Video Screencast Help

Symantec Endpoint Protection Issues

Created: 03 Feb 2011 • Updated: 08 Feb 2011 | 9 comments
This issue has been solved. See solution.

Hello,

We are running SEP on our network's computers.  We have a server that hosts the SEPMC.  The problem is we have computers still contracting the 'Anti-Virus 2009" Virus.  This is the virus that tells you "Windows has detected a virus"  It's really a pain to remove.  I want to know why Symantec cannot stop this Virus before it gets on the computer?

 

Also,  SEP is getting false postives with JAVA.  Why would SEP think JAVA is a virus?

 

Thirdly, When setting up the SEPMC we created a specific folder on our network for all scan result logs to be saved to.  There are no logs being saved in this folder.  We have the path established in the Console Settings, so why wouldn't it work?

 

Thanks.

Comments 9 CommentsJump to latest comment

VKalani's picture

I want to know why Symantec cannot stop this Virus before it gets on the computer? 

Answer:See  this:

Does Symantec Endpoint Protection protect me from fake anti-virus programs 

http://www.symantec.com/business/support/index?page=content&id=TECH122898&actp=search&viewlocale=en_US&searchid=1296747071472

 

 

Why would SEP think JAVA is a virus? 

Answer:

If you think, SEP is  incorrectly  detecting  a good  file as a Virus, kindly  submit  it  to security  response, for confirmation.

 

We have the path established in the Console Settings, so why wouldn't it work?

Answer: Kindly let me  know where  exacylt  are  those  settings  done in SEPM. Send screenshot

 

 

 

-VKalani

Ameril01's picture

Could you put a link here to the security response?

 

I'll get those screen shots for you.  We administrate many users and want all of their scan logs to be routed to one location which is a hidden folder on our network.  That way we can keep track of who is getting the most threats and such. 

Thanks.

sandra.g's picture

All of those logs are already being forwarded to the SEPM when the client checks in and this information can be gleaned through Monitors and Reports. There is no need to redirect logging.

sandra

Symantec, Information Developer
Installation, Migration, Deployment and Patching
User Protection & Productivity, Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best help

VKalani's picture

It depends on the support contract. The link is https://submit.symantec.com/gold. You can call support, 1-800-342-0652, for knowiong  your  support contract   details

-VKalani

Ameril01's picture

Here is a screen shot from the SEPMC.  This is a Quarentine Folder path EXAMPLE...

 

This never stores the logs in it though.

 

sandra.g's picture

That isn't a folder for the logs; it's the policy assigning a folder for Local Quarantine; that is to say, where a file or files is/are placed on the client when Auto-Protect or a scan deems it/them to be malicious. I am not sure a UNC path will work. Do you mean to use something like a Syslog server?

Which components are installed to your clients? If you're only using AV, then you will want to implement PTP and NTP as soon as possible.

Security Response recommendations for Symantec Endpoint Protection settings
http://www.symantec.com/docs/TECH122943

How to enable, disable, or configure Bloodhound (TM) heuristic virus detection in Endpoint Protection.
http://www.symantec.com/docs/TECH92424

How to increase the sensitivity of Proactive Threat Protection in Symantec Endpoint Protection 11.x
http://www.symantec.com/docs/TECH97855

Best practices regarding Intrusion Prevention System technology [i.e. why you should use it]
http://www.symantec.com/docs/TECH95347

sandra

Symantec, Information Developer
Installation, Migration, Deployment and Patching
User Protection & Productivity, Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best help

sandra.g's picture

Also,  SEP is getting false postives with JAVA.  Why would SEP think JAVA is a virus?

What is the exact detection? What leads you to believe it is a false positive? If it is in a cache file, see the following, from the Oracle (formerly Sun) Java site: Virus found in the cache directory

Is Java completely up to date? Vulnerabilities are frequently patched. The latest build is 6 Update 23.

sandra

Symantec, Information Developer
Installation, Migration, Deployment and Patching
User Protection & Productivity, Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best help

Ameril01's picture

OK,

The Java virus is probably a virus we are detecting.  We do have the latest Java on all machines, so this is an annoyance.

 

I think we interpreted that the Qurantine folder was just a quarantine folder for all computer's who logged a virus.  It would be nice to have a folder with this informaiton to access so easily. Is there any way to setup an admin folder to easily view who has a virus, instead of logging into the SEPMC?

 

Thank you.

sandra.g's picture

Probably it is a .class file within the Java cache being (likely unwittingly) served by a website the user is visiting.

Is there any way to setup an admin folder to easily view who has a virus, instead of logging into the SEPMC?

Not that I can think of that wouldn't be a lot more complicated than just logging into the SEPM, going to Monitors and Logs, and with Computer Status selected, checking under Advanced Options > Compliance Options > and ticking the 'Infected only' before choosing View Log (you can even save this as a filter).

You also have the option of setting up emailed reports through Reports.

sandra

Symantec, Information Developer
Installation, Migration, Deployment and Patching
User Protection & Productivity, Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best help

SOLUTION