Solved

symantec corporate edition ver9 on windows server 2003

Posted on 2009-04-13
18
649 Views
Last Modified: 2013-12-09
i have a file server with symantec corporate edition 9.0 installed and then i have all of my office machines...about 20.

i didnt configure the server and i didnt realize there was console software on the server.  well, i opened up the console today and out of the 20 computer on the network, a handful of them were highlighted with Threat Found and a red x on the PC.

well, i quickly update all the PC to the latest symantec patch, via the server, even though they were all patched up to date...and then i did a scan on the bad/infected computers.  nothing...no viruses popped up.

what am i missing?

the computers are running normal, no lag on the PC, and nothing indicates that there is a virus on there.  for those of us that know from prior experiences...i like to call it the calm before the storm.

so i figured that maybe the threat could have been from a virus that was on a the network a while ago...so i clicked the option to clear the threat.  i thought i was out of the woods until 35 minutes later those computers popped up as threats again.

then something weird started to happen.  as soon as one computer cleared up with threats, a computer that was never a threat starts to pop up as a threat.

not sure what to do now.  all PCs are scanned, have the latest MS patches, etc...

any ideas?

thanks.
0
Comment
Question by:tomdlgns
18 Comments
 
LVL 2

Expert Comment

by:thomaslberg
ID: 24134712
First you need to drill down in the console and find out what the threat is. Although I do not have direct experience with 9.0 it has been possible for the "threat" to be nothing but a tracking cookie which unless explicitly blocked will be picked up anytime they go to site that has advertising on it.

To check for this do two things, scan them with Malwarebytes free, and Spybot, then if they are clean immunize in Spybot and see if the issue still pops up.

If it does things get a lot more complicated.
0
 

Author Comment

by:tomdlgns
ID: 24134719
well, that would make sense why at first one computer was showing up clean, then minutes later it shows up with a threat.

i have scanned the PCs with superantispyware free edition, but i will try malwarebytes tomorrow.

malwarebytes need to be done in safe mode, correct?
0
 

Author Comment

by:tomdlgns
ID: 24134733
the ones with the red x say threat found.  i am going to get into those a little deeper tomorrow.

there are a few computers that just have a red ! mark.  but it doesnt say threat found.  under the status field, it just says enabled.  i am going to take a look at the instruction manual and hopefully they explain what the symbols mean.

the rest of the computers on the network just show up as a little computer no red x or red !.
0
 
LVL 2

Expert Comment

by:thomaslberg
ID: 24134796
You can scan with Malwarebytes in normal mode unless is says otherwise. Also use Spybot because it has the nice feature of Immunizing the PC's against a lot of this kind of junk.


0
 
LVL 15

Expert Comment

by:xmachine
ID: 24137449
Hi,

1) You are running a very old version of Symantec SAV. You can either upgrade to version 10 or SEP 11.

2) What is the threat name?


A Symantec Certified Specialist @ your service
0
 

Author Comment

by:tomdlgns
ID: 24137639
i am going to get some more details and update.

thanks.
0
 

Accepted Solution

by:
tomdlgns earned 0 total points
ID: 24137934
ok guys, since i am not an expert on the console view here is what i think is happening...

it is showing that there was a threat found, however, i notice that the "threat" files are in quarantine.  so that's what it means by threat found.  well, that is what i assume it means.  so it found a threat and then quarantined it.  however, i need to figure out how to force a refresh on the console view.  i know how to refresh it, but that isn't updating the time status.

for example, it is 831am my time and in the console the last update time is around 730am.

i think once the quarantine files are deleted, the threat notice/icon will go away.

0
 

Author Comment

by:tomdlgns
ID: 24138820
---UPDATE---

ok, i scanned all the computers again, only with symantec, didnt use malware yet, but i will.

all the scans came back clean.

however, on the console view, under quarantine, i see what once WAS a threat.  here are the virus names/trojans that were a threat.

w32.Rontokbro.K@mm
Trojan.Packed.NsAnti
Trojan Horse
Trojan.Malscript!html

next to the virus/trojan name it tells me the computer name.  i went to those computers, they were clean, but the above files were in their quarantine list.  so i highlighted them and deleted them, from each computer.

however, they are still in the quarantine list on the server console.

also, some of the files in the quarantine list on the server console are from a computer(s) that are no longer on the network.

0
 
LVL 2

Expert Comment

by:thomaslberg
ID: 24139627
Maybe this will work

Go to monitors, logs tab

log type: computer status

click "advanced settings", and then "compliance options" in blue towards the top

check the "infected only" box and click view log (or save filter for use later, then view log)

now pull down the box that says "selected" and choose "all", then click the "clear infected status" by the green diamond at the top and you're done!

0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:tomdlgns
ID: 24139681
i dont see where monitors is at.

i am in the console program on the server.
0
 
LVL 2

Expert Comment

by:thomaslberg
ID: 24139736
I think it inside the console. Again haven't used 9 in years. I will see if I can find more info.
0
 

Author Comment

by:tomdlgns
ID: 24139787
ok thanks.

i have access to 10 and symantec support told me i can upgrade to 11, but i am not sure if it will wipe my current settings/configuration.

the last thing i want to do is upgrade and have to set everything back up.

0
 
LVL 2

Expert Comment

by:thomaslberg
ID: 24139902
I would check the Symantec forums before I upgrade to Endpoint 11.

http://www.newegg.com/Product/ProductReview.aspx?Item=N82E16832108343

See these reviews.
0
 
LVL 2

Expert Comment

by:thomaslberg
ID: 24139926
Just my opinion but the reason I have not used 9 in years is because I have not used Symantec anything in years. Too many resources used, too many processes, hard to uninstall clean, lots of issues after to uninstall. Etc..
0
 

Author Comment

by:tomdlgns
ID: 24139948
what do you recommend?

when i upgrade my servers, i was thinking about trying a new AV package.

i want something that is server/client friendly, not buggy like 11, and that i can manage easily.

i heard good things about NOD32, but i dont know anyone who uses it...
0
 
LVL 2

Expert Comment

by:thomaslberg
ID: 24140095
NOD 32 is good. I use Trend Micro a lot. It can slow down email delivery. The console for it is easy to use but can be a bit confusing the first time you try to find a couple things. It has good deployment features to client and monitors the update status well. It will also handle spyware/malware.

This is a good solution that we have used a lot.

http://us.trendmicro.com/us/products/sb/worry-free-business-security/index.html

It depends on the size of you network.
0
 
LVL 2

Expert Comment

by:thomaslberg
ID: 24140110
Correction the older version of Messaging service would slow down email delivery, but the new version works 10 times better.
0
 
LVL 20

Expert Comment

by:jimmymcp02
ID: 24162818
If you have access to sav corp 10 i recommend rolling it out. the version that you are currently using its no longer supported you could try upgrading directly on top on the current server but i would recommend a clean install in another server then you can enable sav 10 to control older versions and then you can drag and drop the clients then perform the client updates once you have it set up the way you want it.
 
 
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

PREFACE The purpose of this guide is to provide information to successfully install the MS SQL client tools for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technology…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now