Video Screencast Help

What's with Endpoint Still Not Blocking AV2009 and similar fake AV from running?

Created: 27 Jul 2009 • Updated: 22 May 2010 | 2 comments

Another user clicked on a fake AV warning message and it was allowed to run.
Why is this still happening?

Comments 2 CommentsJump to latest comment

David-Z's picture

Please submit a sample of the threat to Security Response so that it can be analyzed and added to our definitions.
https://submit.symantec.com/gold

Also, we may already have definitions available for the particular variant of this threat you are facing if you want to try out the latest Rapid Release definitions.

Title: 'Applying rapid release definitions to a Symantec Endpoint Protection (SEP) client.'
Document ID: 2008052116163448
> Web URL: http://service1.symantec.com/SUPPORT/ent-security....

On a positive note, the girlfriend was surfing facebook Saturday and Pav.exe was caught and blocked without issue before it was able to infect my PC. Granted I'm running Norton Internet Security 2009 for my home computers, but definitions to detect it would've been in SEP as well. =)

Hope that helps!

David Z.

Senior Principal Technical Support Engineer, Symantec Corporation

Enterprise Security, Mobility and Management