Time to remove Autorun.inf and other "harmless" files.

This is long overdue.  As a client I don't expect my protection to appear to be politically correct.   I expect my protection to protect me.  Every organization goes through staff turnover.  The only consistent items are the defense systems left behind (certainly far more consistent than the rate of staff turnover).  These systems must do the best job they can to protect the company.

I will really appreciate to see Symantec finding most of the infection from memory stick that does not find now esp autorun.inf related infections

yep, long overdue... unfortunately some of the decision makers see this as SEP "not working" and guess what...

they would then just go with the other "inferior" AV product.  I think there should at least be an option to have autorun.inf removed or not,

or/and have the option to scan USBs when plugged in or not - again some other smaller AV packages are doing it,

so why cant SEP at least have the option (politically correct or not :)

G.

This is really a pain. One is tired of always trying to defend SEP from our furious clients because simple memory stick infections are not being picked up. All other AVs do except Symantec. what is going on here.?

This is something a lot of people have been talking about –technicians and decision makers. Having to then stand there uhm-ing and ah-ing not being able to give a valid reason for why something like this isn’t available from Symantec really leaves an uncomfortable feeling in my throat.

Autorun, reg entries etc. – detect and handle accordingly rather than just doing nothing.

As for scanning memory sticks automatically, I believe having this as an option and not necessarily a set, unchangeable feature is a must have.

If the technology is available and it is possible to implement the above, without compromising product stability, then the added functionality will only enhance the product.

Exactly !!!

I have not had a single client not complaining about the USB infections.  I always try to explain that once the file gets access real time scanning will detect the threat and cleaned it. But do they ever believe me....

The problem is users load stuff on their memory stick, take it to other companies like their service providers and BAM !!!

I agree. I would like to see such thing implemented in SEP

I totally agree: it would be a good idea to block autorun.inf as a default policy enforced by the SEP Manager. Otherwise, after its first installation the SEPM should propose a policy configuration wizard which goes through most popular issues, such as autorun.inf, blocking of certain peripherals, opening remote connection port etc. That's at least what I would like to see in the future.

This is good, you have hit the nail on the head. I am sure something good will come out of this. 

I don't even mind if it's only removing the REG entries, tasks, INFs, shortcuts etc. when it's removing the threat.

IOW: I don't expect the product to remove every last malicious reg entry, task, inf, shortcut etc ever created, just check the following: 

While threat is removed:

Check if any tasks exists pointing to the full path (and 8.3) of threat

Check common registry keys if any entry points exist to the full path (and 8.3) of threat

Check root of all drives if autorun.inf exists with full path (and 8.3) to threat

Etc.

Part of the definition set should be to remediate the virus correctly. If the virus is propagated through autorun.inf or scheduled tasks, this should be remediated by SEP. Meaning deleting any references to this virus , meaning means of propagation. If they dont get rid of this is creates a mechanism for new variants to still run as SEP might not detect it, plus the other side of this is that other vendors will detect these files as viruses creating a negative perception around SEP not working. We have received several complaints around this and it is about time Symantec start to listen to their customers! Microsoft and various other vendors remediate these files.

THIS IS LONG OVERDUE!!!!!!

I fully agree to this.

I also agree. And why can't SEP remove the reg entries? Why do you have to use a virus removal tool. These are the questions I get asked on a daily basis. Sure as an enterprise product it should do all these things

I Agree

I get clients telling me they do not trust the Symantec AV, reason is his colleague detect the AUTORUN.INF on his memory stick and therefore do not trust the product (PS his colleagues uses FREE AV tools) why can something this small not be FIXED. it is damaging the Symantec Products reputation and credibility.

Symantec should get it right otherwise all the other vendors are going to be ahead of them.

Good point.

Take a look at this app, free, small and painless removal of USB based threats

http://www.usb-guardian.com/