Endpoint Protection

 View Only

  • 1.  FakeAV and Botnets with SEP

    Posted Apr 22, 2011 01:38 PM

    We are currently running SEP 11.0 in our environment.  We also use a 3rd party solution that monitors traffic and alerts us when machines within our environment are infected with botnets, FakeAV and other malware.  These seem to be the more serious issues, but SEP does not pick any of it up.  Any advice?  Maybe with configuration?  

    Detailed explanations are greatly appreciated and screen shots of configuration would be helpful if possible.  Thank you!  



  • 2.  RE: FakeAV and Botnets with SEP

    Broadcom Employee
    Posted Apr 22, 2011 02:39 PM

    Hi,

    It is recommended to install all the Symantec features AV / PTP/ NTP with latest definitions.Always make sure that your computers are receiving definitions regularly.

    You can upgrade your product to latest built.

    You windows machines should have all the latest windows updates /Patches.

    Disable Autorun.

    Please follow best practice guide to handle virus issue.

    http://www.symantec.com/business/support/index?pag...

    Try to scan infected machines with power eraser tool, download SEP support tool to scan with power eraser.

    http://www.symantec.com/business/support/index?page=content&id=TECH134803

    If it came with clean result use Symantec Support Tool, check article - how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.  

    https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

    To download SEP support tool follow the link

    http://www.symantec.com/business/support/index?page=content&id=TECH134803

     

    Go through following thread as well.

    https://www-secure.symantec.com/connect/forums/windows-recovery-virus-removal



  • 3.  RE: FakeAV and Botnets with SEP

    Broadcom Employee
    Posted Apr 22, 2011 02:45 PM

    Hi,

    Check this article as well.

    http://www.symantec.com/connect/articles/how-troubleshoot-fake-av-if-it-not-detected



  • 4.  RE: FakeAV and Botnets with SEP

    Posted Apr 22, 2011 02:52 PM

    If you think you are infected with W32.Qakbot, Symantec created an Application and Device Control policy to help combat an outbreak of this threat by slowing down or eliminating its ability to spread from one computer to another.

     

    For details visit - http://www.symantec.com/security_response/writeup.jsp?docid=2009-050707-0639-99

     

    Best,

    Thomas



  • 5.  RE: FakeAV and Botnets with SEP

    Trusted Advisor
    Posted Apr 25, 2011 07:31 AM

    Hello,

    To answer your Question: Why isn't Symantec Detecting Threats?

    Read this:

     

    Scanning a file with a competitor's antivirus program detects a virus, but scanning with Symantec AntiVirus or Symantec Endpoint Protection does not

     

     

    Your Question: Is there something wrong with Symantec Endpoint Protection?

    Read This:

    What to do when you suspect that a Symantec AntiVirus product is not detecting viruses

     
     
     
    Your Question: These seem to be the more serious issues, but SEP does not pick any of it up.  Any advice?  Maybe with configuration? 
     
    On configuring the Symantec Endpoint Protection:
     
    Hardening Symantec Endpoint Protection with an Application and Device Control Policy to increase security
     
    About creating a plan to respond to viruses and security risks
     
     
    Configuring actions for known virus and security risk detections on Windows clients
     
     
     
     
     
    About the FakeAV and how to get the Suspicious files to make Symantec detect the same,
     
    Read the following:
     
     
    How to troubleshoot FakeAV if it is not detected
     
     
    Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the
    same to Symantec Security Response Team.
     
     
     
     
    Hope the above would provide you all your Answers!!!!