SEP 2.1.2015

MacOS 10.9.4

On 7/23 and 7/31 I've been notified that I have Trojan.Gen.2. Seems to be via the Auto Protect function vs. a Full Scan.

I've read some old forum's that says this is a PC only problem, but it's still annoying to get the messages that this has been found and it cannot be removed.

Here's a copy of the History info:

Any suggestions on what I can do to quarantine or remove this? SEP fails when it attempts to remove it.

Rn this tool to clean it

How to run the Threat Analysis Scan in Symantec Help (SymHelp)

Article:TECH215519

|

Created: 2014-03-03

|

Updated: 2014-07-10

|

Article URL http://www.symantec.com/docs/TECH215519

Have you tried a manual removal?

to Chin_aust - SymHelp is a Windows only tool. Is there a Mac version?

.Brian - I am assuming that manual removal /deletion of the files referenced in the history is what you are describing, correct? Probably not a big deal for the com.vsearch files. I'm concerned about the other ones as I saw one of the SEP warning messages said it was associated with the Apple "Report Crash" utility. I'm not sure how to validate that.

I am assuming that manual removal /deletion of the files referenced in the history is what you are describing, correct? Probably not a big deal for the com.vsearch files. I'm concerned about the other ones as I saw one of the SEP warning messages said it was associated with the Apple "Report Crash" utility. I'm not sure how to validate that. Have you got any ideas on that?

 

SymHelp appears to be a Windows only tool. Is there a Mac version or process?

Seems that may be a false positive? Does anything come up if you run a scheduled/manual scan?

Thanks for the suggestion. It looks like things are getting worse before they get better. It took a couple of hours for the scheduled scan to run. I'm including the new history file for comparison to this morning's results. You'll see that more items, from the same general area, have been added to the infection list.

Any more suggestions?

If you're really running SEP 12.1.2 on Mac OS X 10.9... 12.1.2 not supported on that OS.

System Requirements for Symantec Endpoint Protection, Enterprise and Small Business Editions, and Network Access Control 12.1.2 and 12.1.3
http://www.symantec.com/business/support/index?page=content&id=TECH195325

So where exactly are the files located? You may have to hover the mouse over the file location to see it. You may see more info in the Mac Console logs.

Detections within a compressed file (like a zip file), within the Java cache, or within a Time Machine backup may not be able to removed.

Re: Virus found in TimeMachine, yet not allowed to delete
https://discussions.apple.com/message/21391417

Anti-Virus checker/scanner has detected a virus. Is it related to Java?
http://java.com/en/download/help/cache_virus.xml

Hope this helps,

sandra

There is a similar tool for Mac called GatherSymantecInfo. It might be helpful in trying to track down the full file path where the detected files are located. Bear in mind, though, that 12.1.2 is unsupported on Mac OS X 10.9. Gathering information about Symantec products on a Macintosh using GatherSymantecInfo http://www.symantec.com/business/support/index?page=content&id=TECH134761 sandra

So I guess that 12.1.2015 as it says on the About SEP is really 12.1.2   That's a bummer.

I've been religiously doing product upgrades automatically. In fact, it automatically upgraded me to 12.1.2.

There doesn't appear to be an automated mechanism to get to 12.1.4   I am assuming that I must buy that release? I can't find any way that I am entitled to that product or any way to download it without paying.

Any assistance on that would be appreciated.

Hi JimPo,

If you upgrade to OS X 10.9 from a previous version of OS X and you leave an older SEP Mac client (12.1.2015) intact, it will appear to be functioning normally but it's a false assumption. Symantec's guidance on this is to fully remove the SEP client before updating the OS; this applies to either PCs or Macs.

http://www.symantec.com/docs/TECH134203

You need to use the SEP Mac removal tool, reboot and install either managed or self-managed SEP Mac 12.1 RU4 (12.1.4013 or 12.1.4100). Then I would perform a full scan with latest definitions and report back your findings.

You can download the SEP Mac removal tool from:

ftp://ftp.symantec.com/misc/tools/mactools/RemoveSymantecMacFiles.zip

You asked how to get the updated version. How did you get the version you are running? Was it provided by your employer? If so, touch base with your IT department and tell them you need SEP for Mac RU4. LiveUpdate does not update the actual version of the software, only the definitions.

Cheers!

MJD