Endpoint Protection

 View Only

  • 1.  Symantec Power Eraser

    Posted Sep 28, 2011 12:46 PM

    http://www.symantec.com/business/theme.jsp?themeid=spe-user-guide

     

    What threat families is the tool most effective at remediating?

    • SPE is effective against known and unknown threats with the exception of file infectors.

    Does that mean it won't detect any infected files?



  • 2.  RE: Symantec Power Eraser

    Trusted Advisor
    Posted Sep 28, 2011 12:53 PM

    Hello,

    Symantec Power Eraser is designed to complement mainline antivirus applications by detecting and remediating specific types of threats:

    • New variants of existing threats for which there is no coverage by the current definition sets
    • Fake antivirus applications, and other rogueware
    • Rootkits
    • System settings that have been tampered with maliciously

    Because Symantec Power Eraser uses aggressive methods to detect these threats, there is a risk that it can select some legitimate programs for removal. Use standard antivirus applications and troubleshooting techniques first; if they do not remove all of the threats, use Symantec Power Eraser.

     

    Reference: http://www.symantec.com/docs/TECH134803



  • 3.  RE: Symantec Power Eraser

    Posted Sep 28, 2011 12:57 PM

    So the answer is no?

    I want to know if it detects "infected files".



  • 4.  RE: Symantec Power Eraser

    Posted Sep 28, 2011 01:27 PM

    I had a infected server I ran NPE it rebooted and scanned..It removed the threats but after that I installed SEP and ran a full scan and it detected the infected files.

    So NPE only makes sure that there is not active threat on your machine. It lets you install SEP after the scan.

    Again its not a full AV its just used to remove active threats in case SEP has been disabled by SEP or SEP is not getting installed due to threats.



  • 5.  RE: Symantec Power Eraser

    Posted Sep 28, 2011 01:33 PM

    OK.

    Based on your answer, I'm guessing that SPE doesn't detect infected files.



  • 6.  RE: Symantec Power Eraser

    Posted Sep 28, 2011 01:54 PM

    Well again this is my personal expeirence and based on that..yes I have not found it detecting or cleaning Infected files.



  • 7.  RE: Symantec Power Eraser

    Posted Sep 28, 2011 02:57 PM

    SPE is not a replacement for a SEP client but it WILL detect and remove files. I have used this tool to remove new variants of FakeAV many times in the past. Normally this tool is more prone to false positives so when running it be sure to review the files it detects before removing them, as it will delete files. The SPE also has rootkit detection functionality that I have had success with before removing tidserv MBR infections.



  • 8.  RE: Symantec Power Eraser

    Posted Sep 28, 2011 03:38 PM

    <<< Well again this is my personal expeirence and based on that..yes I have not found it detecting or cleaning Infected files. >>>

    I think I have been misunderstood above.

    When I say NPE is not detecting or cleaning infected files it does not mean it is not removing threats or Rootkits or any type of malware.

    NPE WILL remove the Rootkit/Malware or any active threat file from your system. After a NPE scan it makes sure your system is no more infected.

    However the side affect that a virus does like infecting exe's. It will not clean those exe's it will only removethe main threat on the system which is infecting the exe's

    You have to run a Scan from SEP to clean these exe's.

    NPE has been my favourite from a Long time I use it where a threat doesn't allow me to install SEP or where SEP has been corrupted because of a threat.

    Last time when I used this on a machine it cleaned my machine where GMER etc had failed to clean.

     

    Again NPE is not a Antivirus it should only be used where you are not able to Use SEP. It is not a replacement of Antivirus.