I'm in a school system converting from Mcafee to SEP. We have used the capabilities of McAfee in the past to block files that while not viruses perse we do not allow to run on machines in the district (things like u3). While we can use other methods like active directory to block some of these files, antivirus in the past has provided an easy solution for finding files using a specific name and either block/quarantine/delete/log depending on what we are trying to do.
My main goal here in posting a question is how do I add to SEP a file name to detect during scans and provide me the standard options (log, quarantine, delete) for said filename. In this case, it is one of the files used in Safyway.blogspot trojan (more information here:
http://net-studio.org/application/safyway-blogspot.php), and if a computer has the virusremoval.vbs file I want it gone. The computers in question are all Windows 2000/XP. Multiple machines are becoming infected (we have taken other measures with the users accounts to prevent further infection) and only on the machines we have transitioned to Symantec, the McAfee protected machines seem to be unaffected. For this particular virus SEP has not detected nor cleaned the machines.