> Enterprise > Symantec Power Eraser User Guide

Symantec Power Eraser User Guide

Symantec Power Eraser is the latest Symantec Recovery tool. The tool is aimed at the detection and clean-up of "zero-day" threats as well as other threats which may have infected the user’s system. Zero-day threats are those that take advantage of a newly discovered hole in a program or operating system before the developers have made a fix available – or before they are even aware that a hole exists.

How to Remove a Threat Using Symantec Power Eraser

  1. Start your Symantec antivirus program and make sure that it is configured to scan all the files.
    • Upon installation, select "Symantec Power Eraser" as shown in the diagram below.

  2. Press Next to install Symantec Power Eraser. When prompted, select Scan to begin the scan.
    • NOTE: If you suspect a rootkit infection, check the "Add bootlog rootkit analysis" box.
  3. When the scan completes, note what files were identified (some legitimate files may be identified) and select any suspicious programs you wish to remove and click Fix (this will cause the system to reboot). You may wish to select to save a copy of the log records to the desktop.
  4. Have the user continue to operate their computer and perform any specific behaviors that would normally cause the symptoms to appear.
  5. If no further symptoms are seen, recommend that the user update their Virus Definitions and run a complete system scan.

How to Undo a Change Threat Using Symantec Power Eraser

  1. Launch the Symantec Endpoint Protection Support tool and select Symantec Power Eraser.
  2. When prompted, select Restore.

  3. Select the repair session you wish to review.
  4. Select the individual file(s) you wish to restore and click the Restore button.


  1. Is Symantec Power Eraser (SPE) safe to use on a windows server?
    • Yes.
  2. What ports need to be open?
    • We recommended that in order to get SPE to work on a restricted network, you will need to open all http and https traffic from * and *
  3. When should I use the product in safe mode with networking vs. regular mode?
    • The tool should be run in normal mode first. Some threats block the tool from running in normal mode or block all exe files from running. In these cases, a second attempt should be made by running the tool in safe mode with networking.
  4. What threat families is the tool most effective at remediating?
    • SPE is effective against known and unknown threats with the exception of file infectors.

Consider Using Symantec Power Eraser when:

You have an outbreak on a small number of workstations or windows servers
The user describes symptoms of Fake/Rogue AV such as:
  • A reoccurring pop up notification
  • Alerts indicating that they are infected
  • Prompts to register (buy) the solution
  • Fake Blue Screen Of Death messages
Important to note, Symantec Power Eraser:
  • Is not a solution to be deployed or implemented on large scale outbreaks.
  • Is not a replacement for regular daily AV scanners.
  • Will go through the process of rebooting the machine up to 2 times if it suspects that the machine is infected with malware, using the remediation workflow.
  • Will not protect against re-infection. Users should verify that their Symantec product is receiving updated virus definitions. This will ensure they are protected.

The Benefits of Running Symantec Power Eraser

  • Expedites your helpdesk team process by using Symantec Power Eraser as a first response remediation tactic.
  • Reduces employee downtime by allowing users to return to work more quickly.
  • Requires no backup and restoring of files as compared to the reimaging of systems.
  • Common alternatives such as either individual threat remediation with threat specific remediation tools, or reimaging of the workstations and restoring files require more time and decreases productivity of the helpdesk team and the impacted employee.
STAR Antimalware Protection Technologies
Internet Security Threat Report: Mid-Term Report
Prevent Information Loss and Theft: Let Symantec help protect your business.  Shop Now