Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all articles
Browse latest Browse all 10484

Steps I take in order to rid systems of infected files, please feel free to add or offer any advice. Thank you.

$
0
0
I do not need a solution (just sharing information)

I really would like to know about #20

Checklist for scanning suspicious files
1.    Disconnect any drive mappings and check to see if the PC has any shared folders
2.    Stop the shares if they are present, they can be reestablished if necessary after cleanup
3.    Take the PC OFF the network
4.    Check disk space, lack of disk space can cause multiple issues
5.    Check to see if any users have local admin rights, if they do, remove them
6.    Check the “Run” Key in the registry for any suspicious entries (Check on HKEY_LOCAL_MACHINE AND     HKEY_CURRENT_USER
       Delete any suspicious entries from
       HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
       HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
7.    Check for old windows user profiles, check with the current user before deletion of old profiles
8.    Check the C:\ProgramData (Hidden folder) for any suspicious entries
9.    If you can, clear C:\TEMP and C:\Windows\temp
10.    Clear content from C:\Users\Username\AppData\Local\Temp
11.    Clear content in %userprofile%\AppData\Local\Microsoft\Windows\Temporary Internet Files
12.    Check the control panel for any suspicious programs or toolbars (Yahoo, Ask, etc)
13.    Remove all toolbars or suspicious programs, verify with the user of the validity of the program
14.    Check and verify versions and definitions are up to date on Malwarebytes and SEP
15.    Check the SEP Client for suspicious entries
16.    Run a full scan with SEP, then Run a full scan with Malwarebytes and remove suspicious entries
17.    Select the “View Quarantine” section, if there is anything check to see what it is and verify with the user    (s) if it can be removed.
18.    Restart the PC after scanning is complete.
19.    It would be highly advisable to run a Load Point Analysis and submit the output file to Symantec Support.
        Suspicious files can be submitted to Symantec through the following link.

20. I will use NPE as a last resort, I am wondering if I should use it as a PRIMARY resort

 

https://submit.symantec.com/websubmit/retail.cgi

Do not submit a file with a .exe extension, rename it to something like .zip or .rtf

To open a support case, user the following link.

https://my.symantec.com/webapp/faces/login;jsessionid=kD5pTYtLVGQp1tT6YGNPnJ1RDP1J63M72VYQG51KplzHFSq7vcpC!852198726?_afrLoop=762864225321000&_afrWindowMode=0&_afrWindowId=null#%40%3F_afrWindowId%3Dnull%26_afrLoop%3D762864225321000%26ct%3Dus%26lg%3Den%26_afrWindowMode%3D0%26_adf.ctrl-state%3Dlinjnbbce_4


Viewing all articles
Browse latest Browse all 10484

Trending Articles