Endpoint Protection

 View Only

  • 1.  Virus affected in workstation.

    Posted Dec 17, 2017 11:15 AM

    Hi All,

     

    Recently one of the workstion is being affected by the virus. I am not sure how to investigate the rootcause of the virus.

    I have took the sample of the file and put in a virus total and found that the reputation of that file is very bad.

    Immediately I have informed the concern team to remove  the affected machine from the network and ask them to reimage.

    Since it was workstation I have done this part as a soluction.

     

    But if it is server affected by the virus or worm. How to find the root cause and handle the situation.

     

    Kindly suggest.

     

    Regards,

    SRV

     



  • 2.  RE: Virus affected in workstation.

    Posted Dec 17, 2017 02:47 PM

    You can start with Risk Tracer:

    http://www.symantec.com/docs/TECH94526



  • 3.  RE: Virus affected in workstation.

    Posted Dec 18, 2017 12:16 AM

    Thank you for the article. I will enable it.



  • 4.  RE: Virus affected in workstation.

    Posted Dec 18, 2017 02:40 AM

    Hi S.R.V,

    Please do share some details about what threat this was-? If there is a link to virustotal that would help as well. This information might allow for an informed guess.  SEP is designed to block malware, not for digital forensics/incident response so it's unlikely that a 100% accurate answer will be possible.

    This article may help, too:

    The Day After: Necessary Steps after a Virus Outbreak
    https://www-secure.symantec.com/connect/articles/day-after-necessary-steps-after-virus-outbreak