Symantec Endpoint Protection and Fake AV

Custom / NA
December 7, 2009 at 07:27:05
Specs: Windows 7, 3.5GB Ram
A business I occasionally work for has Symantec Endpoint Protection 10 installed on all the client computers and managed from the server. All clients are the latest SEP version, and the definitions are set up to update automatically (and are doing so). I know it is configured right, and is even working as several clients have reported blocking viruses in the past.

Anyhow, I've now had 3 occasions where one of the client computers got infected with a fake antivirus program. SEP doesn't seem to notice or even care. All three times, I logged in as the domain admin, manually ran an update, and then did a complete scan with SEP (just in case the real time protection wasn't working) and all three times it reported no infections, even though the fake antivirus window was sitting there starting me in the face.

I've been able to easily remove all the infections using Malwarebytes, so the problem is fixed. But, why doesn't SEP block these things? Is there some configuration problem I am just missing? Are the Symantec definitions so sh*tty that they don't even find these fake AVs? Would I have better success with one of the competing corporate antivirus products?

-Ryan Adams

Free Computer Tips and more:http://RyanTAdams.com
Paid Tech Support: Black Diamond


See More: Symantec Endpoint Protection and Fake AV

Report •


#1
December 7, 2009 at 07:39:37
I guess, Symantec as well as McAfee lifes from the good name they had five years ago.

You are surly aware of the fact, that Antivirus Software is always one step behind the viruses.
At first there is the virus and then you get the antivirus.

It's worth to check other AV solutions as well.


Report •

#2
December 7, 2009 at 09:50:37
These things aren't recent variations. Malwarebytes with month old definitions found them.

Does SEP claim to protect against these things, or is Symantec open about this missing segment (fake av) of protection?

-Ryan Adams

Free Computer Tips and more:http://RyanTAdams.com
Paid Tech Support: Black Diamond


Report •

#3
December 7, 2009 at 11:06:13
You can search the Symantec database for fake antivirus.
http://www.symantec.com/business/se...


Report •

Related Solutions


Ask Question