Go Back   nV News Forums > Software Forums > Networking And Security

Newegg Daily Deals

Reply
 
Thread Tools
Old 09-26-08, 10:06 AM   #1
FastRedPonyCar
Resident Tire Destroyer
 
FastRedPonyCar's Avatar
 
Join Date: Aug 2004
Location: Montgomery, AL
Posts: 3,012
Send a message via AIM to FastRedPonyCar
Default Antivirus Experts needed!

OK so we've been having some issues recently with viruses that users don't know about showing up on our network via thumbdrives and portable harddrives.

We're using Symantec 10.2.xx right now and I was able to disable symantec's auto protection, download the EICAR test virus

http://www.rexswain.com/eicar.html

And download it both unzipped and the zipfile to a thumb drive... I re-enable auto protect and NOTHING. Plugged the thumb drive into another system with the latest definitions and nothing. Norton is quiet as a mouse.

Now I've disabled autoprotect once again, moved the eicar.com file onto my desktop and re-enable auto protect.... half an hour later, nothing.. not a peep.

We need a PROACTIVE solution that can look at not only thumb drives but quietly always be on the lookout in the background for suspcious activity.


In all fairness, it DOES come up when I try and download the file to my hdd, it says not so fast and auto protect kicks in. Same as when I try and unzip the file to my hdd or thumbdrive. It does it's thing but it required user interaction... there are a lot of viruses and worms that DONT require me to do ANYTHING to them.

If someone has such a worm or virus on their thumbdrive and bring it to work and plug it in, the malicious file has a playground to do it's dirty work without norton ever blinking an eye.
__________________
- Desktop -
4770k @ 4.45 ghz - ASUS Gryphon Mobo - 16 gigs Corsair Vengeance Pro 1866 RAM - XSPC Rasa 750 RS240 H2o Cooling - EVGA GTX 680 @1325mhz - 128 gig Crucial RealSSD C300 - 150 gig Velociraptor +2.75 Terrabytes of WD Sata 3.0 storage - 910 watt PC P&C PSU - Corsair Obsidian 650D case

- Server -
Core I7 D0 revision 920 @ 3.75 ghz - ASUS P6T Deluxe - 12 Gigs Mushkin DDR3 1600 - Corsair HX 620 PSU - Noctua NH-U9B cooler - Coolermaster WaveMaster Case

- Laptop -
MSI 16F2-012
- i7 2630QM - GTX570m @ 750Mhz - 8 gigs HyperX 1866 - 120 gig OCZ Vertex 3 SSD- 750 gig Scorpio Black - BluRay - 95% Gamut Screen - IC Diamond goop
FastRedPonyCar is offline   Reply With Quote
Old 09-27-08, 12:56 AM   #2
AthlonXP1800
Registered User
 
AthlonXP1800's Avatar
 
Join Date: Jan 2003
Location: United Kingdom
Posts: 4,352
Default Re: Antivirus Experts needed!

Norton Internet Security 2009 has PROACTIVE feature built-in. I tested on a VirtualPC downloaded eicar virus file from eicar.com and NIS2009 blocked it when auto protect is enabled and the same thing happened when downloaded the zip file and extracted to folder on the desktop. When I disabled auto-protect it did nothing when extracted to a folder then I looked at NIS2009 settings and noticed both AntiVirus and Advanced Protection was off. I tried turned on Advanced Protection and see what happened, when it turned on, both AntiVirus turned on and the auto-protect enabled. Then I tried turned off Advanced Protection then both turned off and I turned on AntiVirus, see Advanced Protection still off and Auto-protect still disabled. I tested extracted the zip file to a folder and NIS2009 blocked it when Auto-protect is disabled.

Symantec 10.2.xx is old version, here is new version 11 available which now have PROACTIVE feature so I suggest you to upgrade to the latest version.
__________________
Intel Core i7 3770K, Corsair H80 liquid cooler with Noctua S12-1200 fan, ASUS P8Z77V with UEFI 2104, 16GB Samsung Green 30nm DDR3-RAM, Pioneer BDR-S09XLT 16x Blu-ray writer, Corsair AX850 PSU, Western Digital 2TB SATA3 hard drive, CanonScan LiDE 210 scanner, Microsoft Internet Keyboard, Microsoft Touch Explorer mouse, 32inch Sharp LC32LE600 LED TV, EVGA Geforce GTX 670 SC 4GB with Geforce 370.50 driver, 50Mb broadband Virgin Media VMDG480 Super Hub, Aspire Xplorer Midi Tower, Windows 8.1 Pro 64bit.
AthlonXP1800 is offline   Reply With Quote
Old 09-27-08, 08:12 AM   #3
FastRedPonyCar
Resident Tire Destroyer
 
FastRedPonyCar's Avatar
 
Join Date: Aug 2004
Location: Montgomery, AL
Posts: 3,012
Send a message via AIM to FastRedPonyCar
Default Re: Antivirus Experts needed!

