Good Day!

We are having problems on virus that cannot detect by Symantec Endpoint Protection 12.1. We purchase the said anti virus to remove the virus that the clients have. But still upon install, update, and scan the drives it did not detect the virus. On specific drive it creates system3_ and <folder name>.exe application but symantec did not recognize it as virus. Please help us how to remove that virus.

Thanks,

You cn scan your system symhelp tool

How to run the Threat Analysis Scan in Symantec Help (SymHelp)

See mithun articles

Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team

https://www-secure.symantec.com/connect/articles/using-symantec-help-symhelp-tool-how-do-we-collect-suspicious-files-and-submit-same-symante

Hi!

I submitted the suspicious file for you to examine and investigate.

Thanks

Kindly remove that virus entry from here.

You can submit it to symante security technical supprt for examine it.

Here is the link of that site

https://submit.symantec.com/retail

They can examine and arrange the solution to remove it.

Addon you can run the threat analysis symhelp tool and submit the report to security team

http://www.symantec.com/docs/TECH215519

It will scan all the file and if any file which is infected and pending in system. It can share the report to symantec to release the defintion to clean it.

Please remove suspicious file

You can submit suspicious file here

For Retail License Holders

How can i remove the attached file?

I have reply your comments so you can't able to edit your comments,Suspicious file will be removed by Symantec Employee or admin.

You can submit your Suspicious file below URl.

For Retail License Holders

ok thanks

Hi dbl_ists,

The threats of this world have enough ways to spread already- please do not attach suspected malware samples to the forum! &: )   Here's an article that will help getting samples to the team which can process them:

Symantec Insider Tip: Successful Submissions!
https://www-secure.symantec.com/connect/articles/symantec-insider-tip-successful-submissions

Once you have submitted the file through the portal to Security Response, please either post the Tracking Number here or PM it to me?

With thanks and best regards,

Mick

Hi!

Here's the tracking #38609328

Thanks

Many thanks!

SEP 12.1 detect that right now as "WS.Reputation.1" using Download Insight.  I have asked Security Response to examine the file and add a traditional Av protection against it too, if necessary.

Here's a brief video on how Insight works

Threat Visualization
https://www.youtube.com/watch?v=XTCkb_cd04w

Here's another on the various security features in SEP 12.1... please do make sure that computers are protected by all these available components rather than just AV alone!

Move Beyond Antivirus with Intelligent Security
https://www.youtube.com/watch?v=na0PPbYsxMk

I'll update this thread again later on.

All the best,

Mick

File deleted.

Symantec detects both of them.
 

Hi again,

That file (MD5 87C08D0EBFFFDB9B919D4C24DA7A6061) has been confirmed to be malicious by Symantec Security Response.  It is a new variant of the W32.Imaut family.

Protection is added in Rapid Release sequence 157041 and above.  These new definitions are being posted now to ftp://ftp.symantec.com/public/english_us_canada/antivirus_definitions/norton_antivirus/rapidrelease/sequence/157041/

(Allow some time for them to be posted and replicated to all FTP servers worldwide.)

This article will help to deploy this protection throughout the organization:

How to update definitions for Symantec Endpoint Protection Manager (SEPM) using a .jdb file
Article URL http://www.symantec.com/docs/TECH102607

And, of course, that detection will be added to the set of certified definitions available via LiveUpdate later on today.

Please update this thread with news of whether a scan with these new definitions has successfully removed that threat in your environment! &: )

With thanks and best regards,

Mick

Hi dbl_ists,

Just wondering if you were able to resolve the infection?  This thread is still marked "needs solution." Please do update this thread when time allows.

With thanks and best regards,

Mick