Endpoint Protection

We have several clients that use Symantec Endpoint Protection due to our recomendations, that have had computers infiltrated with all kinds of "Fake AntiVirus" programs that Symantec just plain can not keep out or detect.

These programs disable Symantec and then do just as they please.

We have several clients that just use AVG free 8.5 and none, not one, have been infiltrated with these "Fake Antivirus" programs.

I find it odd that two programs that are free AVG and MalwareBytes both can detect these "Fake Antivirus" programs and Symantec (which is not cheap!) does nothing to stop and can not detect.

About a year ago I started to wonder about our loyalty to your product, when I call for support I get sent out of the country and many times, I can tell the people I talked to have no clue how to solve the issue. They are just following a check-list of client states X, ask this and do . . . . We are paying for Gold service on every account and we get less than acceptable service.

Are the days of Symantec/Norton being the BEST possible Antivirus/Malware program on the market over?

We called your support with this exact problem and your response was very unacceptable, you said that you did not have the rouge programs to test and that your program was the best at not falsing on non-virus/malware. I am pretty sure that all users would care for more false deleteing of real programs to save us from the crap you are letting through! We were told that we were not using the program correctly, we had a client with EVERY peice of your software turned on as per your website and it still got infected, why?

To say that this is frustrating, is a HUGE understatement. It makes us look bad for recomending your product.

Steve
(Not happy with what we are getting from YOU)

It is funny you bring this up. I recieved a call last night from a buddy that was getting a pop-up with a Fake AV install. He runs the free version of AVG, but it failed to detect this new variant.

As with all AV products, there ability to detect is based on signatures written for known variants. This Fake AV has had three new variants in this month alone. Always make sure you are running the latest definitions, if possible submit the files that are not getting detected so that Security Response can create the definitions needed to detect this threat.

See this thread -

https://www-secure.symantec.com/connect/forums/rogue-program-known-antivirus-live-sav-11-not-seeing-it

http://www.symantec.com/business/security_response/landing/azlisting.jsp?azid=T

Best,
Thomas

I have had several attacks from various fake AV programs that SEP has blocked with no problems. The users don't even get the pop-up. I can even get the IP address of the attacking site and which browser the user was using by looking up the attack details.

 Check this thread

http://www.symantec.com/connect/forums/sep-and-fakeav-rogueware

Title: 'What to do when a competitor's antivirus, adware scanner, or spyware scanner detects a threat that Symantec AntiVirus does not detect'
Document ID: 2001101708255048
> Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2001101708255048?Open&seg=ent

Not to bash on the competitor. But 2 Free AV softwares can't detect some of the viruses either. My dad's PC got infected and without me knowing, copied some files to my mom's Pc via network and we're having trouble removing it. Ended up reformatting one and ignoring the other (Owner is too busy). :P

Check your IPS policy settings. I have the default IPS policy enabled on all desktop/laptop and it is stopping the attacks. I also have the "Rick Tracer" enabled in the antivirus policies. These are the IPS settings.