Endpoint Protection

 View Only

  • 1.  virus issue

    Posted Dec 15, 2011 04:51 PM
    Alot of trojan horses virus found in system. Pls help to remove.


  • 2.  RE: virus issue

    Posted Dec 15, 2011 05:20 PM

    Run a full scan in safe mode with latest defintion

     

    Security Best Practice Recommendations
    http://service1.symantec.com/support/ent-security.nsf/docid/2009010808340848?Open&seg=ent


    Best practices for responding to active threats on a network
    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010011510455048


    Security Response recommendations for Symantec Endpoint Protection settings
    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010020308592948


    Best Practice when Symantec Endpoint Protection or Symantec AntiVirus is Detecting a File that is Believed to be Safe
    http://service1.symantec.com/ent-security.nsf/docid/2010010319585948

    Best practices regarding Intrusion Prevention System technology
    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009080314433948



  • 3.  RE: virus issue
    Best Answer

    Posted Dec 15, 2011 05:30 PM

    If you are running a Symantec product, I would start with downloading the latest Rapid Release definitions.

    Next, boot into safe mode and running a Disk Cleanup (right-click the C drive, Properties, Disk Cleanup) - that will delete all the files that are in these temporary locations, as well as IE's temporary files, etc. Perform a full system scan in safe mode.
    If that fails to detect and remove the threats, there are some useful tools that are provided by Symantec for help with finding those hard to detect threats.


    1. The Power Eraser Tool eliminates deeply embedded and difficult to remove threats that traditional virus scanning doesn't always detect.


    2. The SERT (Symantec Endpoint Recovery Tool) is useful in situations where computers are too heavily infected for the Symantec Endpoint Protection client installed upon them to clean effectively.

    3. The Load point Analysis Tool generates a detailed report of the programs loaded on your system. It is helpful in listing common loadpoints where threats can live.


    Rapid Release Virus Definitions –
    http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=rr

    Power Eraser tool –
    http://security.symantec.com/nbrt/npe.asp?lcid=1033&origin=default

    How To Use the Symantec Endpoint Recovery Tool with the Latest Virus Definitions –http://www.symantec.com/business/support/index?page=content&id=TECH131732&locale=en_US

    Support Tool with Power Eraser Tool included –
    http://www.symantec.com/business/support/index?page=content&id=TECH105414&locale=en_US
    How to use the Load Point Analysis within the Symantec Support Tool to help locate suspicious files http://www.symantec.com/business/support/index?page=content&id=TECH141402
    If you are unable to remove the threat(s) from your systems, please submit the suspected files to Symantec or ThreatExpert for analysis. New signatures will be created and included in future definition sets for detection.

    http://www.symantec.com/business/security_response/submitsamples.jsp

    http://www.threatexpert.com/submit.aspx

     

    Hope this helps you.

    Thomas



  • 4.  RE: virus issue

    Posted Dec 15, 2011 05:42 PM
    i will try this solution but i have one questin. I have removed 1000 of virus files from quarantine on several time but virus come again and again. Hope ur solution will work but is it permanently resolution?


  • 5.  RE: virus issue

    Posted Dec 16, 2011 06:01 AM

    It would help to have some additional information.  Which exact version of SEP are you running, with which components, and is it on a server, workstation, etc?

    Following these recommendations will help: http://www.symantec.com/business/theme.jsp?themeid=stopping_malware&depthpath=0



  • 6.  RE: virus issue

    Broadcom Employee
    Posted Dec 16, 2011 06:18 AM

    what is the location of the file detected?

    If it is system volume information, then the SEP will not take any action.



  • 7.  RE: virus issue

    Posted Dec 16, 2011 06:44 AM

    Virus found in user profile with .tmp extension



  • 8.  RE: virus issue

    Posted Dec 16, 2011 07:07 AM

    Hi,

    Can you check these links and see if it is the same issue you experiencing?

    http://www.symantec.com/business/support/index?page=content&id=TECH92399

    http://www.symantec.com/business/support/index?page=content&id=TECH93590



  • 9.  RE: virus issue

    Posted Dec 18, 2011 06:09 AM

    kindly find the attach thread, it realted to virus infected files/ext

     

    https://www-secure.symantec.com/connect/forums/virus-issue-1

     

    Hope it help you.



  • 10.  RE: virus issue

    Posted Dec 19, 2011 01:13 AM

     

    virus issue 

    Login to SEPM console machine and check the settings once and 

    check wether server and client machine get with latest update are not

    if not update with latest update

    Remove the network and  give full scane for all the machines from console 

    delete all temp files and cookies and historys once full scane is completed restart the machine and check it once

    if you find aney new virus is running in your machine take sample of that and submit to symantec.