Endpoint Protection

 View Only

Symantec Power Eraser using Symantec Help (SymHelp) Tool. 

Mar 08, 2013 06:38 AM

Hello,

The Symantec Power Eraser is aimed at the detection and clean-up of "zero-day" threats as well as other threats which may have infected the user’s system. Zero-day threats are those that take advantage of a newly discovered hole in a program or operating system before the developers have made a fix available – or before they are even aware that a hole exists.

NOTE: It is recommended to have an Internet connection when using SymHelp and Symantec Power Eraser. This would assist in downloading the Latest Version of SymHelp and Latest Power Eraser Definitions when running Symantec Power Eraser. Incase, there is no Interent connection, Power Eraser would use the default definitions which are available with the SymHelp Tool.

To Remove a Threat Using Symantec Power Eraser

1. Start your Symantec Help Tool. Download Page: The Symantec Help (SymHelp) Tool

2. Upon installation of Symantec Help Tool, select "Symantec Power Eraser" as shown in the diagram below.

1_power_E.JPG

 

3. Symantec Power Eraser GUI gives us following options: 

  • Scan for Risks - additionally available for selection is "Include a Rootkit Scan" - this will require a reboot.
  • History - where we can check results of previous Power Eraser sessions, you can as well recover from here files that were previously detected
  • Settings - enables to selected "Include a Rootkit Scan" option and set up a network configuration.

 

4. When the scan completes, note what files were identified (some legitimate files may be identified) and select any suspicious programs you wish to remove and click Fix (this will cause the system to reboot). You may wish to select to save a copy of the log records to the desktop.

5. Have the user continue to operate their computer and perform any specific behaviors that would normally cause the symptoms to appear.

 

 

To Undo a Change Threat Using Symantec Power Eraser

1. Launch the Symantec Help Tool and select Symantec Power Eraser.

2. Click History

3. Select the Session you want to restore and click on "Restore".

 

 

FAQ

  1. Is Symantec Power Eraser (SPE) safe to use on a windows server?
    • Yes.
  2. What ports need to be open?
    • We recommended that in order to get SPE to work on a restricted network, you will need to open all http and https traffic from *.symantec.com and *.norton.com.
  3. When should I use the product in safe mode with networking vs. regular mode?
    • The tool should be run in normal mode first. Some threats block the tool from running in normal mode or block all exe files from running. In these cases, a second attempt should be made by running the tool in safe mode with networking.
  4. What threat families is the tool most effective at remediating?
    • SPE is effective against known and unknown threats with the exception of file infectors.

Consider Using Symantec Power Eraser when:

You have an outbreak on a small number of workstations or windows servers
The user describes symptoms of Fake/Rogue AV such as:
  • A reoccurring pop up notification
  • Alerts indicating that they are infected
  • Prompts to register (buy) the solution
  • Fake Blue Screen Of Death messages
Important to note - Symantec Power Eraser:
  • Is not a solution to be deployed or implemented on large scale outbreaks.
  • Is not a replacement for regular daily AV scanners.
  • Will go through the process of rebooting the machine up to 2 times if it suspects that the machine is infected with malware, using the remediation workflow.
  • Will not protect against re-infection. Users should verify that their Symantec product is receiving updated virus definitions. This will ensure they are protected.

The Benefits of Running Symantec Power Eraser

  • Expedites your helpdesk team process by using Symantec Power Eraser as a first response remediation tactic.
  • Reduces employee downtime by allowing users to return to work more quickly.
  • Requires no backup and restoring of files as compared to the reimaging of systems.
  • Common alternatives such as either individual threat remediation with threat specific remediation tools, or reimaging of the workstations and restoring files require more time and decreases productivity of the helpdesk team and the impacted employee.

 

Statistics
0 Favorited
6 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Jul 24, 2015 09:11 AM

New article on this topic now available!

 

Using Today's SymHelp to Combat Today's Threats
https://www-secure.symantec.com/connect/articles/using-todays-symhelp-combat-todays-threats

Feb 11, 2014 09:09 AM

Linking this article, which has a video on the topic:

How to run Symantec Power Eraser with the SymHelp utility
Article URL http://www.symantec.com/docs/TECH203683

Sep 12, 2013 01:58 PM

Great article.  Very informative.  I have not used Power Eraser before, but will have to try it if the need every arises.

Sep 10, 2013 05:37 AM

Just adding a couple cross-references that may be of interest to those usign Power Eraser:

About Symantec Power Eraser
http://www.symantec.com/docs/TECH134803

Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.
https://www-secure.symantec.com/connect/articles/using-symantec-help-symhelp-tool-how-do-we-collect-suspicious-files-and-submit-same-symante

 

Jun 03, 2013 08:28 AM

Nice Article.wink

May 21, 2013 06:49 AM

HI, 

Nice one.

 

Apr 01, 2013 01:38 PM

Thanks Mithun for the Wonderful Article.

Mar 20, 2013 11:59 PM

Hi Mithun,

Nice Article to help us while working on SEP to remove threat.

Thanks once again.

Related Entries and Links

No Related Resource entered.