Endpoint Protection

 View Only

  • 1.  SEP installed but still getting Antivius XP Pro malware

    Posted Mar 10, 2010 07:52 AM
    I asked this question before but I don't think I got an answer.

    I have the latest SEP installed here with the Antivirus and Antispyware and the Proactive Threat Protection installed. The definitions are up-to date and Auto-Protect is enabled. But it's been happening a little to often lately where clients are getting this "Antivius XP Pro" malware taking over their system. Earlier this year I've had a few similar problems with "Virus Shield" doing this same thing. Why isn't SEP catching this? Is it not designed to catch malware? Am I missing a configuration somewhere? Is there another SEP app I don't have installed?

    Please help with some advice. Thanks.



  • 2.  RE: SEP installed but still getting Antivius XP Pro malware

    Posted Mar 10, 2010 07:55 AM
    did you run a full scan in safe mode?
     https://www-secure.symantec.com/connect/forums/antivirus-soft-malware-undetected-sav10-or-sep11-symantec-response


  • 3.  RE: SEP installed but still getting Antivius XP Pro malware
    Best Answer

    Posted Mar 10, 2010 08:02 AM

    Title: 'Scanning a file with a competitor's antivirus program detects a virus, but scanning with Symantec AntiVirus or Symantec Endpoint Protection does not'
    Document ID: 2000100610314948


    Best practices for responding to active threats on a network
    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010011510455048
     
    Security Response recommendations for Symantec Endpoint Protection settings
     
    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010020308592948
     
     
     


  • 4.  RE: SEP installed but still getting Antivius XP Pro malware

    Posted Mar 11, 2010 06:40 AM
    Hi Rafeeq,

    I wasn't looking for a way to remove the infection. For now In the case of the AV malware we just re-image the computer. What I'm looking for is an answer on how this infection made it through SEP and what settings in SEP I could configure to help prevent it from happening in the future.


  • 5.  RE: SEP installed but still getting Antivius XP Pro malware

    Posted Mar 11, 2010 06:43 AM
    Thanks. I'll look through these more thoroughly.


  • 6.  RE: SEP installed but still getting Antivius XP Pro malware

    Posted Mar 11, 2010 06:44 AM
    Went through the thread, seems like the defs are still not able to catch this malware. 


  • 7.  RE: SEP installed but still getting Antivius XP Pro malware

    Posted Mar 11, 2010 07:22 AM
    Hello,

    Symantec requires file samples to release definitions for the threat on your machine which it failed to identify.

    Analyse your computer for recently created files and folders and if you dont recognise them or they seem suspicious, please upload them to the link https://submit.symantec.com/essential.

    To search for suspicious files browse to the common load points and unhide the System files from "Folder Options". To know more on how to unhide the hidden files log on to:
    http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/win_fcab_show_file_extensions.mspx?mfr=true

    To know the comon loadpoints, refer the document
    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2001060517115206?Open&seg=ent


    Note: You may need a technical contact ID if you want to submit the suspicious files, which can be obtained from the software vendor or from Symantec technical support. Also go through the information on the bottom of the page before submitting the files.


    Hope this helps.