Endpoint Protection

 View Only

  • 1.  Downloader.Ponik

    Posted Dec 02, 2014 04:22 PM

    We seem to have issues with this particular piece of malware.  SEP detects and blocks it, but the reinfection rate on certain machines is 50-60 times per day.  Do you know how I can block not just the execution, but the install also?  Clients are all at 12.1.5 and definition dates are all current.  

    This is not a new issue, I have just been frustrated by it enough to finally post about it.  



  • 2.  RE: Downloader.Ponik

    Posted Dec 02, 2014 04:25 PM

    My first question is do you have IPS enabled and up to date? There is an IPS signature available that will block the download, which stops it from getting onto the disk in the first place.

    You should also have Download Insight and SONAR enabled to block this threat. Are these components utilized as well?

    You may want to review your SEP security settings:

    Security Response recommendations for Symantec Endpoint Protection 12.1 settings

    http://www.symantec.com/docs/TECH173752

    Eliminating viruses and security risks

    http://www.symantec.com/docs/HOWTO27280

    Symantec Endpoint Protection – Best Practices

    http://www.symantec.com/page.jsp?id=stopping_malware

    Best Practices for Troubleshooting Viruses on a Network

    http://www.symantec.com/docs/TECH122466



  • 3.  RE: Downloader.Ponik

    Posted Dec 03, 2014 08:01 AM

    Hi MrMandM,

    If there is constant reinfection, then there is likely either something undetected on that computer or on the network, connected to that computer, which is constantly trying to put that malicious file into action.

    Here is the best article that will guide you through fighting this:

     

    Virus removal and troubleshooting on a network
    http://www.symantec.com/docs/TECH122466

     

    Hope this helps!  Please keep this thread up-to-date with your progress!

    With thanks and best regards,

    Mick