Video Screencast Help

System Guard 2009, not protected using latest Endpoint protection

Created: 09 Apr 2009 • Updated: 21 May 2010 | 4 comments

I recently joined my company and they bought Symantec Endpoint Protection 11 for all of the workstations. In the last two weeks I've had two users with spyware issues, the latest with System Guard 2009. EP 11 didn't find either, even when I specifically told it to search the folder which was the spyware executable in it. I had to download Spybot to remove it.

Is there some setting I should change to make EP11 work better? I'm fairly disapointed in it at the moment since we spent who knows how much and a free application fixes it. Thanks for any tips.

Comments 4 CommentsJump to latest comment

A.G.'s picture

SystemGuard2009 should be protected against as part of the latest virus definitions. Do you have the latest definitions?

Please see this Security Response entry for protection against SystemGuard2009.

http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-031311-4206-99&tabid=1

You can also view the risks you should be protected against at the endpoint. To do so,
1. Bring up the SEP Client UI.
2. Browse to Status --> AV and AS Protection --> Options --> View Threat List.

SAM_SHAIKH's picture

Hi Sbecktell,

It could be the new variant of SystemGaurd2009.

Open a case with Symantec Technical support and further they will provide you with the Loadpointutility.

Submit the report to them, and they will ask you to submit some files to Security Response team which they will further analyze and publish a RR definition.

What I would recommend you is to apply the latest RR definition initially and scan the machine in Safemode with system restore OFF.

For donwloading the RR definition, visit the below link....

http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=rr

Rgrds,
SAM

SAM_SHAIKH's picture

Hi,

Also make sure that your Realtime Autoprotect scanning is running..

Rgrds,
SAM

Symantec World's picture

Hi,

I also think that this is a new variant,

First please upload this to Security Response..

Regards, M.R