Video Screencast Help

TruScan

Created: 05 Jun 2009 • Updated: 24 May 2010 | 12 comments

Do you use TruScan to watch for specific applications?  If so, please post a message.

Comments 12 CommentsJump to latest comment

Nel Ramos's picture

Yes, we use it to detect ultraSurf... it is a IE proxy used by clients.. Truscan could also detect VNC or applications used to barge or intrude computers... thare are a lot to see in truscan... so I suggest you use it since it detected forced or commercial apps that sometimes cause breaches in the netwoks for infections.

thanks..

Nel Ramos

Nel Ramos's picture

Hi JimW,

Here is more...

TruScan proactive threat scans provide an additional level of protection to your computer. Proactive threat scans complement your existing antivirus, antispyware, intrusion prevention, and firewall protection technologies.

Antivirus and antispyware scans rely mostly on signatures to detect known threats. Proactive threat scans use heuristics to detect unknown threats. Heuristic process scans analyze the behavior of an application or a process. The scan determines if the process exhibits characteristics of threats, such as Trojan horses, worms, or keyloggers. This type of protection is sometimes referred to as protection from zero-day attacks.

TruScan proactive threat scans are enabled when both the Scan for Trojan horses and worms or Scan for keyloggers settings are enabled. If either setting is disabled, the Status page in the Symantec Endpoint Protection client shows Proactive Threat Protection as disabled.

Nel Ramos

Ajit Jha's picture

Yes i also use it. Something wrong?

Regard's

Ajit Jha

Technical Consultant

ASC & STS

JimW's picture

I am looking to see if SEP users find this functionality to look for specific applications of value.  If it isnt a feature of high value then we can mark it for removal. If it is of high value then it will stay. The specific function of TruScan that I am asking about is the ability to specify and look for a running process. This was a capability in Confidence On-line that was carried forward that I thought would be of use for detecting running processes you might be concerned about. Admittedly it is an advanced feature.

regards,

 

JimW

 

Jim Waggoner Director Product Management, Symantec Endpoint Protection, Enterprise Security Group, Symantec

Ajit Jha's picture

Okay!!! I thought there is something wrong in it

Regard's

Ajit Jha

Technical Consultant

ASC & STS

dimitri limanovski's picture

We disabled ours in existing installations and do not install it with new clients, as in our tests it proved to be quite useless as a bhavior-based detection engine. It was also extremely CPU-intensive and caused a lot of complaints because of that. 

Nel Ramos's picture

@JimW: actually it is very valuable becuse internet proxies are detected... especially the green apps... those that run as an executable... just a feedback tough is that due to its sensitivity.. we are recieving many false positives..

but no worries... the PROS outweights the CONS...

thanks..

Nel Ramos

tekkid's picture

Jim -

I find it very odd that Symantec would be willing to consider the removal of this feature as the "Zero Day Protection" as advertised by name of TruScan Proactive Threat Scan is considered a major selling point of the product.    Are you referring to the to commerical app detection or keylogger portion of the module or some other feature where it may be possible to create your own whitelist/grey list?   Could you clarify your query/position please?

Ghe21's picture

Its nice to use truscan to because they can detect a virus a any malicious software,,..

RickJDS's picture

Jim - how can we submit an application to be classified as a known category so that we can block the application by category instead of hunting down many MD5's?  An example would be Ultrasurf or Firefox.

Also, posting this type of question is pretty scary in that you're basing the life of a feature on a very limited number of readers and responses.  If you really want responses, I would suggest renaming this thread to something like "Truescan application detection - do you use it or should we remove it from SEP".  That would get people's attention.

Ghe21's picture

truscan can detect  a internet proxy like ultrasurt by truscan

Nel Ramos's picture

I agree with RickJDS...
better put this on the Ideas list..
I would be voting on its perpetuity...

thanks..

Nel Ramos