Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

XP Internet Security 2012

Created: 30 Dec 2011 | 2 comments
S3 Tech Guy's picture

I am a MSP and several clents of mine have been infected with the xp 2012 virus all of them have endpoint. Why is it that so many other AV programs have definitions for this virus and not symantec? This is costing my clients money and they are looking a me in a bad way because of this virus. The symantec AV does not detect it, block it or quarantine it. Will symantec come up with a solution or do I have to suggest to my clients to use another Brand of AV software?

Comments 2 CommentsJump to latest comment

Swapnil khare's picture

Hello S3 ,

Symantec was the first to Identify XP 2012 defs . However my suggestion would be if you samples of XP2012 Kindly submit then at https:\\submit.symantec.com\gold

You may like to contact support to do so .

If you do not have definitions for xp2012 for SEP it will be sent across to you by support once it is identified .

Install RR from Link below and upload .jdb on your SEPM and initiate full scan .

http://www.symantec.com/business/security_response...

 

this should remediate your problem again contact support for submission .

 

 

 

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

 

Mithun Sanghavi's picture

Hello,

It is important to understand the Rogue Antivirus / FakeAV (virus) to answer your question.

FakeAV is a detection for Trojan horse programs that intentionally misrepresent the security status of a computer. These programs attempt to convince the user to purchase software in order to remove non-existent malware or security risks from the computer. The user is continually prompted to pay for the software using a credit card. Some programs employ tactics designed to annoy or disrupt the activities of the user until the software is purchased. 

Check this Article:

How to troubleshoot FakeAV if it is not detected

https://www-secure.symantec.com/connect/articles/how-troubleshoot-fakeav-if-it-not-detected

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

Hardening Symantec Endpoint Protection with an Application and Device Control Policy to increase security
About the FakeAV, let me share some Symantec Knowledgebase Articles:
 

Does Symantec Endpoint Protection protect me from fake anti-virus programs?

http://www.symantec.com/docs/TECH122898

SEP and Norton Network Threat Protection/IPS Signature Naming Improvements

http://www.symantec.com/docs/TECH152794

 

The latest variant was discovered on the 01/01/2012. SEP should be catching these known threats, but remember when a new varient is released, SEP will not be able to catch it until a signature is written. Notice the increase in new threats this year, there are  three in the first two weeks. As always, be sure to have the latest definitions on all your systems.

http://www.symantec.com/business/security_response/landing/azlisting.jsp?azid=T

 

 

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.