Jump to content
godf

Symantec Endpoint Protection

Recommended Posts

Hi there. Symantec updates are always quarantined. Is there any was to add this programme to a safe list, so I don't have to keep manually restoring them?

 

Ta.

  • Like 3

Share this post


Link to post
Share on other sites

Hello godf, if using Immunet as a companion AV to another AV it's always advisable to add the complete Program Files directory into Immunet's "Exclusion List" in Settings to avoid such conflicts. Click on the System Tray icon to launch the GUI > click on Settings > scroll down to Add New Exclusion and click on that > click Browse and find the Program Files folder for Symantec and click on that > finally click Add Exclusion and then click Apply. That should do it. Also, add Immunet's Program Files directory into Symantec's Exclusion or Safe Programs list as well. That way they should play nice with each other. If Symantec uses any Temp file(s) while updating you may have to also exclude that/those as well. Let us know if you continue to have problems after adding these exclusions to Immunet.

 

Best wishes, Ritchie...

Share this post


Link to post
Share on other sites

Thanks for the advice.

 

It blocked this file too:

 

c:\Documnets and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\00000744

 

So I've added that folder to the exclusion list.

 

Also, over the last week these files were quarantined as trojans:

 

C:\WINDOWS\temp\TMPF2.tmp

C:\WINDOWS\temp\TMPC9E.tmp

 

Could they be related to Semantic too?

Share this post


Link to post
Share on other sites

It's very possible that Symantec uses those Windows temp files to update. Malware can also uses temp files to gain access to your system. The best thing I can think to do is contact Norton support and find out for sure if their Endpoint Protection software does use those temp files. If so you may have to also exclude those files as well. Here is a link to Norton Support. http://www.symantec.com/business/support/index?page=home

Share this post


Link to post
Share on other sites

I do have a question. Did you exclude the whole Documents and Settings folder? If so, that's not such a hot idea as that will leave the whole folder more vulnerable to infection. Instead it would be best if you exclude just the complete file path for C:\Documnets and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\00000744

Share this post


Link to post
Share on other sites

I excluded: c:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\

 

Also, for general interest, on speaking to Symantec Support, they say the SEP only uses the temp folder during installation/removal: "SEP will write to the temp folder while doing an install/removal & these are not key files."

 

Thanks.

Share this post


Link to post
Share on other sites

Glad to hear that those files are not mission cirtical. This is just an extrapolation on my part but perhaps those install files already contained malware defination signatures by Symantec that were being seen as possibly malicious by Immunet thus the quarantine response by one of Immunet's heuristic detection engines. A plausable scenario.

 

You can change Immunet's quarantine behavior. Enter Settings and scroll down to Quarantine Behavior. The setting for On Detection of Suspicious Files I personally have that set to "Ask Me" instead of the default "Automatic" setting. I think that just might help avoid any possible future conflicts in your case. That way you can decide for yourself if any more files get flagged as suspicious. Let's hope that doesn't happen but I would recommend you give that a try. If you find yourself in a situation where you're not sure a file is legit or malware Virustotal is a great site to use. You can have the file scanned by their on-line scanner or search their extensive library database. https://www.virustotal.com/en/ I use this site quite often myself during the course of my Moderator duties among other things.

 

Cheers, Ritchie...

  • Like 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...