Quote:
Originally Posted by AthlonXP1800 View Post
Norton Internet Security 2009 has PROACTIVE feature built-in. I tested on a VirtualPC downloaded eicar virus file from eicar.com and NIS2009 blocked it when auto protect is enabled and the same thing happened when downloaded the zip file and extracted to folder on the desktop. When I disabled auto-protect it did nothing when extracted to a folder then I looked at NIS2009 settings and noticed both AntiVirus and Advanced Protection was off. I tried turned on Advanced Protection and see what happened, when it turned on, both AntiVirus turned on and the auto-protect enabled. Then I tried turned off Advanced Protection then both turned off and I turned on AntiVirus, see Advanced Protection still off and Auto-protect still disabled. I tested extracted the zip file to a folder and NIS2009 blocked it when Auto-protect is disabled.

Symantec 10.2.xx is old version, here is new version 11 available which now have PROACTIVE feature so I suggest you to upgrade to the latest version.
wellll..... its not as simple as running out and buying it on the store shelf... it's for an entire military base hahahah
__________________
- Desktop -
4770k @ 4.45 ghz - ASUS Gryphon Mobo - 16 gigs Corsair Vengeance Pro 1866 RAM - XSPC Rasa 750 RS240 H2o Cooling - EVGA GTX 680 @1325mhz - 128 gig Crucial RealSSD C300 - 150 gig Velociraptor +2.75 Terrabytes of WD Sata 3.0 storage - 910 watt PC P&C PSU - Corsair Obsidian 650D case

- Server -
Core I7 D0 revision 920 @ 3.75 ghz - ASUS P6T Deluxe - 12 Gigs Mushkin DDR3 1600 - Corsair HX 620 PSU - Noctua NH-U9B cooler - Coolermaster WaveMaster Case

- Laptop -
MSI 16F2-012
- i7 2630QM - GTX570m @ 750Mhz - 8 gigs HyperX 1866 - 120 gig OCZ Vertex 3 SSD- 750 gig Scorpio Black - BluRay - 95% Gamut Screen - IC Diamond goop
FastRedPonyCar is offline   Reply With Quote
Old 09-27-08, 01:33 PM   #4
nekrosoft13
I'm Geralt
 
Join Date: Oct 2005
Location: Chicagoland, once a year in Poland
Posts: 24,366
Default Re: Antivirus Experts needed!

__________________
Windows 8 the next big failure, right after Windows ME
nekrosoft13 is offline   Reply With Quote
Old 09-27-08, 06:19 PM   #5
AthlonXP1800
Registered User
 
AthlonXP1800's Avatar
 
Join Date: Jan 2003
Location: United Kingdom
Posts: 4,352
Default Re: Antivirus Experts needed!

Quote:
Originally Posted by FastRedPonyCar View Post
wellll..... its not as simple as running out and buying it on the store shelf... it's for an entire military base hahahah
wellll you dont have to running out to the store, you can either buy or upgrade to Symantec Endpoint Protection 11.0 for discount online at Symantec website. I didnt bought Norton Internet Security 2009 as it cost 45 in stores while I bought it at Symantec website online for just 21 with discount.
__________________
Intel Core i7 3770K, Corsair H80 liquid cooler with Noctua S12-1200 fan, ASUS P8Z77V with UEFI 2104, 16GB Samsung Green 30nm DDR3-RAM, Pioneer BDR-S09XLT 16x Blu-ray writer, Corsair AX850 PSU, Western Digital 2TB SATA3 hard drive, CanonScan LiDE 210 scanner, Microsoft Internet Keyboard, Microsoft Touch Explorer mouse, 32inch Sharp LC32LE600 LED TV, EVGA Geforce GTX 670 SC 4GB with Geforce 370.50 driver, 50Mb broadband Virgin Media VMDG480 Super Hub, Aspire Xplorer Midi Tower, Windows 8.1 Pro 64bit.
AthlonXP1800 is offline   Reply With Quote
Old 09-29-08, 06:54 AM   #6
FastRedPonyCar
Resident Tire Destroyer
 
FastRedPonyCar's Avatar
 
Join Date: Aug 2004
Location: Montgomery, AL
Posts: 3,012
Send a message via AIM to FastRedPonyCar
Default Re: Antivirus Experts needed!

