Message Image  

Endpoint Protection

 View Only

  • 1.  Vista Internet Security 2012

    Posted Jan 09, 2012 10:37 AM

    I had an infection of Vista Internet Security 2012.  I know that typically this type of Malware is downloaded and installed by the user, accidentally, then the Malware immediatley starts avoiding the installed antivirus program.  But I am curious as to why I could log into the computer under my profile, run a full system scan with Symantec, and it didnt detect anything.

    Also does anyone have the link to Symantecs site that describes what this malware is actually detected as, what it does, and if it steals information?

    Thanks in advance!!



  • 2.  RE: Vista Internet Security 2012

    Trusted Advisor
    Posted Jan 09, 2012 10:44 AM

     

    Hello,

    It is important to understand the Rogue Antivirus / FakeAV (virus) to answer your question.

    FakeAV is a detection for Trojan horse programs that intentionally misrepresent the security status of a computer. These programs attempt to convince the user to purchase software in order to remove non-existent malware or security risks from the computer. The user is continually prompted to pay for the software using a credit card. Some programs employ tactics designed to annoy or disrupt the activities of the user until the software is purchased. 

    Check this Article:

    How to troubleshoot FakeAV if it is not detected

    https://www-secure.symantec.com/connect/articles/how-troubleshoot-fakeav-if-it-not-detected

    Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

    https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

    Hardening Symantec Endpoint Protection with an Application and Device Control Policy to increase security

    http://www.symantec.com/docs/TECH132337

    About the FakeAV, let me share some Symantec Knowledgebase Articles:
     

    Does Symantec Endpoint Protection protect me from fake anti-virus programs?

    http://www.symantec.com/docs/TECH122898

    SEP and Norton Network Threat Protection/IPS Signature Naming Improvements

    http://www.symantec.com/docs/TECH152794

     

    The latest variant was discovered on the 01/01/2012. SEP should be catching these known threats, but remember when a new varient is released, SEP will not be able to catch it until a signature is written. Notice the increase in new threats this year, there are  three in the first two weeks. As always, be sure to have the latest definitions on all your systems.

    http://www.symantec.com/business/security_response/landing/azlisting.jsp?azid=T

     

     

    Hope that helps!!