Endpoint Protection

 View Only

  • 1.  SymDiag vs. actual SEP?

    Posted Feb 06, 2017 11:18 AM

    Hey all.  I'm wondering, what is the point of SymDiag's Threat Analysis scan - is it for people that don't have a Symantec product installed?  I might ask the same for Power Eraser, if the asnwer is different. 

    I often see references from Symantec articles regarding specific malware varients saying to run power eraser, or run SymDiag's threat scan.  Yet, one would not have found the article in the first place, if a Symantec detection did not end up pointing them to it (in theory but also in practice in my case over the years).  So the question it begs is, does Symantec not put in all possible protections and scanning in SEP already?  Admittedly I'm not familiar with why Power Eraser is useful - I've used it in the past but only on systems that never had SEP to begin with because in my mind if you have SEP, why the hell would you need a seperate Symantec scanning tool, unless perhaps it leverages multi-vendor scanning like VirusTotal might or something but I don't see how that's possible since a free utility being more powerful than the paid product makes no sense. 

     

    Oh my :)



  • 2.  RE: SymDiag vs. actual SEP?
    Best Answer

    Posted Feb 06, 2017 11:21 AM

    You can use it for machines with or without SEP. Basically, it's detection methods are more 'aggressive' and can cause a higher false positive rate.



  • 3.  RE: SymDiag vs. actual SEP?
    Best Answer

    Posted Feb 06, 2017 01:10 PM

    What Brian said. PowerEraser that is included in SymDiag is very prone to false positives and requires manuel approval to remove whatever it detected.



  • 4.  RE: SymDiag vs. actual SEP?
    Best Answer

    Posted Feb 07, 2017 05:24 AM

    Hi MIXIT,

    The "Power Eraser" engine in SymDiag is quite aggressive. It is a useful tool when it is suspected that a threat is evading other SEP technologies.

    Using Today's SymDiag to Combat Today's Threats
    https://www.symantec.com/connect/articles/using-todays-symhelp-combat-todays-threats

    Note that is it also possible to remotely launch one of these scans on a SEP client from the SEPM.

    Starting Power Eraser analysis from Symantec Endpoint Protection Manager
    http://www.symantec.com/docs/HOWTO101745

    Please do update this thread with extra questions, or mark it solved if you have received your answer!

     



  • 5.  RE: SymDiag vs. actual SEP?

    Posted Feb 08, 2017 06:29 AM

    Hi MIXIT,

    Just a ping to see if you have additional questions?  The thread is still marked "needs solution."



  • 6.  RE: SymDiag vs. actual SEP?

    Posted Feb 08, 2017 09:09 AM

    Pong! 

    Thanks very mnuch for the info guys.  It's bothersome that while 4 or 5 replies occured, I only got one Symantec notification emailed to me.  No wonder so many threads go "unresolved" when they really were taken care of - odd. 

     

    Anyway good to know so the key talking points to a customer is the increase in false positive rates hence why it's not already a default part of the protection tech.  Ok who do I pay for this consultation?  The going rate is $500/post. right? 

     

    I will mark the thread solved with my thanks to you all. 



  • 7.  RE: SymDiag vs. actual SEP?

    Posted Feb 08, 2017 09:11 AM

    Notifications have been 'broken' for quite some time now - just an fyi on that. They work randomly.