截屏视频帮助

Virus cleanup exercise

创建时间: 04 10 月 2012 • Updated: 05 10 月 2012 | 3 条评论
ThaveshinP 的图片
此问题已解决。 请查看解决方案。

ANyone have ideas as to what goes into doing a virus cleanup exercise besides the following:

1) Updated virus def's

2) SEP 12.1RU1Mp1 client installed

3) Policies reviewed and updated

4) IPS and SONAR enabled with SIC

5) Admin defined scans - daily for a week?

评论 条评论跳转至最新评论

Ashish-Sharma 的图片

HI,

You can choose

1) Updated virus def's.

2) Policies reviewed and updated

3) IPS and SONAR enabled with SIC

4) Latest Windows Patches.

5). Admin System Scan daily.

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

How to troubleshoot FakeAV if it is not detected

 

Secondly, about the Tools like Power Eraser, I would recommend you to check this Thread:

https://www-secure.symantec.com/connect/forums/need-virus-removal-tool

Security Best Practice Recommendations

http://www.symantec.com/docs/TECH91705

Best practices for responding to active threats on a network

http://www.symantec.com/docs/TECH122466

Security Response recommendations for Symantec Endpoint Protection settings

http://www.symantec.com/docs/TECH122943

Best Practice when Symantec Endpoint Protection or Symantec AntiVirus is Detecting a File that is Believed to be Safe

http://www.symantec.com/docs/TECH98360

https://www-secure.symantec.com/connect/forums/your-system-infected-symantec-tools-help-clear-infection

Thanks In Advance

Ashish Sharma

Brɨan 的图片

These are subjective and can vary from company to company. Yours is pretty standard. You many want to tighten up some other policies after the fact, eg. gpo, removable device lockdown, etc.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi 的图片

Hello,

Make sure to review some of the Symantec Best Practices:

http://www.symantec.com/business/theme.jsp?themeid=stopping_malware

Also, tighten up security on the SEP client. Out of the box settings do not cut it:

http://www.symantec.com/business/support/index?page=content&id=TECH122943

Also, Check this Thread: https://www-secure.symantec.com/connect/forums/why-endpoint-security-not-catching-most-malware

Suggestions:

1) Make sure ALL Computers are installed with Symantec EP with latest / updated with virus defintions.

2) Install ALL Latest Microsoft Secuirty Patches / Sevice Packs on ALL machines.

3) Make sure all the client machines are using the Latest Vendor Patches installed.

3) Disable Auto play with GPO

http://support.microsoft.com/kb/953252

4) Scan ALL the machines...

Hope that helps!!

Mithun Sanghavi
Associate Security Architect

MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

解决方案