Endpoint Protection

i received a scareware attachement today, and it pass through SEC scan. neither real time scan or manual scan detect this scareware file.

i understand Power Eraser may detect this, but i wish to know is there a way that SEC will auto detect such scareware?

this is result i uploaded the scareware file to VirusTotal.

results: Trojan.FakeAV

my SEC ver is 11.0.5002.333.

using 24 March 2011 virus definition file. 

Please submit the file to the Security Response as well:

https://submit.symantec.com/websubmit/retail.cgi <- if you do not have the Symantec contract

https://submit.symantec.com/websubmit/basic.cgi <- if you have the Basic Symantec contract

https://submit.symantec.com/websubmit/essential.cgi -< if you have the Essential Symantec contract

You can upload a single file or zip few files (no more than 9 and less than 10MB is required) - in this case, please do not configure the password for zip.

Here is a document which describes the process:

How to submit a file to the Security Response website
http://www.symantec.com/business/support/index?page=content&id=TECH134967

Hello,

First of all , I would recommend that you should have the latest definitions on your machines.

Again, Yes. the Suspicious Threat will be detected. Read the Below Article:

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

Symantec Support Tool is not a Scanning Tool, however, it may find the suspicious Files from your machine and may assist you Submitting the unknown and undetected files by Symantec as well.

Once you know the suspicious files, you could upload them to the Symantec Security Response Team and they would assist you with the same.

Well, in regards to why Symantec not detecting that Threat, you may read the Symantec Knowledgebase Article below:

Scanning a file with a competitor's antivirus program detects a virus, but scanning with Symantec AntiVirus or Symantec Endpoint Protection does not

http://www.symantec.com/business/support/index?page=content&id=TECH98929&actp=search&viewlocale=en_US&searchid=1301410542550

I would update your defs first then re-scan

I would increase the Bloodhound Level to "3". Please check all your AV settings, and make sure you are at the recommended levels.

Security Response recommends the following Scan Settings

 

Security Response recommends the following setting changes to Truscan for best protection

 

Taken From KB - http://www.symantec.com/business/support/index?page=content&id=TECH122943&locale=en_US

in fact that the SEP able to detect the virus, only when the def updated with 31 march db.

i'm also setting up the SEP to what cycletech suggested.

Mithun Sanghavi,

thanks for the article too.