Posted by Roger Michelson on Wed, Apr 27, 2011 @ 01:45 PM
We are excited for the upcoming release of Symantec Endpoint Protection 12.1. Preliminary discussions with Symantec and test results show that this new version of Endpoint Protection will greatly assist with Intrusion Prevention and add a new rules based engine (Insight) to help find malicious codes that might slip through the existing Endpoint Protection 11.0 and Endpoint Protection for Small Business 12.0. We plan on upgrading our clients as soon as the final version comes out and we have tested it in our lab.
Here is a quick overview of the new features.
Symantec™ Endpoint Protection 12.1: Unrivaled security. Blazing performance.
Powered by Insight, Symantec™ Endpoint Protection will be the fastest, most powerful solution ever offered by Symantec. It offers advanced defense against all types of attacks for both physical and virtual systems. Seamlessly integrating the essential security tools you need into a single, high performance agent with a single management console. Symantec Endpoint Protection provides state-of-the-art protection without slowing you down.
What is Insight?
Insight detects new and unknown threats that are missed by other approaches.
- Insight correlates tens of billions of linkages between users, files, and websites to identify rapidly mutating threats that may only exist on a few systems
- Reduces scan overhead by as much as 70% by scanning only files at risk
- Can't be evaded or coded around by self-mutating and encrypting malware
Other new features: Real Time SONAR 3: SONAR examines programs as they run, identifying and stopping malicious behavior of new and previously unknown threats.
Browser Intrusion Prevention: Scans for attacks directed at browser vulnerabilities. Faster central console: Optimized database to increase responsiveness.
Smart Scheduler: Stays out of your way by performing non-critical security tasks when your computer is idle.
Built for Virtual Environments: Symantec Endpoint Protection can white list baseline images, maintain a local virtual Insight cache, randomize scans and updates, and automatically identify and manage virtual clients.
Posted by BNMC Engineering on Wed, Mar 30, 2011 @ 11:14 AM
The Total Security virus is a class of "Fake or Rogue Anti-Virus programs" which have been popping up at our clients recently. Total Security is a successor of Total VirusProtection tool. Since TotalSecurity is a clone of the rogue program, you shouldn’t expect it to function properly. Make no mistake, this is a virus, not a legitimate program.
The newer version of this malware named Total Security 2009 is even more pesky. Total Security is typical fraudulent software. It displays large numbers of counterfeit security alerts and it urges people to pay for using the tool. TotalSecurity costs either $49.95 or $79.95 but it’s not worth a dime. The program is nonfunctional unless you’re looking for some tool to halt a pc and to generate annoying pop-ups.
Total Security is able to imitate computer scan. Keep in mind that both the scan and scan report are falsified. TotalSecurity reports are usually full of computer threats; none of the reported infections are real.
Pop-ups loaded by Total Security are identical to security alerts displayed by ESET NOD32 anti-virus. Be careful and don’t mistake TotalSecurity for a real security program.
For more information, see:
http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-082908-4116-99
http://www.spywarevoid.com/remove-total-security-totalsecurity-removal-tutorial.html
http://www.bleepingcomputer.com/virus-removal/remove-total-security
Here is what we learned about “Windows Total Security” Virus (and it’s variants):
Added random 3-letter executable
$USER%\Local Settings\Application Data\xxx.exe [xxx = random 3 letters, or ‘tsc’]
Note: Several registry entries will point to this file, launching it when users attempt to open .exe files, or open Internet Explorer
Registry:
Altered Keys:
-->> Should be corrected to IEXPLORER.exe (or Firefox.exe)
HKEY_LOCAL_MACHINE\\Software\Clients\StartMenuInternet
HKEY_CURRENT_USER\Software\Clients\StartMenuInternet
-->> Should be corrected to "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(Default)
Added Keys: -->>Should be deleted
HK_CURRENT_USER\Software\Software\Classes\.exe
HK_CURRENT_USER\Software\Software\Classes\exefile
HK_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe
Best removal method is to log into computer with an alternate admin account, or connect the network registry from a remote computer to remove registry entries. Symantec's PowerEraser or Malware Bytes can be used to remove the virus if your Anti-Virus program does not do it, though there are several other removal tools at the above listed sites.
If the user is isolated, you can often open .exe files by right-clicking and selecting “run-as” (then run as current user)
- Philip Chonacky
BNMC Engineering