Kaseya Community

More info & description about threats detected

  • Hello to all. Looking for a little help....

    We are beginning the process of migration from Symantec Antivirus & Symantec Enpoint Security over to KES. We completed our first 100 test machine migrations over the past 8 weeks, and are now planning to do another 200 or so over the next 4-8 weeks.

    Last night, I uninstalled Symantec SEP and installed AVG/KES on about 30 machines for one client. This morning, when I checked the KES Security Status screen for those machines, I found that each machine had between 2 and 30 items listed in the Virus Valut.

    I was a little alarmed, as they were prevsiously fully protected by Symantec, and I wondered what KES/AVG could possible find?

    I would say that 8 out of every 10 entries appeared to be related to Cookies, They only say “(?) Found“ in the threat column,
    ========================================
    tower15.tower c:\Documents and Settings\jmartin\Cookies\jmartin@atdmt[2].txt 6:09:28 AM 3-Jul-09 (?) Found
    tower15.tower c:\Documents and Settings\jmartin\Cookies\jmartin@bs.serving-sys[2].txt 6:09:28 AM 3-Jul-09 (?) Found
    tower15.tower c:\Documents and Settings\jmartin\Cookies\jmartin@burstbeacon[2].txt 6:09:28 AM 3-Jul-09 (?) Found
    ========================================

    The remainign 2 out of every 10 entries appeared to be non-cookie related threats, as as follows:
    ===================================
    tower16.tower c:\WINDOWS\system32\delukfat.exe 6:31:35 AM 3-Jul-09 (V) Virus found Win32/Heur
    tower16.tower c:\WINDOWS\system32\urladdot.dll 6:31:35 AM 3-Jul-09 (P) Potentially harmful program Logger.DYC
    tower04.tower c:\WINDOWS\system32\wizusups.dll 6:25:58 AM 3-Jul-09 (V) Trojan horse Downloader.Swizzor.INY
    tower09.tower c:\WINDOWS\system32\cericexp.exe 6:48:46 AM 3-Jul-09 (V) Virus found Win32/Heur
    tower09.tower c:\WINDOWS\system32\iekedat.dll 6:48:47 AM 3-Jul-09 (V) Trojan horse Generic12.BUSM
    tower09.tower c:\WINDOWS\system32\tcpardec.dll 6:48:48 AM 3-Jul-09 (V) Trojan horse Agent.BAFX
    ===================================

    My questions are:

    1. Is it normal for so many Cookies to be detected as threats?

    2. I am trying to find out more detailed about the non-cookie threats. With Symantec, they had a really good "threat center" where you could find out detailed information abotu threats. I went to the AVG Virus Encyclopedia page (http://www.avg.com/virbase) and copied and pasted the threat names and couldn't seem to find ANY macthes. How do you find out more specific information about specific threats detected by KES/AVG?

    Any help is appreciated. Thanks in advance.

    Lloyd

    Legacy Forum Name: More info & description about threats detected,
    Legacy Posted By Username: lwolf
  • I think I found the answer to my Question #1 about Cookies being detected as Threats. I had the Cookies option uncheck in the Profile for Resident Shield, but not for Full Scans.

    Still wondering hwo to get more detailed information about the non-cookie related threats, since I can;t seem to locate the reported items in the AVG Virus Encyclopedia page.

    Lloyd

    Legacy Forum Name: KES,
    Legacy Posted By Username: lwolf
  • Hi Lloyd -

    Cookies should never be returned to the UI.

    - If marked as ignore, then they aren't detected
    - If marked as report, then they are deleted.


    Sounds like something different from that happened - can you log a ticket so we can get to the bottom of it.


    On the virus encyclopedia, we are working with AVG on getting that up to speed. Now that AVG 7.5 has been sunsetted, the work begins to fill up that resource.

    Jeff

    Legacy Forum Name: KES,
    Legacy Posted By Username: Jeff.Keyes
  • Jeff.Keyes
    Hi Lloyd -
    Cookies should never be returned to the UI.
    - If marked as ignore, then they aren't detected
    - If marked as report, then they are deleted.
    Sounds like something different from that happened - can you log a ticket so we can get to the bottom of it.


    Jeff,

    Hello. Thanks for the reply, but call me stupid, I am not sure that I understand.

    What do you mean by "- If marked as ignore, then they aren't detected"? Do you mean that the Cookies checkbox is the Profile is unchecked?

    What do you mean by "- If marked as report, then they are deleted."? Do you mean that the Cookies checkbox is the Profile is checked?

    Regarding the AVG virus encyclopedia, glad to hear they wll be improving it. Say what you want about Symantec's AV product, but their online virus database/encyclopedia is excellent. Hoping AVG can at least get closer to them.

    Happy 4th!

    Lloyd

    Legacy Forum Name: KES,
    Legacy Posted By Username: lwolf
  • Thanks for clearing up my comments - you are correct in your interpretation.

    Legacy Forum Name: KES,
    Legacy Posted By Username: Jeff.Keyes
  • Yes, AVG is doing a poor job, at best, with their virus encyclopedia (or should I say Cliff Notes Smile

    Legacy Forum Name: KES,
    Legacy Posted By Username: ReedMikel