Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

SEP won't detect a malware again if SEP had blocked its malicious traffic for one time?

  • 1.  SEP won't detect a malware again if SEP had blocked its malicious traffic for one time?

    Posted May 07, 2020 01:36 PM
    Is this true? Because this is what Symantec support team keeps telling us that why a full scan cannot detect the malware on our servers.

    What happened was:  One day, SEP showed alert, saying that it had detected a malware on our servers. The action taken was "Access Denied".
    According to what Symantec support team said, "Access Denied" means SEP had not cleaned/quarantined/killed the malware. SEP only blocked that malware's traffic that was trying to connect to outside world.

    But later when we run full scan on our servers, on the so called "infected file", scan results said there was no malware. Symantec support team said because SEP had already taken action for the malware (blocked its traffic for one time), SEP will not detect it again in scanning.

    Is this true?? For real??

    So what now? How should we clean the malware? SEP won't help us do that?


  • 2.  RE: SEP won't detect a malware again if SEP had blocked its malicious traffic for one time?

    Posted May 12, 2020 07:54 AM
    Edited by ahleung May 12, 2020 07:54 AM
    Someone asked me by private message, so:

    SEP had showed this alert for a few times for different files. All those so called "infected files" were all .dll under C:\windows\ . Two of them were sysfer.dll and mscoreei.dll


    Original Message