Endpoint Protection

 View Only

  • 1.  Trojan downloaders slipping by Endpoint

    Posted Sep 01, 2010 01:44 PM
    We seem to be getting more Trojan downloader risks slipping by Endpoint and most of these appear to be some type of java. Almost all of these are detected in the \Application Data\Sun\Java\Deployment\cache\6.0\ folders. Symantec is able to delete most of these.

    Is anyone else seeing this problem? Is there anything I can do to eliminate theses completely?




  • 2.  RE: Trojan downloaders slipping by Endpoint

    Posted Sep 01, 2010 01:52 PM
    Are you running IPS? Are you using the recommended Security settings on your Clients?

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010020308592948

    See the Security Best Practices - http://www.symantec.com/business/theme.jsp?themeid=stopping_malware&inid=us_sr_carousel_panel7_best_practices




  • 3.  RE: Trojan downloaders slipping by Endpoint

    Posted Sep 01, 2010 01:53 PM
    If they are getting Detected by Symantec then how are they getting skipped ?
    Make sure you have all the Latest Security Patches for Windows.


  • 4.  RE: Trojan downloaders slipping by Endpoint

    Posted Sep 01, 2010 03:56 PM
    I've changed the settings to match this document a couple of weeks ago and I think that this has definately helped. Some are being detected but show unable to remove or will only remove part.


  • 5.  RE: Trojan downloaders slipping by Endpoint

    Posted Sep 01, 2010 05:32 PM
    If the computer users are local admin, the computers will keep getting infected.


  • 6.  RE: Trojan downloaders slipping by Endpoint

    Posted Sep 01, 2010 11:21 PM
    How are the computers getting infected? Is SEP not detecting these files? If it is, then what action does it take? Could you please post your risk logs here?