Endpoint Protection

 View Only
  • 1.  Shortcut creation

    Posted May 04, 2012 06:56 AM

     

    query is that when my removable drive(pen drive) is connected to any machine it creates a shortcuts of the files & folder.

     

    I have scanned and even formated the Pendrive and machine to which it was connected is clean with no viruses.

    But the shortcuts are still created.



  • 2.  RE: Shortcut creation

    Posted May 04, 2012 07:06 AM

    Could you disable Autorun,in through the GPO policy? And do a full scan on teh machine in normal and in safe mode.



  • 3.  RE: Shortcut creation

    Posted May 04, 2012 07:10 AM

    Disabling the AUTORUN through GPO .



  • 4.  RE: Shortcut creation

    Posted May 04, 2012 08:10 AM

    Check this Microsoft Kbase.

    http://support.microsoft.com/kb/967715



  • 5.  RE: Shortcut creation

    Broadcom Employee
    Posted May 04, 2012 08:25 AM

    Hi Anil,

    There should be something in the pen drive itself even though it's formatted & which is triggered when connected through AutoPlay.which might lead to this situation.This is one of the chacne. 

    As its the same on all the computers this is more likely the situation. 

    To isolate the issue,disable AutoRun(Autoplay) on the computer across all drives for all users and computers and connect the drive and check with the status. 

    Microsoft KB articles to disable Autorun

    http://support.microsoft.com/kb/967715

    http://technet.microsoft.com/en-us/magazine/cc137730.aspx

    Best practices for troubleshooting viruses on a network

    http://www.symantec.com/business/support/index?page=content&id=TECH122466

    Security Best Practice Recommendations

    http://www.symantec.com/docs/TECH91705

    What's the version of SEP? Using all the SEP features?



  • 6.  RE: Shortcut creation

    Trusted Advisor
    Posted May 04, 2012 08:49 AM

    Hello,

    As a first step, Disable autorun.

    Preventing a virus from using the AutoRun feature to spread itself

    http://www.symantec.com/business/support/index?page=content&id=TECH104447

    Check the below articles on handling infections.

    Best practices for troubleshooting viruses on a network

    http://www.symantec.com/business/support/index?page=content&id=TECH122466

    Security Best Practice Recommendations

    http://www.symantec.com/docs/TECH91705

    How to Use the Web Submission Process to Submit Suspicious Files

    http://www.symantec.com/business/support/index?page=content&id=TECH102419

    Security Response recommendations for Symantec Endpoint Protection settings

    http://www.symantec.com/docs/TECH122943

     

    In your case, it is advisable to follow few important steps:

    1) Make sure all these machines are Patched with ALL Latest MS security patches and service packs.

    2) Make sure the machines are installed with the Latest Symantec virus definitions.

    3) Disable the Autorun Feature on the machine.

    Later, incase of suspicious activity still happening, then follow the steps provided in the Article below:

    Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

     

    Hope this helps!!!