Endpoint Protection

Hi,

I couldn't believe when I saw it, Most of free antivirus software knows how to handle this - but Symantec just ignores it.
I'm talking about the simple EICAR tests, downloading the eicar.com.txt was successfully completed and my browser shows me the content (this is a huge security risk to my opinion - Symantec popup claims access denied - as if it has no permissions to handle the malware).
Downloading the ZIP files were successfully saved on my PC and no warnings showed up.
Only the eicar.com file got fully blocked with no issues.

Can someone tell me what's wrong? is it me or just Symantec can't handle malware test?
I'm running SEP 11.0.6100.645 (64bit) on windows 2008 R2 64bit.

Thanks,
Shalom Cohen

If a virus file is present inside a zip file it cannot harm the system.putting a virus file inside a zip file is as good as keeping a person in the jail.Immediately after extraction SEP catches it means SEP is working fine....

First of all the zip file should get scanned as I've set it to 3 levels of compression scanning.
Second, it does not explain why the eicar.com.txt file is not blocked (the browser shows the string) meaning the malware is already at the desktop, this should never happen.

3 levels of compression scanning is applicable to a scheduled scan or manual scan not to auto protect....

Hi shaly_c,

SEP would not block .zip malware  files  from getting installed on the  computer. When try  try to execute, it is then when SEP auto-protect would scan it, and detect  it.

I can't speak to your situation because I don't have full details but EVERY AV company can detect/remove the eicar test string. If they can't, there is no way they should/will be in business. It's a rule of thumb in the AV world to be able to block eicar.

The only solution to the malware problem is to stop allowing software to self modify. The os and apps need to reside in ROM or the hardware equivalent such that NO malware can change it. ..