Video Screencast Help

Virus cleanup exercise

Created: 04 Oct 2012 • Updated: 05 Oct 2012 | 3 comments
ThaveshinP's picture
This issue has been solved. See solution.

ANyone have ideas as to what goes into doing a virus cleanup exercise besides the following:

1) Updated virus def's

2) SEP 12.1RU1Mp1 client installed

3) Policies reviewed and updated

4) IPS and SONAR enabled with SIC

5) Admin defined scans - daily for a week?

Comments 3 CommentsJump to latest comment

Ashish-Sharma's picture


You can choose

1) Updated virus def's.

2) Policies reviewed and updated

3) IPS and SONAR enabled with SIC

4) Latest Windows Patches.

5). Admin System Scan daily.

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

How to troubleshoot FakeAV if it is not detected


Secondly, about the Tools like Power Eraser, I would recommend you to check this Thread:

Security Best Practice Recommendations

Best practices for responding to active threats on a network

Security Response recommendations for Symantec Endpoint Protection settings

Best Practice when Symantec Endpoint Protection or Symantec AntiVirus is Detecting a File that is Believed to be Safe

Thanks In Advance

Ashish Sharma

ᗺrian's picture

These are subjective and can vary from company to company. Yours is pretty standard. You many want to tighten up some other policies after the fact, eg. gpo, removable device lockdown, etc.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture


Make sure to review some of the Symantec Best Practices:

Also, tighten up security on the SEP client. Out of the box settings do not cut it:

Also, Check this Thread:


1) Make sure ALL Computers are installed with Symantec EP with latest / updated with virus defintions.

2) Install ALL Latest Microsoft Secuirty Patches / Sevice Packs on ALL machines.

3) Make sure all the client machines are using the Latest Vendor Patches installed.

3) Disable Auto play with GPO

4) Scan ALL the machines...

Hope that helps!!

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.