Endpoint Protection

 View Only

  • 1.  Why doesn't Endpoint stop Anti Virus 2009 and its variants?

    Posted Jul 07, 2009 05:47 PM
    Why doesn't Symantec Endpoint  Protection 11 stop Anti Virus 2009 and its variants from installing on client computers? It seems to me that Endpoint should stop these programs before they even get as far as popping up on the client screen.


  • 2.  RE: Why doesn't Endpoint stop Anti Virus 2009 and its variants?

    Posted Jul 08, 2009 01:03 AM
    First of all this link will prove you wrong

    http://www.symantec.com/security_response/writeup.jsp?docid=2008-082521-2037-99&tabid=2

    Symantec is detecting Antivirus2009 from 16th,July 2008.
    This malware has more than 400 variants most of which is detected by Symantec.
    The few which are still not being detected you can help Symantec  and yourself by submitting the threat files to symantec
    at https://submit.symantec.com/basic
    once symantec will detect the variant which has infected you. SEP will remove it from all the infected computers at once and block it in future as well.


  • 3.  RE: Why doesn't Endpoint stop Anti Virus 2009 and its variants?

    Posted Jul 08, 2009 04:08 AM
     I agree, SEP can detect and stop it from infecting a machine in most cases...  Providing you deployed IPS and it's enabled.  


  • 4.  RE: Why doesn't Endpoint stop Anti Virus 2009 and its variants?

    Posted Jul 08, 2009 04:41 AM
    In most cases, in our company, it the fault of the user, when an ad is on a website. They accidentally click it to install AV 2009. We must train/educate our users on the web when dealing with pop-ups and ads.


  • 5.  RE: Why doesn't Endpoint stop Anti Virus 2009 and its variants?

    Posted Jul 08, 2009 04:46 AM
    See, The reason why the fake AV's are so successful is because they come bundeled in a good looking sophisticated package and depend upon the user for the install. If the user has the admin priveleges and is foolish enough to install it, then the AV can't do much about it. It's an MSI after all that is getting installed. Too many variants coming in for the fake AV's......As Vikram said, Submit the sample


  • 6.  RE: Why doesn't Endpoint stop Anti Virus 2009 and its variants?

    Posted Sep 25, 2009 09:58 AM
    Is there a way to block these via Application Control?  Does anyone have the Check SUM, sorry can't remember the tech term for it right now.


  • 7.  RE: Why doesn't Endpoint stop Anti Virus 2009 and its variants?

    Posted Sep 25, 2009 10:22 AM
    I've written an article on how to block BHOs and such, so you might check there.
    You will need to add exclusions and even additions blocks in it, but it's stopped some rogue stuff here.
    Forget checksums as those babies change every few hours! Block generically, add specific exclusions or exceptions - for example, I had to exclude Outlook and Word due to custom email signature HTML files folks here use, otherwise  I block most htings that attempt to install EXE, DLL and other files in the user profile area (common target today as even casual users have FULL RIGHTS there)