Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

Virus detection technology in Symantec.

Created: 01 Nov 2012 | 7 comments

Hi all,

Can you please tell me how my client system detect a virus on my system.

Comments 7 CommentsJump to latest comment

.Brian's picture

About Auto-Protect scans

https://www.symantec.com/business/support/index?pa...

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture

Hello,

Check these Articles:

Information on Symantec Endpoint Protection Scans

How Symantec Endpoint Protection uses reputation data to make decisions about files

Security Technology and Response (STAR)

How the Insight Lookup process works

What's included in a Reputation Request made by the SEP 12.1 Reputation Engine?

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Nagesh Singh's picture

Thanks Mithun,

If support we have install SEP on the system and it started scanning and in case it will get some file (ABC.exe).

Then how our SEP decides whether this files are virus or not ,and which file it will use to I Identified it?

and  how it will give the name to that virus?

And also how it will fix that virus?

Thanks & Regards,

Nagesh Singh

 

.Brian's picture

The client has a list of known signatures that it can check and match to determine what virus it is.

It can clean it by removing the bad code or it can also delete or quarantine, depending on how you have your settings configured.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Rafeeq's picture

Definitions means set of know codes in the file.

it wil lookin files if it matches. based on what is found an associate name is given.

How it does exactly is Symantec internal. but this is the basics.

Nagesh Singh's picture

Thanks Refeeq,

I know definition file mean the code but how it will get executed?

Suppose I have started scanning then Rtvscan.exe started.

Then it will go to Common Files\Symantec Shared\VirusDefs and check for the latest definition.

Then after that what? Which are the files is use for that?

Is there any tools or any way to get the log for the same?

Thanks & Regards,

Nagesh Singh

 

Simpson Homer's picture

Hello Nagesh,

 

As mentioned by Rafeeq, he has given you the information about the meaning of definitions, and as mentoned the rest is Internal information and cannot be shared.