Endpoint Protection

 View Only

  • 1.  SEP 11.6 can't delete Folder name .exe virus

    Posted Oct 27, 2010 05:53 AM

    My company has symantec endpoint protection Security v.11 MR6 antivirus. From several months we are having problem with one virus which creates folder name with .exe files when double click on any folder. so far this is an old kind of virus but unfortunately many  machines got infected due to this. Our antivirus definition is updated up to date.but why SEP can't detec such an old virus?. even if we run scan on those infected folders,

    Please suggest how to clear this virus by SEP

     

    Fazle Elahi

    Systems Administrator

    Robi Axiata Ltd.



  • 2.  RE: SEP 11.6 can't delete Folder name .exe virus

    Posted Oct 27, 2010 06:04 AM

    submit the samples to symantec; they will create the signatures

    https://submit.symantec.com/websubmit/gold.cgi



  • 3.  RE: SEP 11.6 can't delete Folder name .exe virus

    Posted Oct 27, 2010 06:11 AM

    Run the Sep Support Tool and Submit all the suspected files



  • 4.  RE: SEP 11.6 can't delete Folder name .exe virus

    Posted Oct 27, 2010 10:23 AM

    Check to make sure you are runnning the recommended Security Settings. Security Response recommends the following Scan Settings
     

    Antivirus Security Setting Default Setting High Security Policy Security Response Recommendation
    Lock settings Some Some All
    Remediation: terminate processes No No Yes
    Remediation: terminate services No No Yes
    Auto-Protect action taken for security risks Quarantine/Log Quarantine/Log Quarantine/Delete
    Network Auto-Protect Disabled Enabled Enabled
    Bloodhound Level Default (2) Default (2) Maximum (3)

    Security Response recommends the following setting changes to Truscan for best protection
     

    Truscan Default Setting Security Response Recommendation
    Scan Sensitivity 9/Low 100
    Action on Detection Log Terminate
    Scan Frequency 1:00 00:15

    http://www.symantec.com/business/support/index?page=content&id=TECH122943&locale=en_US

     

    If you do not have a Gold level of support, you can submit the files to ThreatExpert. Symantec owns TE, so any files submitted there will be included in future Symantec detections.

     

    http://www.threatexpert.com/default.aspx