Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 670
  • Last Modified:

symantec corporate edition ver9 on windows server 2003

i have a file server with symantec corporate edition 9.0 installed and then i have all of my office machines...about 20.

i didnt configure the server and i didnt realize there was console software on the server.  well, i opened up the console today and out of the 20 computer on the network, a handful of them were highlighted with Threat Found and a red x on the PC.

well, i quickly update all the PC to the latest symantec patch, via the server, even though they were all patched up to date...and then i did a scan on the bad/infected computers.  nothing...no viruses popped up.

what am i missing?

the computers are running normal, no lag on the PC, and nothing indicates that there is a virus on there.  for those of us that know from prior experiences...i like to call it the calm before the storm.

so i figured that maybe the threat could have been from a virus that was on a the network a while ago...so i clicked the option to clear the threat.  i thought i was out of the woods until 35 minutes later those computers popped up as threats again.

then something weird started to happen.  as soon as one computer cleared up with threats, a computer that was never a threat starts to pop up as a threat.

not sure what to do now.  all PCs are scanned, have the latest MS patches, etc...

any ideas?

thanks.
0
tomdlgns
Asked:
tomdlgns
1 Solution
 
thomaslbergCommented:
First you need to drill down in the console and find out what the threat is. Although I do not have direct experience with 9.0 it has been possible for the "threat" to be nothing but a tracking cookie which unless explicitly blocked will be picked up anytime they go to site that has advertising on it.

To check for this do two things, scan them with Malwarebytes free, and Spybot, then if they are clean immunize in Spybot and see if the issue still pops up.

If it does things get a lot more complicated.
0
 
tomdlgnsAuthor Commented:
well, that would make sense why at first one computer was showing up clean, then minutes later it shows up with a threat.

i have scanned the PCs with superantispyware free edition, but i will try malwarebytes tomorrow.

malwarebytes need to be done in safe mode, correct?
0
 
tomdlgnsAuthor Commented:
the ones with the red x say threat found.  i am going to get into those a little deeper tomorrow.

there are a few computers that just have a red ! mark.  but it doesnt say threat found.  under the status field, it just says enabled.  i am going to take a look at the instruction manual and hopefully they explain what the symbols mean.

the rest of the computers on the network just show up as a little computer no red x or red !.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
thomaslbergCommented:
You can scan with Malwarebytes in normal mode unless is says otherwise. Also use Spybot because it has the nice feature of Immunizing the PC's against a lot of this kind of junk.


0
 
xmachineCommented:
Hi,

1) You are running a very old version of Symantec SAV. You can either upgrade to version 10 or SEP 11.

2) What is the threat name?


A Symantec Certified Specialist @ your service
0
 
tomdlgnsAuthor Commented:
i am going to get some more details and update.

thanks.
0
 
tomdlgnsAuthor Commented:
ok guys, since i am not an expert on the console view here is what i think is happening...

it is showing that there was a threat found, however, i notice that the "threat" files are in quarantine.  so that's what it means by threat found.  well, that is what i assume it means.  so it found a threat and then quarantined it.  however, i need to figure out how to force a refresh on the console view.  i know how to refresh it, but that isn't updating the time status.

for example, it is 831am my time and in the console the last update time is around 730am.

i think once the quarantine files are deleted, the threat notice/icon will go away.

0
 
tomdlgnsAuthor Commented:
---UPDATE---

ok, i scanned all the computers again, only with symantec, didnt use malware yet, but i will.

all the scans came back clean.

however, on the console view, under quarantine, i see what once WAS a threat.  here are the virus names/trojans that were a threat.

w32.Rontokbro.K@mm
Trojan.Packed.NsAnti
Trojan Horse
Trojan.Malscript!html

next to the virus/trojan name it tells me the computer name.  i went to those computers, they were clean, but the above files were in their quarantine list.  so i highlighted them and deleted them, from each computer.

however, they are still in the quarantine list on the server console.

also, some of the files in the quarantine list on the server console are from a computer(s) that are no longer on the network.

0
 
thomaslbergCommented:
Maybe this will work

Go to monitors, logs tab

log type: computer status

click "advanced settings", and then "compliance options" in blue towards the top

check the "infected only" box and click view log (or save filter for use later, then view log)

now pull down the box that says "selected" and choose "all", then click the "clear infected status" by the green diamond at the top and you're done!

0
 
tomdlgnsAuthor Commented:
i dont see where monitors is at.

i am in the console program on the server.
0
 
thomaslbergCommented:
I think it inside the console. Again haven't used 9 in years. I will see if I can find more info.
0
 
tomdlgnsAuthor Commented:
ok thanks.

i have access to 10 and symantec support told me i can upgrade to 11, but i am not sure if it will wipe my current settings/configuration.

the last thing i want to do is upgrade and have to set everything back up.

0
 
thomaslbergCommented:
I would check the Symantec forums before I upgrade to Endpoint 11.

http://www.newegg.com/Product/ProductReview.aspx?Item=N82E16832108343

See these reviews.
0
 
thomaslbergCommented:
Just my opinion but the reason I have not used 9 in years is because I have not used Symantec anything in years. Too many resources used, too many processes, hard to uninstall clean, lots of issues after to uninstall. Etc..
0
 
tomdlgnsAuthor Commented:
what do you recommend?

when i upgrade my servers, i was thinking about trying a new AV package.

i want something that is server/client friendly, not buggy like 11, and that i can manage easily.

i heard good things about NOD32, but i dont know anyone who uses it...
0
 
thomaslbergCommented:
NOD 32 is good. I use Trend Micro a lot. It can slow down email delivery. The console for it is easy to use but can be a bit confusing the first time you try to find a couple things. It has good deployment features to client and monitors the update status well. It will also handle spyware/malware.

This is a good solution that we have used a lot.

http://us.trendmicro.com/us/products/sb/worry-free-business-security/index.html

It depends on the size of you network.
0
 
thomaslbergCommented:
Correction the older version of Messaging service would slow down email delivery, but the new version works 10 times better.
0
 
jimmymcp02Commented:
If you have access to sav corp 10 i recommend rolling it out. the version that you are currently using its no longer supported you could try upgrading directly on top on the current server but i would recommend a clean install in another server then you can enable sav 10 to control older versions and then you can drag and drop the clients then perform the client updates once you have it set up the way you want it.
 
 
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now