HI All,
We have around 1500+ clients since two months we are facing the virus issue,
Before two months we observe some .exe is generating on our fileservers share folder where all user are connected all folders mapped to users no other user can open others folder.
I submitted all the files to Symantec Security Response Team and the detected the virus as W32.Harakit.
We run the rapid release on SEPM server and also schedule the full scan on all clients and then all unwanted .exe are deleted,
But till now we are facing the same issue, some unwanted .exe, khs, khq and khs files are generating day by day,
We submit .exe files many times but it shows to be clean, if it is clean I don't know how its came back after few hours,
All khr, khq and khs files are zero bytes files that is y no detection were found,
We already open a case in support but no solution they are still analyzing the logs,
We given all logs LoadPoint, Esug latest version and Process Monitor.
After that they suggested to enable NTP on fileserver, it is very risky for us because this is our 24x7 production server,
But we take a risk and install NTP on that server to find out the source of attack,
But this is all fail no result were found,
And then again support people taken the process monitor logs for re-analyzing.
This is very bad that Its above two months gone but NO solution from Symantec.