We have to use a coporate solution. Right now, 10.2 is the most current corporate version.

http://www.symantec.com/business/ant...porate-edition

You see, we have over 13,000 computers on our network so it's a bit more complicated than just downloading an update or new version. We'd have to test it and ensure that our symantec servers can maintain the new version correctly (see, I don't know if version 11 even gives you the option to have it managed by a parent server or not) and if our servers software version can talk with and take care of a machine with version 11.
__________________
- Desktop -
4770k @ 4.45 ghz - ASUS Gryphon Mobo - 16 gigs Corsair Vengeance Pro 1866 RAM - XSPC Rasa 750 RS240 H2o Cooling - EVGA GTX 680 @1325mhz - 128 gig Crucial RealSSD C300 - 150 gig Velociraptor +2.75 Terrabytes of WD Sata 3.0 storage - 910 watt PC P&C PSU - Corsair Obsidian 650D case

- Server -
Core I7 D0 revision 920 @ 3.75 ghz - ASUS P6T Deluxe - 12 Gigs Mushkin DDR3 1600 - Corsair HX 620 PSU - Noctua NH-U9B cooler - Coolermaster WaveMaster Case

- Laptop -
MSI 16F2-012
- i7 2630QM - GTX570m @ 750Mhz - 8 gigs HyperX 1866 - 120 gig OCZ Vertex 3 SSD- 750 gig Scorpio Black - BluRay - 95% Gamut Screen - IC Diamond goop
FastRedPonyCar is offline   Reply With Quote
Old 09-29-08, 08:45 AM   #7
nekrosoft13
I'm Geralt
 
Join Date: Oct 2005
Location: Chicagoland, once a year in Poland
Posts: 24,366
Default Re: Antivirus Experts needed!

Quote:
Originally Posted by FastRedPonyCar View Post
We have to use a coporate solution. Right now, 10.2 is the most current corporate version.

http://www.symantec.com/business/ant...porate-edition

You see, we have over 13,000 computers on our network so it's a bit more complicated than just downloading an update or new version. We'd have to test it and ensure that our symantec servers can maintain the new version correctly (see, I don't know if version 11 even gives you the option to have it managed by a parent server or not) and if our servers software version can talk with and take care of a machine with version 11.
from your link

Quote:
For next generation antivirus protection, upgrade to Symantec Endpoint Protection 11.0, which combines Symantec AntiVirus with advanced threat prevention to protect endpoints from even the most sophisticated attacks.
10.2 is dead, and there will be no future upgraded, it was replaced with Endpoint Protection 11.

that is your next future upgrade
__________________
Windows 8 the next big failure, right after Windows ME
nekrosoft13 is offline   Reply With Quote
Old 09-29-08, 08:50 AM   #8
FastRedPonyCar
Resident Tire Destroyer
 
FastRedPonyCar's Avatar
 
Join Date: Aug 2004
Location: Montgomery, AL
Posts: 3,012
Send a message via AIM to FastRedPonyCar
Default Re: Antivirus Experts needed!

I found a copy of 11 w/endpoint on our network "testing software" and did a full install.

EICAR still sitting on my thumbdrive <_<


Most recent updates have been applied and proactive scan was set for 15 minute intervals and it's been an hour.



So back to my original problem here is that if an infected thumb drive or portable HHD gets plugged in, there's no scan done right away. THAT'S what I want to happen and if there's a virus on it, it has plenty of time to do whatever it wants with AV just sitting there with a thumb up its butt it seems.
__________________
- Desktop -
4770k @ 4.45 ghz - ASUS Gryphon Mobo - 16 gigs Corsair Vengeance Pro 1866 RAM - XSPC Rasa 750 RS240 H2o Cooling - EVGA GTX 680 @1325mhz - 128 gig Crucial RealSSD C300 - 150 gig Velociraptor +2.75 Terrabytes of WD Sata 3.0 storage - 910 watt PC P&C PSU - Corsair Obsidian 650D case

- Server -
Core I7 D0 revision 920 @ 3.75 ghz - ASUS P6T Deluxe - 12 Gigs Mushkin DDR3 1600 - Corsair HX 620 PSU - Noctua NH-U9B cooler - Coolermaster WaveMaster Case

- Laptop -
MSI 16F2-012
- i7 2630QM - GTX570m @ 750Mhz - 8 gigs HyperX 1866 - 120 gig OCZ Vertex 3 SSD- 750 gig Scorpio Black - BluRay - 95% Gamut Screen - IC Diamond goop
FastRedPonyCar is offline   Reply With Quote

Old 09-29-08, 07:42 PM   #9
ninelven
Registered User
 
Join Date: Jan 2003
Posts: 132
Default Re: Antivirus Experts needed!

I would check out these in this order:

1) http://www.avira.com/en/pages/index.php

2) http://www.kaspersky.com
ninelven is offline   Reply With Quote
Old 09-30-08, 12:22 AM   #10
AthlonXP1800
Registered User
 
AthlonXP1800's Avatar
 
Join Date: Jan 2003
Location: United Kingdom
Posts: 4,352
Default Re: Antivirus Experts needed!

