Video Screencast Help

"W32.Virut" VIRUS Problem

Created: 15 May 2013 | 3 comments

Dear Members, 

Recently we had observed that the number of risks associated to W32.Virut has increased enormously in our organisation. By analysing the articles on internet and recommendations , as given on Symantec Website, we applied a policy through Application and Device control feature. 

The detalis of the policy is given on this page. I have exactly replicated the policy in our environment.

http://www.symantec.com/security_response/writeup....

Now, when I was analysing the ramifications of this policy, I came to know that it is showing up various blocking messages now and then. 

For instance, there is a rule in the policy that when a *.exe file tries to change/access another *.exe file, it would block it. 

A nice example of it is when i copy a .exe file from my machine to a pendrive, it doesn't allow. It throws up a message that explorer.exe tries to modify .exe file so Symantec blocked it. 

My question is how i can mitigate the W32.Virut problem from our environment through this policy without having any false positives/negative consequences. One thing can be to add exception, but there are so many process affected by this policy that it would be difficult to add exception of the process which haven't been caught till now.

Any help would be highly appreciated. I am ready to provide more inputs, if required.

Thank you 

:)

Operating Systems:

Comments 3 CommentsJump to latest comment

W007's picture

hello,

Look this discussion

https://www-secure.symantec.com/connect/forums/vir...

https://www-secure.symantec.com/connect/forums/vir...

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

novice_sep's picture

Hi Manish,

I went through the articles but i couldn't find anything specific about the negative implications of this policy. I believe that this policy is ardent antidote for this virus, but my questions lies with how to get rid of the side effects of this policy.

You see, if i remove virus from my environment at the cost of something bigger then there is no meaning to remove that virus.

i am looking forward to more replies.

thank you