?
Solved

symantec corporate edition ver9 on windows server 2003

Posted on 2009-04-13
18
Medium Priority
?
663 Views
Last Modified: 2013-12-09
i have a file server with symantec corporate edition 9.0 installed and then i have all of my office machines...about 20.

i didnt configure the server and i didnt realize there was console software on the server.  well, i opened up the console today and out of the 20 computer on the network, a handful of them were highlighted with Threat Found and a red x on the PC.

well, i quickly update all the PC to the latest symantec patch, via the server, even though they were all patched up to date...and then i did a scan on the bad/infected computers.  nothing...no viruses popped up.

what am i missing?

the computers are running normal, no lag on the PC, and nothing indicates that there is a virus on there.  for those of us that know from prior experiences...i like to call it the calm before the storm.

so i figured that maybe the threat could have been from a virus that was on a the network a while ago...so i clicked the option to clear the threat.  i thought i was out of the woods until 35 minutes later those computers popped up as threats again.

then something weird started to happen.  as soon as one computer cleared up with threats, a computer that was never a threat starts to pop up as a threat.

not sure what to do now.  all PCs are scanned, have the latest MS patches, etc...

any ideas?

thanks.
0
Comment
Question by:tomdlgns
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
18 Comments
 
LVL 2

Expert Comment

by:thomaslberg
ID: 24134712
First you need to drill down in the console and find out what the threat is. Although I do not have direct experience with 9.0 it has been possible for the "threat" to be nothing but a tracking cookie which unless explicitly blocked will be picked up anytime they go to site that has advertising on it.

To check for this do two things, scan them with Malwarebytes free, and Spybot, then if they are clean immunize in Spybot and see if the issue still pops up.

If it does things get a lot more complicated.
0
 

Author Comment

by:tomdlgns
ID: 24134719
well, that would make sense why at first one computer was showing up clean, then minutes later it shows up with a threat.

i have scanned the PCs with superantispyware free edition, but i will try malwarebytes tomorrow.

malwarebytes need to be done in safe mode, correct?
0
 

Author Comment

by:tomdlgns
ID: 24134733
the ones with the red x say threat found.  i am going to get into those a little deeper tomorrow.

there are a few computers that just have a red ! mark.  but it doesnt say threat found.  under the status field, it just says enabled.  i am going to take a look at the instruction manual and hopefully they explain what the symbols mean.

the rest of the computers on the network just show up as a little computer no red x or red !.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 2

Expert Comment

by:thomaslberg
ID: 24134796
You can scan with Malwarebytes in normal mode unless is says otherwise. Also use Spybot because it has the nice feature of Immunizing the PC's against a lot of this kind of junk.


0
 
LVL 15

Expert Comment

by:xmachine
ID: 24137449
Hi,

1) You are running a very old version of Symantec SAV. You can either upgrade to version 10 or SEP 11.

2) What is the threat name?


A Symantec Certified Specialist @ your service
0
 

Author Comment

by:tomdlgns
ID: 24137639
i am going to get some more details and update.

thanks.
0
 

Accepted Solution

by:
tomdlgns earned 0 total points
ID: 24137934
ok guys, since i am not an expert on the console view here is what i think is happening...

it is showing that there was a threat found, however, i notice that the "threat" files are in quarantine.  so that's what it means by threat found.  well, that is what i assume it means.  so it found a threat and then quarantined it.  however, i need to figure out how to force a refresh on the console view.  i know how to refresh it, but that isn't updating the time status.

for example, it is 831am my time and in the console the last update time is around 730am.

i think once the quarantine files are deleted, the threat notice/icon will go away.

0
 

Author Comment

by:tomdlgns
ID: 24138820
---UPDATE---

ok, i scanned all the computers again, only with symantec, didnt use malware yet, but i will.

all the scans came back clean.

however, on the console view, under quarantine, i see what once WAS a threat.  here are the virus names/trojans that were a threat.

w32.Rontokbro.K@mm
Trojan.Packed.NsAnti
Trojan Horse
Trojan.Malscript!html

next to the virus/trojan name it tells me the computer name.  i went to those computers, they were clean, but the above files were in their quarantine list.  so i highlighted them and deleted them, from each computer.

however, they are still in the quarantine list on the server console.

also, some of the files in the quarantine list on the server console are from a computer(s) that are no longer on the network.

0
 
LVL 2

Expert Comment

by:thomaslberg
ID: 24139627
Maybe this will work

Go to monitors, logs tab

log type: computer status

click "advanced settings", and then "compliance options" in blue towards the top

check the "infected only" box and click view log (or save filter for use later, then view log)

now pull down the box that says "selected" and choose "all", then click the "clear infected status" by the green diamond at the top and you're done!

0
 

Author Comment

by:tomdlgns
ID: 24139681
i dont see where monitors is at.

i am in the console program on the server.
0
 
LVL 2

Expert Comment

by:thomaslberg
ID: 24139736
I think it inside the console. Again haven't used 9 in years. I will see if I can find more info.
0
 

Author Comment

by:tomdlgns
ID: 24139787
ok thanks.

i have access to 10 and symantec support told me i can upgrade to 11, but i am not sure if it will wipe my current settings/configuration.

the last thing i want to do is upgrade and have to set everything back up.

0
 
LVL 2

Expert Comment

by:thomaslberg
ID: 24139902
I would check the Symantec forums before I upgrade to Endpoint 11.

http://www.newegg.com/Product/ProductReview.aspx?Item=N82E16832108343

See these reviews.
0
 
LVL 2

Expert Comment

by:thomaslberg
ID: 24139926
Just my opinion but the reason I have not used 9 in years is because I have not used Symantec anything in years. Too many resources used, too many processes, hard to uninstall clean, lots of issues after to uninstall. Etc..
0
 

Author Comment

by:tomdlgns
ID: 24139948
what do you recommend?

when i upgrade my servers, i was thinking about trying a new AV package.

i want something that is server/client friendly, not buggy like 11, and that i can manage easily.

i heard good things about NOD32, but i dont know anyone who uses it...
0
 
LVL 2

Expert Comment

by:thomaslberg
ID: 24140095
NOD 32 is good. I use Trend Micro a lot. It can slow down email delivery. The console for it is easy to use but can be a bit confusing the first time you try to find a couple things. It has good deployment features to client and monitors the update status well. It will also handle spyware/malware.

This is a good solution that we have used a lot.

http://us.trendmicro.com/us/products/sb/worry-free-business-security/index.html

It depends on the size of you network.
0
 
LVL 2

Expert Comment

by:thomaslberg
ID: 24140110
Correction the older version of Messaging service would slow down email delivery, but the new version works 10 times better.
0
 
LVL 20

Expert Comment

by:jimmymcp02
ID: 24162818
If you have access to sav corp 10 i recommend rolling it out. the version that you are currently using its no longer supported you could try upgrading directly on top on the current server but i would recommend a clean install in another server then you can enable sav 10 to control older versions and then you can drag and drop the clients then perform the client updates once you have it set up the way you want it.
 
 
0

Featured Post

Does Your Cloud Backup Use Blockchain Technology?

Blockchain technology has already revolutionized finance thanks to Bitcoin. Now it's disrupting other areas, including the realm of data protection. Learn how blockchain is now being used to authenticate backup files and keep them safe from hackers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently had to create a utility which aim is to update McAfee's Virusscan and that had to be launched from a command line. I thought I’d share my experience with you. Why is it useful to be able to update an Antivirus from the command line?…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question