Dear Members,
Recently we had observed that the number of risks associated to W32.Virut has increased enormously in our organisation. By analysing the articles on internet and recommendations , as given on Symantec Website, we applied a policy through Application and Device control feature.
The detalis of the policy is given on this page. I have exactly replicated the policy in our environment.
http://www.symantec.com/security_response/writeup....
Now, when I was analysing the ramifications of this policy, I came to know that it is showing up various blocking messages now and then.
For instance, there is a rule in the policy that when a *.exe file tries to change/access another *.exe file, it would block it.
A nice example of it is when i copy a .exe file from my machine to a pendrive, it doesn't allow. It throws up a message that explorer.exe tries to modify .exe file so Symantec blocked it.
My question is how i can mitigate the W32.Virut problem from our environment through this policy without having any false positives/negative consequences. One thing can be to add exception, but there are so many process affected by this policy that it would be difficult to add exception of the process which haven't been caught till now.
Any help would be highly appreciated. I am ready to provide more inputs, if required.
Thank you
:)