Can you please tell me how my client system detect a virus on my system.
"Fine words! I wonder where you stole 'em." - Johnathan Swift
Check these Articles:
Information on Symantec Endpoint Protection Scans
How Symantec Endpoint Protection uses reputation data to make decisions about files
Security Technology and Response (STAR)
How the Insight Lookup process works
What's included in a Reputation Request made by the SEP 12.1 Reputation Engine?
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3
Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.
If support we have install SEP on the system and it started scanning and in case it will get some file (ABC.exe).
Then how our SEP decides whether this files are virus or not ,and which file it will use to I Identified it?
and how it will give the name to that virus?
And also how it will fix that virus?
Thanks & Regards,
The client has a list of known signatures that it can check and match to determine what virus it is.
It can clean it by removing the bad code or it can also delete or quarantine, depending on how you have your settings configured.
Definitions means set of know codes in the file.
it wil lookin files if it matches. based on what is found an associate name is given.
How it does exactly is Symantec internal. but this is the basics.
I know definition file mean the code but how it will get executed?
Suppose I have started scanning then Rtvscan.exe started.
Then it will go to Common Files\Symantec Shared\VirusDefs and check for the latest definition.
Then after that what? Which are the files is use for that?
Is there any tools or any way to get the log for the same?
As mentioned by Rafeeq, he has given you the information about the meaning of definitions, and as mentoned the rest is Internal information and cannot be shared.