Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

Rogue Program Known as 'Antivirus Live' - SAV 11 Not Seeing It

  • 1.  Rogue Program Known as 'Antivirus Live' - SAV 11 Not Seeing It

    Posted Jan 14, 2010 09:06 AM
    Ok. Malwarebytes' Anti-Malware sees and removes this. It has been around since December. So why is SAV 11 not seeing this rogue program? It trashed one of our systems. SAV 11 was up to date and fully patched. This is not the first time this has happened.

    Is SAV 11 finally updated to see and remove this program?


  • 2.  RE: Rogue Program Known as 'Antivirus Live' - SAV 11 Not Seeing It

    Posted Jan 14, 2010 09:25 AM
    I've had at least 4 machines hit since December. Removal ranges from one-click easy with a *third party product* to impossible. FIX THIS SYMANTEC!


  • 3.  RE: Rogue Program Known as 'Antivirus Live' - SAV 11 Not Seeing It

    Posted Jan 14, 2010 09:29 AM
    I am glad I am not alone. This needs fixing. It is a shame a shareware program can remove this, but SAV 11 thinks there is no problem. Please fix ASAP.


  • 4.  RE: Rogue Program Known as 'Antivirus Live' - SAV 11 Not Seeing It

    Posted Jan 14, 2010 09:35 AM
    Hello,

    Did you submit some sample to test them?

    https://submit.symantec.com/websubmit/retail.cgi  or https://submit.symantec.com/websubmit/gold.cgi

    After submit a sample you will receive an email with the analyse.

    You can also use this wesite to submit files: http://www.virustotal.com and see if Symantec is part of the list in the result.

    Regards,


  • 5.  RE: Rogue Program Known as 'Antivirus Live' - SAV 11 Not Seeing It

    Posted Jan 14, 2010 09:38 AM
    This rogue program is extremely aggressive and re-imaging was the only option. So no I could not submit a sample. I am not sure if it was downloaded by an end user or latched onto the computer when a website was visited.

    All that aside it has been out in the wild for over a month, so why can't it be detected at this point??


  • 6.  RE: Rogue Program Known as 'Antivirus Live' - SAV 11 Not Seeing It

    Posted Jan 14, 2010 09:49 AM
    Check this: https://www-secure.symantec.com/connect/forums/sep-11-missed-antivirus-live

    It's seem that is already catch by SEP as Trojan.FakeAV. 


  • 7.  RE: Rogue Program Known as 'Antivirus Live' - SAV 11 Not Seeing It

    Posted Jan 14, 2010 03:09 PM
    The latest variant was discovered on the 1/12/10. SEP should be catching these known threats, but remember when a new varient is released, SEP will not be able to catch it until a signature is written. Notice the increase in new threats this year, there are  three in the first two weeks. As always, be sure to have the latest definitions on all your systems.

    http://www.symantec.com/business/security_response/landing/azlisting.jsp?azid=Tthreats.JPG


  • 8.  RE: Rogue Program Known as 'Antivirus Live' - SAV 11 Not Seeing It

    Posted Jan 14, 2010 04:12 PM
    If you are banking on just SEP (or any endpoint product for that matter) to stop threats, you'll be in a world of hurt for the rest of your desktop support career.


  • 9.  RE: Rogue Program Known as 'Antivirus Live' - SAV 11 Not Seeing It

    Posted Jan 25, 2010 10:27 AM
    I like the rest of you have seen these programs get past our up to date and patched SEP. I believe they get past because Blood hound and TruScan sensitivity is set very low. Increasing sensitivity may catch more Rogue installers but would also cause false positives.... Our techs in the field have been forwarding Malwarebytes and SUPERantispyware log files to me. I plan on creating  a Centralized Acceptation list which would block those processes from getting into memory. Assuming success, I would need to update the list on an ongoing basis as new threats emerge..


  • 10.  RE: Rogue Program Known as 'Antivirus Live' - SAV 11 Not Seeing It

    Posted Jan 25, 2010 10:37 AM
     
    Scanning a file with a competitor's antivirus program detects a virus, but scanning with Symantec AntiVirus or Symantec Endpoint Protection does not'