to Truscan for best protection

Truscan	Default Setting	Security Response Recommendation
Scan Sensitivity	9/Low	100
Action on Detection	Log	Terminate
Scan Frequency	1:00	00:15

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010020308592948

I see a LOT of false hits there, as well as hits that actually are not threats on a normal computer.
In short, I guess I don't see much to worry about - other than the uninstall files and key generators you have on your computer.
From thelooks of things, you may be inviting a few things there with, ehem, keygen files for stuff you downloaded from certain sites?
"crack"?
keygen?
anytime I see files such as that, I must assume the computer has been used in some real danger zones.

unmario is - MY GUESS - an uninstaller, safe file, being detected as a threat when it's not. that happens with uninstall files at times. doesn't mean it's a risk - it's because of the actions of uninstallers.

frankly your post causes me to question your "new software" more than the symantec stuff.

My question would be how do you expect to download and use software cracks, keygens, and pirated software like that copy of Norton Internet Security 2010, and not get infected with viruses?

I really wanted to type that, but bit my fingers instead.....................

 What about RECYCLER & System Volume Information? Symantec not detect also if I perform full scan system in a safe mode with disable system restore option & (recommended Security Settings). How would people know which are infected file. Every time Symantec said he want those file which are failed to detect by Symantec. I thing this process have to change Symantec response team.

By default, Windows prevents System Restore from being modified by outside programs. Because of this, any repair attempts made by antivirus software will fail. To work around this, you must disable System Restore, and restart the computer.

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2002011610560348

it detctes the threat from recycler as far i have experienced.