Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all articles
Browse latest Browse all 10484

Symantec Security Response Automation finds sample "Not a Threat"

$
0
0
I need a solution
We submitted a sample to Symantec Security Response (Tracking #38316728) on January 28, 2014 for analysis and the automated response was that the sample was "not a threat." We disagreed with this determination without any path to ask Symantec for a closer look.
 
Based on information we know about this sample:
1. Virus total shows 9 AV engines that determined that this file was malicious (although most were heuristic engines)
2. The file was compiled only 3 days ago
3. It was executing from the user's AppData\Roaming directory
4. It communicates to a dynamic DNS address, which points to an IP address in Brazil
 
I don't have to see the file myself to say that this is 99% certainly bad.
 
Sample MD5: 1c481505230953f110d89c4b6d2579a6
 
Today, however, I checked VirusTotal and it shows the sample is a threat and Symantec does detect it as "WS.Reputation.1" with and update of 20140128.  Wait... what?!
 
https://www.virustotal.com/en/file/e222c61162fc4d8a677f84576ed9bc55568b7f6165d04b837df7e7559e485bba/analysis/
 
Do we have any alternative paths to get a file flagged as malicious for the purposes of getting it detected in our AV?  Sometimes this is the quickest way for us to remediate a virus infection and this severely increases the time to respond; this is not good for us.
 
What is your recommended path of escalation for samples which we feel are a threat, but the automated analysis determines otherwise?
1391172517

Viewing all articles
Browse latest Browse all 10484

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>