Endpoint Protection

 View Only

  • 1.  Services..

    Posted Jan 19, 2010 03:43 AM
    Hi,

     Any idea about this service..C:\WINDOWS\system32\RemoteGetMacIDService.exe,is it malicious one ?


  • 2.  RE: Services..

    Posted Jan 19, 2010 04:08 AM
    Hi,

    I think you should submit this file to the Security Response team. If it is malicious file, definitions will be created for it.

    However, if you want to delete this file yourself, you can use the autoruns tool from windows and do that.

    Go to services in that tool and right click on the service you are looking for. There you have the option to delete a service.

    Aniket


  • 3.  RE: Services..

    Posted Jan 19, 2010 04:15 AM
    Please submitt the file to symantec security response
     
     
    The Symantec Security Response sample submission process'
     

    Security Best Practice Recommendations
     
     
     
     'The 5 Steps of Virus Troubleshooting'
     
     
     
     
     
     


  • 4.  RE: Services..

    Posted Jan 19, 2010 04:36 AM

    thz for your reply..i have submitted to symantec for anaysis..



  • 5.  RE: Services..
    Best Answer

    Posted Jan 19, 2010 05:08 AM
    Hi Subhi,

    Many thanks for submitting the suspicious file!  Security Response will examine it fully in due course.

    Until Security Response's analysis is available, there are a coupe of things that can be done: 

    The file can also be submitted to threatexpert.com.  That can generate an automated write-up, which may let you know about some specifics of what a suspicious file is trying to do.

    If you are confident that the file is malicious and wish to block its spread through your network, creating a policy with SEP's Application and Device Control can help.  How to use Application and Device Control to limit the spread of a threat.

    Thanks and best regards,

    Mick


  • 6.  RE: Services..

    Posted Jan 20, 2010 04:12 AM
    Many thanks Mick..