Endpoint Protection

 View Only

  • 1.  SEPM home security status

    Posted Aug 10, 2009 04:32 PM
    does anyone have any idea why the computers (even if the Symantec just detects viruses,threats . i.e from flash ) are considered as infected while the virus is just in the flash and didnot transfer to the computer itself. it is hust a detection process but the SEPM consider the PC as an infected one.


    thanks


  • 2.  RE: SEPM home security status

    Posted Aug 10, 2009 04:51 PM
    If  a computer goes to the page that is infected, SEP detects the threat and reports it to the Manager.  This is all be design.  Even if SEP stops the infection, you are still notified via the manager.  If you need to clear the infected status, you can do it via the SEPM

    Also if Flash is being seen on the site, then the infected file would be saved as well, since it tranfers to the computer in order to view the Flash animation (I believe this to be true, I am not too proficient in Flash but I believe that is how it works)


  • 3.  RE: SEPM home security status

    Posted Aug 10, 2009 04:57 PM
    thanks for your reply b but what i meant by flash not the software  rather i mean USB flash device.


  • 4.  RE: SEPM home security status

    Posted Aug 10, 2009 05:06 PM

     

    .
    I think this is how it is designed to work.
    Because when your Flash ( USB ) Is connected to the machine & when any file on the Flash is been accessed then Auto protect Scan engine will detect it & will in turn inform the SEPM about the detection.  Hence will create an entry on the SEPM. And personally I think it should work like this.:)

    I hope this answers your question.


  • 5.  RE: SEPM home security status

    Posted Aug 10, 2009 05:09 PM
    thanks kavin, but why it consider the computer as ainfected one , where as this is just a detection and the threat doesnot infects the PC.


  • 6.  RE: SEPM home security status

    Posted Aug 10, 2009 05:11 PM
    Lol,
    Yes Kavin is correct, the USB Flash drive is considered to be another drive when it is put into the computer, just like a C: or D: etc.  So SEP will automatically scan and detect any threats on the drive when they are accessed. 
    This is definitely by design and is the safest and most secure way to deal with Flash drives.

    Thank you!



  • 7.  RE: SEPM home security status

    Posted Aug 10, 2009 05:13 PM
    but the Network admin should come to know on which machine the infected USB drive was connected.
    Ok I understand in this case the machine dint got infected but imagine a senario where the machine gets infected because of the USB drive. Then this option really helps the network Admin.


  • 8.  RE: SEPM home security status

    Posted Aug 10, 2009 05:30 PM
    ok thanks alot for this explanation .


    regards


  • 9.  RE: SEPM home security status

    Posted Aug 10, 2009 05:35 PM
    i have another question plz,

    why we have to manually remove any infection as suggested by symantec ,where as we have a synabtec engine that can heal those infection by (disinfection,quarantine,.....)

    and if we dont do so, what will happen?

    regards


  • 10.  RE: SEPM home security status

    Posted Aug 10, 2009 06:54 PM
    We need to manually remove an infection if that is non repairable threat ,that means the chnages made by the threat is not repairable hence there is no other option other then manually deleting the file.

    If this answers your question then please mark a solution for this thread.:)