Use Application and Device Control to monitor or block a file based on MD5.Use Application and Device Control to log activity to common loading points for threats.Increase the sensitivity of Proactive Threat Protection.Deploy Intrusion Prevention System (IPS) with default settings (low impact).This helps prevent malware from spreading and can result in identification of the threat in cases when Auto-Protect is not functioning on an infected computer.Īdditional resources within Endpoint Protection for identifying the threat and its behaviorsĮndpoint Protection employs additional tools to help troubleshoot, contain, and remediate threats within an Enterprise environment. Network scanning allows Auto-Protect to scan files that the computer accesses from remote computers. Network Scanning - Configure Auto-Protect to allow network scanning Increasing the heuristic level allows Symantec AntiVirus to detect more threats based on their behavior.ģ. Heuristics - Increase the heuristic level of your Symantec Antivirus program The Threat Analysis Scan in SymDiag lets you determine the risk level of files that are launched automatically on your computer.Ģ. The Symantec Diagnostic Tool (SymDiag) collects technical diagnostic data for many Symantec products. SymDiag - Check common load points for threats You have NOT identified any infected or suspicious filesĮndpoint Protection does not detect a threat and you need to determine which files are infected, if any. This helps prevent malware from spreading, and can result in identification of the threat in cases when Auto-Protect is not functioning on an infected computer. Network scanning allows Auto-Protect to scan files the computer accesses from remote computers. Configure Auto-Protect to allow network scanning If the file is a new malicious file, Symantec Security Response can create virus definitions to detect it.Ģ. In the event that additional information is required, submit the file to Symantec Security Response for further research. Symantec Security Response can identify all known malicious files. Submit the file to Symantec Security Response Symantec Endpoint Protection (SEP) detects a threat, and you need additional information about the threat or, Endpoint Protection does NOT detect a threat, but you have identified a suspect file that you believe to be malicious. You have identified infected or suspicious files To identify the threats, follow the instructions under the condition that applies, based on whether or not you have identified infected or suspicious files. You must also understand which methods the threats use to propagate throughout the network. To contain and eliminate a threat, you must know all of the threats that are present on the computer, and what the threats were designed to do. Troubleshooting and responding to threats and viruses on a network involves the following: