According to the article : https://www-secure.symantec.com/connect/blogs/trojanpoweliks-threat-inside-system-registry there are 2 IPS signatures available listed as the folllowing:
Intrusion Prevention
I have located both signatures in SEP 12 except that System Infected: Trojan.Powelik Activity is not available in SEP 11. Does anyone know if this is only applicable to SEP 12 and not SEP 11 for this definition.?
Thanks
Yes it can applicable in 11.x as well
http://www.symantec.com/security_response/definitions/multipledaily/detail.jsp?mdid=2014-08
http://www.symantec.com/security_response/writeup.jsp?docid=2014-080408-5614-99
@AJ_01 - How come the one signature it isn't displayed on the IPS signatures list on SEP 11 console?
That's interesting, should be available for both. May want to check in with support.
Seen that behavior before on a SEPM on v.11 with other IPS signatures. Agree with .Brian, but would certainly be moving any SEP 11 client to a SEPM on 12.1.5. January 05th, 2015 is fast approaching....
Already started doing that. Thanks. Customer informed that SEP 11 needs to be either removed from environment or upgrade to SEP12.
Just a quick note that may be of interest to those who find this thread via a search: Symantec now offers a tool that can help, in addition to our AV and IPS signatures.
Trojan.Poweliks Removal Tool http://www.symantec.com/security_response/writeup.jsp?docid=2014-111020-0511-99
Hope this helps! &: )
Mick