Video Screencast Help

Virus cleanup exercise

Created: 04 Oct 2012 • Updated: 05 Oct 2012 | 3 comments
ThaveshinP's picture
This issue has been solved. See solution.

ANyone have ideas as to what goes into doing a virus cleanup exercise besides the following:

1) Updated virus def's

2) SEP 12.1RU1Mp1 client installed

3) Policies reviewed and updated

4) IPS and SONAR enabled with SIC

5) Admin defined scans - daily for a week?

 

Comments 3 CommentsJump to latest comment

Ashish-Sharma's picture

HI,

You can choose

1) Updated virus def's.

2) Policies reviewed and updated

3) IPS and SONAR enabled with SIC

4) Latest Windows Patches.

5). Admin System Scan daily.

 

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

How to troubleshoot FakeAV if it is not detected

 

Secondly, about the Tools like Power Eraser, I would recommend you to check this Thread:

https://www-secure.symantec.com/connect/forums/need-virus-removal-tool

 

Security Best Practice Recommendations

http://www.symantec.com/docs/TECH91705

Best practices for responding to active threats on a network

http://www.symantec.com/docs/TECH122466

Security Response recommendations for Symantec Endpoint Protection settings

http://www.symantec.com/docs/TECH122943

Best Practice when Symantec Endpoint Protection or Symantec AntiVirus is Detecting a File that is Believed to be Safe

http://www.symantec.com/docs/TECH98360

https://www-secure.symantec.com/connect/forums/your-system-infected-symantec-tools-help-clear-infection

 

 

Thanks In Advance

Ashish Sharma

 

 

.Brian's picture

These are subjective and can vary from company to company. Yours is pretty standard. You many want to tighten up some other policies after the fact, eg. gpo, removable device lockdown, etc.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture

Hello,

Make sure to review some of the Symantec Best Practices:

http://www.symantec.com/business/theme.jsp?themeid=stopping_malware

Also, tighten up security on the SEP client. Out of the box settings do not cut it:

http://www.symantec.com/business/support/index?page=content&id=TECH122943

Also, Check this Thread: https://www-secure.symantec.com/connect/forums/why-endpoint-security-not-catching-most-malware

Suggestions:

1) Make sure ALL Computers are installed with Symantec EP with latest / updated with virus defintions.

2) Install ALL Latest Microsoft Secuirty Patches / Sevice Packs on ALL machines.

3) Make sure all the client machines are using the Latest Vendor Patches installed.

3) Disable Auto play with GPO

http://support.microsoft.com/kb/953252

4) Scan ALL the machines...

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SOLUTION