Quote:
Originally Posted by FastRedPonyCar View Post
So back to my original problem here is that if an infected thumb drive or portable HHD gets plugged in, there's no scan done right away. THAT'S what I want to happen and if there's a virus on it, it has plenty of time to do whatever it wants with AV just sitting there with a thumb up its butt it seems.
Looked like Endpoint Protection 11 not configured the way you wanted it. Check the settings to make sure that it check for virus when removable media is inserted enabled and also create custom scans to scan removable drives for viruses on thumb drive or portable HHD.
__________________
Intel Core i7 3770K, Corsair H80 liquid cooler with Noctua S12-1200 fan, ASUS P8Z77V with UEFI 2104, 16GB Samsung Green 30nm DDR3-RAM, Pioneer BDR-S09XLT 16x Blu-ray writer, Corsair AX850 PSU, Western Digital 2TB SATA3 hard drive, CanonScan LiDE 210 scanner, Microsoft Internet Keyboard, Microsoft Touch Explorer mouse, 32inch Sharp LC32LE600 LED TV, EVGA Geforce GTX 670 SC 4GB with Geforce 370.50 driver, 50Mb broadband Virgin Media VMDG480 Super Hub, Aspire Xplorer Midi Tower, Windows 8.1 Pro 64bit.
AthlonXP1800 is offline   Reply With Quote
Old 11-09-08, 05:53 AM   #11
RejZoR
Overclocked Sheep
 
RejZoR's Avatar
 
Join Date: Oct 2004
Location: Europe\Slovenia\Ljubljana
Posts: 373
Default Re: Antivirus Experts needed!

Antiviruses only scan accessed/modified files. Unless something or someone is accessing that very specific file on USB drive, nothing will detect it.
If you doubleclick it, it will be scanned. If there is an autorun located on USB drive and is pointing to that EXE (or whatever it is), it will be scanned.
Scanning everything because it's there is waste of resources. Thats why no one does it.
So don't worry about it.
__________________
E5200 @ 3,75GHz | 6GB 800MHz DDR2 | ASUS P5Q Deluxe | HD4850 512MB @ 700/2200 | 750-320 HDD | ASUS Xonar Essence STX + Altec Lansing MX5021
RejZoR is offline   Reply With Quote
Old 11-17-08, 10:53 PM   #12
einstein_314
w00t!!
 
einstein_314's Avatar
 
Join Date: Dec 2003
Location: Victoria, BC
Posts: 2,905
Default Re: Antivirus Experts needed!

Quote:
Originally Posted by RejZoR View Post
Antiviruses only scan accessed/modified files. Unless something or someone is accessing that very specific file on USB drive, nothing will detect it.
If you doubleclick it, it will be scanned. If there is an autorun located on USB drive and is pointing to that EXE (or whatever it is), it will be scanned.
Scanning everything because it's there is waste of resources. Thats why no one does it.
So don't worry about it.
That's what I thought. It only gets scanned when it gets accessed. Whether by user interaction or automatically. ie autoruns etc. If you have a virus on your flash drive and you plug it in, it's not going to infect your computer until you try to do something with it. (That I'm aware of anyways). And as soon as you do try to do something to it (ie move, copy, open, etc) it will be detected and dealt with.
__________________
Intel Core 2 Quad Q6600 @ 3.2GHz (9 x 355) w/ Swiftec APOGEE GTX Waterblock|| Asus P5B-Deluxe WiFi Edition
eVGA 8800 GTX Superclocked Edition @ 675/1150 w/ DangerDen 8800GTX Waterblock|| 4x1GB Mushkin XP2 PC2-8500
X-Fi Fatal1ty 64MB || PC Power & Cooling Silencer 750W || Seagate 7200.10 320 GB || Dell 2407WFP
Logitech Z-5300 Speakers || Sennheiser HD555's || Logitech G7 || Logitech G15 || Windows Vista Ultimate x64
einstein_314 is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


Similar Threads
Thread Thread Starter Forum Replies Last Post
Flame's crypto attack may have needed $200,000 worth of compute power News Archived News Items 0 06-11-12 09:40 PM
Why antivirus companies like mine failed to catch Flame and Stuxnet News Archived News Items 0 06-02-12 08:30 PM
9700 Pro OC app. needed PaiN Other Desktop Graphics Cards 5 10-11-02 12:46 PM
HD recommendation needed raggie007 General Hardware 12 10-01-02 09:08 PM
*** Failed cc sanity check. Bailing out! *** help needed Matias NVIDIA Linux 2 08-25-02 02:23 PM

All times are GMT -5. The time now is 06:12 AM.


Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright 1998 - 2014, nV News.