Endpoint Protection

 View Only

  • 1.  Symantec Endpoint Protection Quarantined Trojan.Gen

    Posted Dec 19, 2011 10:10 AM

     I have noticed in the Virus and Risks Activity Summary on SEP 12.1 Manager Console that one workstation is showing the virus Trojan.Gen as being quarantined. It does not show the computer is infected, so I think I am ok and it only shows this on one workstation. Is there any steps I need to take when a virus is quarantined, like when the pc is infected?



  • 2.  RE: Symantec Endpoint Protection Quarantined Trojan.Gen

    Trusted Advisor
    Posted Dec 19, 2011 10:17 AM

    Hello,

    Could you please let us know the File name and path of the File, SEP is detecting??

    Trojan.Gen is a generic detection for many individual but varied Trojans for which specific definitions have not been created. A generic detection is used because it protects against many Trojans that share similar characteristics. 

    There is nothing to worry and you need not require any steps to be performed when a file is Quarantined.

    Quarantine is a special location that is reserved for infected files and related system side effects. For security risks, the client quarantines the infected files and removes or repairs their side effects. The client logs the detection if it cannot repair the file.

    NOTE: In the Quarantine, the virus cannot spread. When the client moves a file to the Quarantine, you do not have access to the file.

    When Symantec Endpoint Protection repairs a virus-infected file, you do not need to take further action to protect your computer. If the client quarantines a security risk-infected file, and then removes and repairs it, you do not need to take additional action.

    However, if you could let us know the answers to the above Questions to understand the Threat and its path of detection.



  • 3.  RE: Symantec Endpoint Protection Quarantined Trojan.Gen

    Posted Dec 20, 2011 04:31 AM

    I agree with Mithun's advice, above.  If you do have any reason to suspect that there may be suspicious files or activity on that workstation, I recommend runnign a full system scan on it, then running the SEP Support Tool with Load Point Diagnostics option selected.  That should locate any unusual/suspicious files that you may wish to look into further.

    Hope this helps! &: )



  • 4.  RE: Symantec Endpoint Protection Quarantined Trojan.Gen

    Posted Dec 21, 2011 07:44 PM
      |   view attached

     Hi Hi! I have attached a word doc with a screen shot of the two file paths that are quarantined on the workstation. Thanks for the help!

    Attachment(s)

    docx
    Files Quarantined.docx   17 KB 1 version


  • 5.  RE: Symantec Endpoint Protection Quarantined Trojan.Gen

    Trusted Advisor
    Posted Dec 22, 2011 12:51 PM

    Hello,

    As we see the screenshot, you have send below.

    These files are from F drive.

    Is F drive a Local Drive / Removable Drive / or Mapped Drive??

    Please Turn off autorun.inf , Disable the System Restore from the machine.

     

    Preventing a virus from using the AutoRun feature to spread itself
     
     
    Cannot repair, quarantine, or delete a virus found in the _RESTORE or System volume information folder
     

    Once done, Run a Full scan again.

    Hope that helps.