Endpoint Protection

Hi All, can anyone help me why is this occuring. VBS.Dunihi!lnk detected in email attachment but not detected by SEP.
In Microsoft Outlook it was detected as Worm:VBS/Jenxcus!lnk but in symantec it was detected as VBS.Dunihi!lnk.

Hello,

Undetected files should be submitted to Symantec Security Response for examination, after the computer upon which they are found has been isolated.  Some good articles:  

Best Practices for Troubleshooting Viruses on a Network

http://www.symantec.com/docs/TECH122466

Scanning a file with a competitor's antivirus program detects a virus, but scanning with Symantec Endpoint Protection does not

http://www.symantec.com/docs/TECH98929

How to Use the Web Submission Process to Submit Suspicious Files

http://www.symantec.com/docs/TECH102419

It is not recommended to run more than one AV scanner at a time.  If more than one program is attempting to access, scan, and perform actions on a file, then malfunctions can result.

Should you run more than one antivirus program at the same time?

http://www.symantec.com/docs/TECH104806

Here's an article that will help getting samples to the team which can process them:

Symantec Insider Tip: Successful Submissions!

https://www-secure.symantec.com/connect/articles/symantec-insider-tip-successful-submissions

Regards,

Can you please clarify? You said it's not detecting it in the title but SEP is detecting it?

Hi P-nhoy,

Can you provide any additional information?  Was the detection made by SEP or another vendor's product? Hopefully it was caught by a dedicated mail security product- SEP is a line of defense against mail-borne threats but it is not the best defense.

Support Perspective: W97M.Downloader Battle Plan
https://www-secure.symantec.com/connect/articles/support-perspective-w97mdownloader-battle-plan

If it was detected, can you get the hash from the logs?  With that you can check if Symantec detects that file.

Does Symantec Detect This: An Illustrated Guide to Public Hash Submission
https://www-secure.symantec.com/connect/articles/does-symantec-detect-illustrated-guide-public-hash-submission

With thanks and best regards,

Mick

Did a detection occur on the mail server or on the client?  If its on the client and the VBS.Dunihi!lnk detection has reported it should have dealt with the virus at first contact although a full scan is never a bad idea as a precausion.

Hi P-nhoy,

Just a ping to see if you have an update?  "Thread Needs Solution "

With thanks and best regards,

Mick

Hi All, Thanks for your help. I have a question. We have many cases now that the SEP fails to detect some virus but in microsoft outlook it is detected. Can you tell me why is this happening ?

Are you referring to Outlook Auto-Protect is catching it? If so, it doesn't really make sense as this is a SEP component making the detection. Or are you using something else for Outlook protection? Please clarify...

Hi Brian, Here is Sample

Were using something else for outlook protection.

Then whatever you use for Outlook is detecting and removing before it gets to the local client and scanned by SEP. SEP doesn't have the opportunity to scan it because it never makes it to the local client. I don't see this as being an issue and is expected when multiple layers of protection are in place.

Maybe they were using other computer using our domain email (outlook anywhere) so that's why there's no detection at all in their designated PC's.
I have run a full scan on the computer but no detections.