|A business I occasionally work for has Symantec Endpoint Protection 10 installed on all the client computers and managed from the server. All clients are the latest SEP version, and the definitions are set up to update automatically (and are doing so). I know it is configured right, and is even working as several clients have reported blocking viruses in the past.|
Anyhow, I've now had 3 occasions where one of the client computers got infected with a fake antivirus program. SEP doesn't seem to notice or even care. All three times, I logged in as the domain admin, manually ran an update, and then did a complete scan with SEP (just in case the real time protection wasn't working) and all three times it reported no infections, even though the fake antivirus window was sitting there starting me in the face.
I've been able to easily remove all the infections using Malwarebytes, so the problem is fixed. But, why doesn't SEP block these things? Is there some configuration problem I am just missing? Are the Symantec definitions so sh*tty that they don't even find these fake AVs? Would I have better success with one of the competing corporate antivirus products?
Free Computer Tips and more:http://RyanTAdams.com
Paid Tech Support: Black Diamond