Virus detection technology in Symantec.
Created: 01 Nov 2012 | 7 comments
Hi all,
Can you please tell me how my client system detect a virus on my system.
Discussion Filed Under:
Hi all,
Can you please tell me how my client system detect a virus on my system.
Comments 7 Comments • Jump to latest comment
About Auto-Protect scans
https://www.symantec.com/business/support/index?pa...
SEP Knowledge Base
Endpoint SWAT
Hello,
Check these Articles:
Information on Symantec Endpoint Protection Scans
How Symantec Endpoint Protection uses reputation data to make decisions about files
Security Technology and Response (STAR)
How the Insight Lookup process works
What's included in a Reputation Request made by the SEP 12.1 Reputation Engine?
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
Thanks Mithun,
If support we have install SEP on the system and it started scanning and in case it will get some file (ABC.exe).
Then how our SEP decides whether this files are virus or not ,and which file it will use to I Identified it?
and how it will give the name to that virus?
And also how it will fix that virus?
Thanks & Regards,
Nagesh Singh
The client has a list of known signatures that it can check and match to determine what virus it is.
It can clean it by removing the bad code or it can also delete or quarantine, depending on how you have your settings configured.
SEP Knowledge Base
Endpoint SWAT
Definitions means set of know codes in the file.
it wil lookin files if it matches. based on what is found an associate name is given.
How it does exactly is Symantec internal. but this is the basics.
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
Thanks Refeeq,
I know definition file mean the code but how it will get executed?
Suppose I have started scanning then Rtvscan.exe started.
Then it will go to Common Files\Symantec Shared\VirusDefs and check for the latest definition.
Then after that what? Which are the files is use for that?
Is there any tools or any way to get the log for the same?
Thanks & Regards,
Nagesh Singh
Hello Nagesh,
As mentioned by Rafeeq, he has given you the information about the meaning of definitions, and as mentoned the rest is Internal information and cannot be shared.
Would you like to reply?
Login or Register to post your comment.