XP Internet Security 2012

Created: 30 Dec 2011 | 2 comments

S3 Tech Guy Partner

I am a MSP and several clents of mine have been infected with the xp 2012 virus all of them have endpoint. Why is it that so many other AV programs have definitions for this virus and not symantec? This is costing my clients money and they are looking a me in a bad way because of this virus. The symantec AV does not detect it, block it or quarantine it. Will symantec come up with a solution or do I have to suggest to my clients to use another Brand of AV software?

Discussion Filed Under:

Security, Endpoint Protection (AntiVirus) - 10.x, Endpoint Protection (AntiVirus), Emerging Threats, Performance

Group Ownership:

PartnerNet Group

Show Less

Comments RSS Feed

Comments 2 Comments • Jump to latest comment

Swapnil khare

XP Internet Security 2012 - Comment:30 Dec 2011 : Link

Hello S3 ,

Symantec was the first to Identify XP 2012 defs . However my suggestion would be if you samples of XP2012 Kindly submit then at https:\\submit.symantec.com\gold

You may like to contact support to do so .

If you do not have definitions for xp2012 for SEP it will be sent across to you by support once it is identified .

Install RR from Link below and upload .jdb on your SEPM and initiate full scan .

http://www.symantec.com/business/security_response...

this should remediate your problem again contact support for submission .

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Swapnil

Mithun Sanghavi Symantec Employee Technical Support Accredited

XP Internet Security 2012 - Comment:02 Jan 2012 : Link

Hello,

It is important to understand the Rogue Antivirus / FakeAV (virus) to answer your question.

FakeAV is a detection for Trojan horse programs that intentionally misrepresent the security status of a computer. These programs attempt to convince the user to purchase software in order to remove non-existent malware or security risks from the computer. The user is continually prompted to pay for the software using a credit card. Some programs employ tactics designed to annoy or disrupt the activities of the user until the software is purchased.

Check this Article:

How to troubleshoot FakeAV if it is not detected

https://www-secure.symantec.com/connect/articles/how-troubleshoot-fakeav-if-it-not-detected

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

Hardening Symantec Endpoint Protection with an Application and Device Control Policy to increase security

http://www.symantec.com/docs/TECH132337

About the FakeAV, let me share some Symantec Knowledgebase Articles:

Does Symantec Endpoint Protection protect me from fake anti-virus programs?

http://www.symantec.com/docs/TECH122898

SEP and Norton Network Threat Protection/IPS Signature Naming Improvements

http://www.symantec.com/docs/TECH152794

The latest variant was discovered on the 01/01/2012. SEP should be catching these known threats, but remember when a new varient is released, SEP will not be able to catch it until a signature is written. Notice the increase in new threats this year, there are three in the first two weeks. As always, be sure to have the latest definitions on all your systems.

http://www.symantec.com/business/security_response/landing/azlisting.jsp?azid=T

Hope that helps!!

Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3

Twitter: @mithun_sanghavi

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a

XP Internet Security 2012

Comments 2 Comments • Jump to latest comment

Would you like to reply?

Links