Solved

symantec corporate edition ver9 on windows server 2003

Posted on 2009-04-13
18
653 Views
Last Modified: 2013-12-09
i have a file server with symantec corporate edition 9.0 installed and then i have all of my office machines...about 20.

i didnt configure the server and i didnt realize there was console software on the server.  well, i opened up the console today and out of the 20 computer on the network, a handful of them were highlighted with Threat Found and a red x on the PC.

well, i quickly update all the PC to the latest symantec patch, via the server, even though they were all patched up to date...and then i did a scan on the bad/infected computers.  nothing...no viruses popped up.

what am i missing?

the computers are running normal, no lag on the PC, and nothing indicates that there is a virus on there.  for those of us that know from prior experiences...i like to call it the calm before the storm.

so i figured that maybe the threat could have been from a virus that was on a the network a while ago...so i clicked the option to clear the threat.  i thought i was out of the woods until 35 minutes later those computers popped up as threats again.

then something weird started to happen.  as soon as one computer cleared up with threats, a computer that was never a threat starts to pop up as a threat.

not sure what to do now.  all PCs are scanned, have the latest MS patches, etc...

any ideas?

thanks.
0
Comment
Question by:tomdlgns
18 Comments
 
LVL 2

Expert Comment

by:thomaslberg
ID: 24134712
First you need to drill down in the console and find out what the threat is. Although I do not have direct experience with 9.0 it has been possible for the "threat" to be nothing but a tracking cookie which unless explicitly blocked will be picked up anytime they go to site that has advertising on it.

To check for this do two things, scan them with Malwarebytes free, and Spybot, then if they are clean immunize in Spybot and see if the issue still pops up.

If it does things get a lot more complicated.
0
 

Author Comment

by:tomdlgns
ID: 24134719
well, that would make sense why at first one computer was showing up clean, then minutes later it shows up with a threat.

i have scanned the PCs with superantispyware free edition, but i will try malwarebytes tomorrow.

malwarebytes need to be done in safe mode, correct?
0
 

Author Comment

by:tomdlgns
ID: 24134733
the ones with the red x say threat found.  i am going to get into those a little deeper tomorrow.

there are a few computers that just have a red ! mark.  but it doesnt say threat found.  under the status field, it just says enabled.  i am going to take a look at the instruction manual and hopefully they explain what the symbols mean.

the rest of the computers on the network just show up as a little computer no red x or red !.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 2

Expert Comment

by:thomaslberg
ID: 24134796
You can scan with Malwarebytes in normal mode unless is says otherwise. Also use Spybot because it has the nice feature of Immunizing the PC's against a lot of this kind of junk.


0
 
LVL 15

Expert Comment

by:xmachine
ID: 24137449
Hi,

1) You are running a very old version of Symantec SAV. You can either upgrade to version 10 or SEP 11.

2) What is the threat name?


A Symantec Certified Specialist @ your service
0
 

Author Comment

by:tomdlgns
ID: 24137639
i am going to get some more details and update.

thanks.
0
 

Accepted Solution

by:
tomdlgns earned 0 total points
ID: 24137934
ok guys, since i am not an expert on the console view here is what i think is happening...

it is showing that there was a threat found, however, i notice that the "threat" files are in quarantine.  so that's what it means by threat found.  well, that is what i assume it means.  so it found a threat and then quarantined it.  however, i need to figure out how to force a refresh on the console view.  i know how to refresh it, but that isn't updating the time status.

for example, it is 831am my time and in the console the last update time is around 730am.

i think once the quarantine files are deleted, the threat notice/icon will go away.

0
 

Author Comment

by:tomdlgns
ID: 24138820
---UPDATE---

ok, i scanned all the computers again, only with symantec, didnt use malware yet, but i will.

all the scans came back clean.

however, on the console view, under quarantine, i see what once WAS a threat.  here are the virus names/trojans that were a threat.

w32.Rontokbro.K@mm
Trojan.Packed.NsAnti
Trojan Horse
Trojan.Malscript!html

next to the virus/trojan name it tells me the computer name.  i went to those computers, they were clean, but the above files were in their quarantine list.  so i highlighted them and deleted them, from each computer.

however, they are still in the quarantine list on the server console.

also, some of the files in the quarantine list on the server console are from a computer(s) that are no longer on the network.

0
 
LVL 2

Expert Comment

by:thomaslberg
ID: 24139627
Maybe this will work

Go to monitors, logs tab

log type: computer status

click "advanced settings", and then "compliance options" in blue towards the top

check the "infected only" box and click view log (or save filter for use later, then view log)

now pull down the box that says "selected" and choose "all", then click the "clear infected status" by the green diamond at the top and you're done!

0
 

Author Comment

by:tomdlgns
ID: 24139681
i dont see where monitors is at.

i am in the console program on the server.
0
 
LVL 2

Expert Comment

by:thomaslberg
ID: 24139736
I think it inside the console. Again haven't used 9 in years. I will see if I can find more info.
0
 

Author Comment

by:tomdlgns
ID: 24139787
ok thanks.

i have access to 10 and symantec support told me i can upgrade to 11, but i am not sure if it will wipe my current settings/configuration.

the last thing i want to do is upgrade and have to set everything back up.

0
 
LVL 2

Expert Comment

by:thomaslberg
ID: 24139902
I would check the Symantec forums before I upgrade to Endpoint 11.

http://www.newegg.com/Product/ProductReview.aspx?Item=N82E16832108343

See these reviews.
0
 
LVL 2

Expert Comment

by:thomaslberg
ID: 24139926
Just my opinion but the reason I have not used 9 in years is because I have not used Symantec anything in years. Too many resources used, too many processes, hard to uninstall clean, lots of issues after to uninstall. Etc..
0
 

Author Comment

by:tomdlgns
ID: 24139948
what do you recommend?

when i upgrade my servers, i was thinking about trying a new AV package.

i want something that is server/client friendly, not buggy like 11, and that i can manage easily.

i heard good things about NOD32, but i dont know anyone who uses it...
0
 
LVL 2

Expert Comment

by:thomaslberg
ID: 24140095
NOD 32 is good. I use Trend Micro a lot. It can slow down email delivery. The console for it is easy to use but can be a bit confusing the first time you try to find a couple things. It has good deployment features to client and monitors the update status well. It will also handle spyware/malware.

This is a good solution that we have used a lot.

http://us.trendmicro.com/us/products/sb/worry-free-business-security/index.html

It depends on the size of you network.
0
 
LVL 2

Expert Comment

by:thomaslberg
ID: 24140110
Correction the older version of Messaging service would slow down email delivery, but the new version works 10 times better.
0
 
LVL 20

Expert Comment

by:jimmymcp02
ID: 24162818
If you have access to sav corp 10 i recommend rolling it out. the version that you are currently using its no longer supported you could try upgrading directly on top on the current server but i would recommend a clean install in another server then you can enable sav 10 to control older versions and then you can drag and drop the clients then perform the client updates once you have it set up the way you want it.
 
 
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Have you ever tried to find someone you know on Facebook and searched to find more than one result with the same picture? Perhaps someone you know has told you that they have a 'facebook stalker' or someone who is 'posing as them' online and ta…
Learn about cloud computing and its benefits for small business owners.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question