hi there,
i made an observation with a known old malware called w32.stickpid, which was/is detected by SEP before.
It is suddently not deteced by symantec 12.1.3 and autoprotect on a customers system anymore, but was before!
Well not exactly true, it's detected when i right click on the file and manual scan it. But Autoprotect doest not react when i try to copy, move etc. the files.
i made a few tests, with the exe of this malware, without executing it, on my own clean testing system.
This time with the latest 12.1.6 MP3. The following seems to be happening:
1. Files are not detected as malware when i scan the folder with the files in it!
2. Autoprotect reacts after about 25 minutes (WS.Malware.1) and not when i work with the files (copy, move etc.) (reproducible)
3. Only detects the file as malware when i directly scan the file with a right click and do a manual scan !?!?
4. Not detected by a full scan!
5. SEP behaves as it should when i copy an eicar testfile.
Doesn't matter which virus and spyware policy i use, the high security or the recommended one by symantec.
Neither has an increased bloodhound setting an effect.
Anyone an idea what is going on?