See my thread here, to which there's been no response. The risk SPECIFICALLY TARGETED all Symantec LU files!! It was VERY specific like it knew what to hit, what to go after.
https://www-secure.symantec.com/connect/forums/attack-symantec-processes-lu-etc
It was the self-preservation (TAMPER PROTECTION) from SEP that alerted me to it, and I modified my custom application control piece to prevent any EXE from being created in the %userprofile%\local settings\application data\*\*.exe area.
It was targeting files here:
C:/Program Files/Symantec/LiveUpdate/LUALL.EXE
which would have crippled SEP's LU abilities had tamper protection not stopped it.
This is a trick used by BHOs, and other phony AV risks to get in when the user is a peon and not an admin. Install and run from the user profile area.
I was blocking only DLLs in that area, and now block the creating of EXE files as well (I've got an article written up on this from last year)
Yes, it can be a pain and you have to put in exclusions for some office products and valid applications, but IMO, anything INSTALLING to or running from the user profile is a risk until proven otherwise.
And on a similar topic - anyone like Google, etc. who installs there should be horse-whipped!
That does NOT comply with MSs original plan and leaves things open to great risks.
So I lock it down, and exclude only as needed. Never again will an EXE come in and start hammering away at SEP from that area, anyway.