Hi All

I have a client with Win 7 Sp1 and SEP 12.1 with latest Definistions. Full scan shows that the PC is clean. When the technician on site uses malwarebytes it picks up "PUP.Software.Updater". Any ideas why Symantec would mis this or ignore this?

Idelly you should not use two AV active on a single machine.

Symatnec would pick up other AVs sometimes. if you still want to use that then you need to exclude that file under centralized exception

Creating Centralized Exceptions Policies in the Symantec Endpoint Protection Manager 12.1

http://www.symantec.com/business/support/index?page=content&id=TECH183201

Not sure nut I think you misunderstood. I am wondering WHY SEP does not pick up the virus.

I'm sorry I totally misread that. Please submit the sample to symantec for further analysis. 

What to do when a competitor's antivirus, adware scanner, or spyware scanner detects a threat that Symantec AntiVirus does not detect

You will  need to submit the sample to security response

http://www.symantec.com/security_response/submitsa...

Using Symantec Help (SymHelp) Tool, how to Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

http://www.symantec.com/docs/TECH203027

https://www-secure.symantec.com/connect/articles/using-symantec-help-symhelp-tool-how-do-we-collect-suspicious-files-and-submit-same-symante

Look this discussion

https://www-secure.symantec.com/connect/forums/virus-file-system

Hi,

It might be a false positive by other antivirus.

Folowing point is very important in this article: http://www.symantec.com/docs/TECH99494

Be aware that third-party antivirus products are often designed with a different purpose in mind, and therefore employ a different scope of detection. Symantec security products such as SAV and Symantec Endpoint Protection (SEP) are intended to balance detection of legitimate threats with a level of false positive detection acceptable to enterprise-class computing environments with thousands or even hundreds of thousands of seats. A repair tool-type product that runs on a single machine and is not centrally monitored or managed may be far more aggressive - thus detecting some threats that SAV or even SEP may not - but often at the cost of a much higher false positive detection rate, sometimes as high as 40%. When evaluating the detection performance of antivirus products, it is important to understand that a straight apples-to-apples comparison between such third-party products and SAV or SEP is not valid, because the high false positive detection rate associated with such products would have an unacceptable impact on a large computing environment.

However to get it assured submit the suspicious files to Symantec security response team for further analysis.

Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files in SEP 12.1  and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/using-symantec-help-symhelp-tool-how-do-we-collect-suspicious-files-and-submit-same-symante

Symantec Help (SymHelp)

http://www.symantec.com/docs/TECH170752

You can scan the machine using Symantec power eraser tool also.

Use Power Eraser to detect threat and remove them

http://www.symantec.com/theme.jsp?themeid=spe-user-guide

Hi

Please log a case with Symantec on 0008004401457 and submit the file to Security Response for analysing

Regards

What is the installer?

"PUS" stands for Potentially Unwanted Software which doesn't necessarily mean it is bad. Not sure which AV you used but other AV vendors could handle this differently.

But to be safe I would submit to Symantec for review

https://submit.symantec.com/websubmit/gold.cgi

the technician used malwarebytes to scan.

Virus that was picked up - PUP.Software.Updater

I will submit the files to Symantec.

Hi,

It is better to upload susspect file to symantec.

https://submit.symantec.com/websubmit/gold.cgi

Thanks

Hello,

Submit the Suspicious file to Symantec Security Response Team on 

https://submit.symantec.com/websubmit/essential.cgi

We also offer a self-service site to analyze files, at http://www.threatexpert.com, which can give you more information on the files you submit to it.

I would suggest you to work on the Steps provided in the Article:

What to do when you suspect that a Symantec AntiVirus product is not detecting viruses

http://www.symantec.com/docs/TECH99222

Scanning a file with a competitor's antivirus program detects a virus, but scanning with Symantec AntiVirus or Symantec Endpoint Protection does not

http://www.symantec.com/docs/TECH98929

Later, incase of suspicious activity still happening, then follow the steps provided in the Article below:

Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

Here's some advice from Security Response on how to make the best use of SEP.  Auto-Protect with traditional AV derfinitions alone is not enough for a complete defence against today's sophisticated threats: using IPS, Insight etc is crucial.  And, of course, educated users following best security practice... that';s the best protection.

http://www.symantec.com/theme.jsp?themeid=stopping_malware&depthpath=0

Hope that helps!!