Norton Antivirus Coporate Edition- System Center Console

[TehITNinja]

I have a large scale network at a school district, and we have problems with Cain and Abel password hacking program. It installs a file called cain.dll and we wanted to add it to the threat list that norton will search for, however im not finding such a feature. Is this possible?

Can i add a file that all the clients and servers will look for upon next update/scan??

 

[glacierxx]

The only way is to keep the definitions up to date. NAVCE does not give you that option that I have ever heard of


"evil prospers when good men do nothing”

 

[dstcroix]

NAVCE is also not very good with trojans. You might want to consider a second layer of defense.

 

[darksasami]

What do you mean by "not very good with trojans"? NAVCE detects trojan files the same as virus files--in real time, when they hit the hard drive. It's always a bad idea to have two antivirus programs on one computer, because they step on each other and cause all kinds of unpredictable problems.

Now, if by a second layer of defense you mean a firewall, that's a good idea.

Hanlon's Razor: Never attribute to malice that which is adequately explained by stupidity.

 

[dstcroix]

Sorry I beg to differ, and any routine search for references to this will tell you the same, as will Symantec. It simply is not very good with trojans. It's a fact. Best practise is to have two layers of defense (an anti-spyware/trojan program as well as a virus program). Of course a firewall is a given but that will not stop a person from downloading inadvertantly from the internet.

While Symantec may be able to catch some trojans (research from the web indictates anywhere between 20 - 50 percent) it is not capable of catching the majority of them.

Lessons learned for me: when I have to go around to user's PC's because of a BHO I often discover various trojans that Symantec does not pick up because I use AVG to scan the system for trojans. The fact that Symantec did not detect any of these surely does not make it good for detecting trojans.

So in all due respect, I do believe a second layer for trojans is in order.

 

[darksasami]

http://www.microsoft.com/nz/athome/security/prevent/antivirus.mspx

"Tip: Two antivirus programs are not better than one. If you already have antivirus software but you'd like to try a different one, always uninstall the old program before you install the new one. Running more than one antivirus program at the same time may cause major conflicts."

The real problem is real-time scanning. Here's one of many scenarios that will happen. Antivirus software A goes to scan the hard drive while antivirus software B is monitoring the hard drive. A copies virus.exe into its temp folder for scanning. B grabs it, throws a flag, and sticks it in its quarantine. A can't find its file, so it copies it again. Repeat until crash. Another common scenario is false positives--when they're detecting each other's virus definitions. That's really only the beginning, though...the really bad ones are when both programs are hooked into low-level system calls and get into a fight there. Very hard to troubleshoot.

I don't know what you're detecting or where you're detecting it, and whether you're running real-time protection. I do know that Symantec is only just getting into the world of spyware detection, so if that's the sort of thing you are seeing it miss, that's very believable. The only thing I do know for a fact is that running multiple real time scanners is dangerous, because I've taken that support call too often.

Hanlon's Razor: Never attribute to malice that which is adequately explained by stupidity.

 

[dstcroix]

Hmmm..yes I can see the validity of your post re: two real time scanners. But that isn't the case here. The AVG I usually use as a second mode of detection and I use the scan there on the spot.

So far I have successfully run two anti-virus programs - AVG and Symantec for about 3 years and have had no problem (this is at home, and on my work PC). AVG scans on schedule so I don't think it would be classidfied as realtime.

The real problem started for me when I relied only on Symantec, not realizing that the ability to detect trojans was weak. Afetr serious computer degradation, and a nasty Brower hijacking, I discovered both HiJackThis and AVG. I ran AVG and it detected a RAT on my system, which it deleted. It detected the BHO but was unable to remove it, thus the use of HiJackThis.

i think it depends on what you are running, when, and for what reason.

Oh anything for user education!!! If only......

 

[RCorrigan]

Oh anything for user education!!! If only......

This is where the "Clue-by-four" comes in handy !!

<Do I need A Signature or will an X do?>