Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

Win 7 Security 2011

  • 1.  Win 7 Security 2011

    Posted Mar 31, 2011 04:56 PM

    Is anyone else seeing alot of the Win 7 Security malware hitting machines?  My helpdesk is reporting an that they have been getting alot of calls on this.  Symantec any idea on how to prevent it?

     



  • 2.  RE: Win 7 Security 2011

    Posted Mar 31, 2011 05:00 PM

    May be a new variant. Do you have a sample that you can submit to Security Response?

    http://www.symantec.com/business/security_response/submitsamples.jsp

    New signatures can then be created in an upcoming definition release.



  • 3.  RE: Win 7 Security 2011

    Posted Mar 31, 2011 05:02 PM

    no they have just been fixing it manually.   i have ask them to let me know when a new one comes in so I can get on the machine and call it in.   Is there a removal tool for this out yet?

     



  • 4.  RE: Win 7 Security 2011

    Posted Mar 31, 2011 05:06 PM

    There is no tool specifically for this threat. Try the Power Eraser utility, it is included in the SEP support tool.

    http://www.symantec.com/business/support/index?page=content&id=TECH134803&locale=en_US

     



  • 5.  RE: Win 7 Security 2011

    Posted Apr 01, 2011 02:19 AM

    Make sure the SEP definitions are latest. Try increasing the sensitivity of the Truscan Proactive threat protection.

    Also, run SEP support  tool-loadpoint on the infected computer, and  try  to upload the  logs here...



  • 6.  RE: Win 7 Security 2011

    Broadcom Employee
    Posted Apr 01, 2011 05:32 AM

    Hi,

    It is recommended to install all the Symantec features AV / PTP/ NTP with latest definitions.Always make sure that your computers are receiving definitions regularly.

    You can upgrade your product to latest built i.e RU6 MP3

    You windows machines should have all the latest windows updates /Patches.

    Apply application and device control policies, block USB etc.

    Disable Autorun.

    Please follow best practice guide to handle virus issue.

    http://www.symantec.com/business/support/index?page=content&id=TECH105236



  • 7.  RE: Win 7 Security 2011

    Trusted Advisor
    Posted Apr 01, 2011 11:22 AM

    Hello,

    You need to work on this immediately. Please check the Article and Submit the Suspicious files to the Symantec Security Response.

    Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

    https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec



  • 8.  RE: Win 7 Security 2011

    Posted Apr 01, 2011 11:57 AM

    As a side task, users should be educated on the dangers of FakeAV and what to look for and not do.



  • 9.  RE: Win 7 Security 2011

    Posted Apr 01, 2011 12:01 PM

    As Brian stated, education of the threat landscape is a must.

     

    See the Security Best Practices - https://www-secure.symantec.com/connect/forums/where-helloworld-testing-area#comment-5384701



  • 10.  RE: Win 7 Security 2011

    Posted Apr 04, 2011 06:27 AM

    This is maybe 1000th times we see this, making long story short this threat is an advanced fast updating threat distributed using different attack vectors. Symantec is not good at detecting it first hand but with help of limited user access + updated flash + updated java (if existed on client) + update adobe reader and utilizing SEP hardening application & device control policy you may reach a pretty safe ground.