Endpoint Protection Small Business Edition

We have endpoint security installed with most current updates. ( 11.0.6100.645).  Most of the time SEP misses the malware and I have to malwarebytes ( www.malwarebytes.org ) to clean it up. Am I missing something or not setup my sep right?  I think malware bytes does a way better job than SEP.

Bump up the AV Security Settings - See the Security Response Recommened Settings

http://www.symantec.com/business/support/index?page=content&id=TECH122943&locale=en_US

Make sure all your systems are patched and running the latest updates.

Follow the Security Best practices - http://www.symantec.com/business/theme.jsp?themeid=stopping_malware&inid=us_sr_carousel_panel7_best_practices

Scanning a file with a competitor's antivirus program detects a virus, but scanning with Symantec AntiVirus or Symantec Endpoint Protection does not -

http://www.symantec.com/business/support/index?page=content&id=TECH98929&locale=en_US

If you have a file that SEP is still missing, then please submit it for analysis ASAP.

http://www.symantec.com/business/security_response/submitsamples.jsp

I think this document can help:

Scanning a file with a competitor's antivirus program detects a virus, but scanning with Symantec AntiVirus or Symantec Endpoint Protection does not
http://www.symantec.com/business/support/index?page=content&id=TECH98929

I would strongly suggest to check this document as well to ensure if the SEP configuration is correct:

Security Best Practice Recommendations
http://www.symantec.com/business/support/index?page=content&id=TECH91705

...but I think we all agree that prevention is far better than remediation.

It is essential that you use not just AV, but PTP and especially NTP for Intrusion Prevention (IPS). Code on fake AV programs and malware changes multiple times a day. AV detections are, for the most part, code-based, i.e. reactive (and I mean all traditional AV protection). IPS is proactive--looking for traffic patterns regardless of code.

Ensure all plugins that tie into Internet Explorer are updated (Quicktime, Adobe Flash / Reader, Java, etc). Make sure all critical system patches are applied.

Look too into using Application and Device control. There are links and details for all of this on this similar thread:

https://www-secure.symantec.com/connect/forums/new-fake-av-ms-removal-tool

Most current build of SEP is 11.0.6300, by the way, though I don't believe that will have a significant impact on protection.

sandra

Hello,

Same old story. Who comes first.... Thief or Cop?

Don't Take me otherwise, what I mean to say is; there may be cases where Symantec is not detecting the Threat. In that case, Symantec would need your Assistance. 

Let us know about it. We would like to hear from you.

If you feel there is a new varient of an old Threat or a new Threat and Symantec is not catching, you would have to submit suspicious files to verify whether those files are Clean or Malicious.

There are 2 ways to catch the suspicious files.

1) Manual - You may find some files which shouldn't be there on the computer. You could submit those files. Yes, sometimes you feel those files are hidden. in that case, go for option 2.

2) Automatted - Run the Symantec Support Tool with Loadpoint Analysis and it would collect the suspicious files for you. Check the Below:

Scanning a file with a competitor's antivirus program detects a virus, but scanning with Symantec AntiVirus or Symantec Endpoint Protection does not

http://www.symantec.com/business/support/index?page=content&id=TECH98929

We're seeing the same thing.  Our customers are constantly getting infected by the same malware every day.

I submit the infections to Symantec and they are never picked up.  When I analyze with Virus-Total competitors pickup the malware (most often Ransom Ware).

At this point I wouldn't be able to recommend Symantec, besides not detecting even most common malware that exists in the wild well after it is first introduced.

@ ntripp,

If you submit a file that is proven malicious, we will create definitions to protect. What you may be seeing are new variants of an existing threat that are getting through.

As you can see by the VirusTotal list that you posted, not every AV product will catch every threat 100% of the time.

Please submit the new file(s) to us for analysis ASAP, so that we can create the signatures to protect you.  http://www.symantec.com/business/security_response/submitsamples.jsp

It is not just about Antivirus these days. You need to educate your users on safe Web surfing and email practices.

Tighten your security settings on your AV policy - http://www.symantec.com/business/support/index?page=content&id=TECH122943&locale=en_US

Use plug-ins like Norton Safe Web Lite to help warn users of malicious websites - http://safeweb.norton.com/lite

Use features such as our facebook link scanner - http://www.facebook.com/apps/application.php?id=310877173418

Add an email filtering product to your environment such as Symantec Mail Security for Microsoft Exchange or one of our Symantec.cloud Email Security products.

And most importantly, follow all the Security Best Practices  - http://www.symantec.com/business/theme.jsp?themeid=stopping_malware&inid=us_sr_carousel_panel7_best_practices

Regards,

Thomas

We are a company. We have approximately 100 PCs that have internet access. We use SEP 11.0.5002.333. They are managed by a SEP server. We also use the proactive threat protection. We have approximately 3pcs a week that are incapacitated by Malware. We are extremly frustrated with SEP. We have increasingly relied on Malwarebytes to help us deal with the problem.

Today I spent 4 hours on a Laptop infected with Malware. SEP never recognized any file as a threat.

I was able to identify the time of the attack and identify the files created at that time and was able to delete them. I also installed Malwarebytes. It found 4 threats. SEP found 0.

What can I do to help Symantec help us?