Virus cleanup exercise
ANyone have ideas as to what goes into doing a virus cleanup exercise besides the following:
1) Updated virus def's
2) SEP 12.1RU1Mp1 client installed
3) Policies reviewed and updated
4) IPS and SONAR enabled with SIC
5) Admin defined scans - daily for a week?
Hello, Make sure to review
Hello,
Make sure to review some of the Symantec Best Practices:
http://www.symantec.com/business/theme.jsp?themeid=stopping_malware
Also, tighten up security on the SEP client. Out of the box settings do not cut it:
http://www.symantec.com/business/support/index?page=content&id=TECH122943
Also, Check this Thread: https://www-secure.symantec.com/connect/forums/why-endpoint-security-not-catching-most-malware
Suggestions:
1) Make sure ALL Computers are installed with Symantec EP with latest / updated with virus defintions.
2) Install ALL Latest Microsoft Secuirty Patches / Sevice Packs on ALL machines.
3) Make sure all the client machines are using the Latest Vendor Patches installed.
3) Disable Auto play with GPO
http://support.microsoft.com/kb/953252
4) Scan ALL the machines...
Hope that helps!!
Comments
HI, You can choose 1) Updated
HI,
You can choose
1) Updated virus def's.
2) Policies reviewed and updated
3) IPS and SONAR enabled with SIC
4) Latest Windows Patches.
5). Admin System Scan daily.
Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.
https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec
How to troubleshoot FakeAV if it is not detected
Secondly, about the Tools like Power Eraser, I would recommend you to check this Thread:
https://www-secure.symantec.com/connect/forums/need-virus-removal-tool
Security Best Practice Recommendations
http://www.symantec.com/docs/TECH91705
Best practices for responding to active threats on a network
http://www.symantec.com/docs/TECH122466
Security Response recommendations for Symantec Endpoint Protection settings
http://www.symantec.com/docs/TECH122943
Best Practice when Symantec Endpoint Protection or Symantec AntiVirus is Detecting a File that is Believed to be Safe
http://www.symantec.com/docs/TECH98360
https://www-secure.symantec.com/connect/forums/your-system-infected-symantec-tools-help-clear-infection
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
These are subjective and can
These are subjective and can vary from company to company. Yours is pretty standard. You many want to tighten up some other policies after the fact, eg. gpo, removable device lockdown, etc.
SEP Knowledge Base
Endpoint SWAT
Hello, Make sure to review
Hello,
Make sure to review some of the Symantec Best Practices:
http://www.symantec.com/business/theme.jsp?themeid=stopping_malware
Also, tighten up security on the SEP client. Out of the box settings do not cut it:
http://www.symantec.com/business/support/index?page=content&id=TECH122943
Also, Check this Thread: https://www-secure.symantec.com/connect/forums/why-endpoint-security-not-catching-most-malware
Suggestions:
1) Make sure ALL Computers are installed with Symantec EP with latest / updated with virus defintions.
2) Install ALL Latest Microsoft Secuirty Patches / Sevice Packs on ALL machines.
3) Make sure all the client machines are using the Latest Vendor Patches installed.
3) Disable Auto play with GPO
http://support.microsoft.com/kb/953252
4) Scan ALL the machines...
Hope that helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
Would you like to reply?
Login or Register to post your comment.