Endpoint Protection

 View Only
Back to Library

How virus and spyware scans work in SEP 12.1 

Aug 11, 2011 03:38 PM

How virus and spyware scans work in SEP 12.1?

 We all know that going forward with SEP 12.1 Antivirus and AntiSpyware has been renamed to Virus and Spyware. Now the question arises how does How virus and spyware scans work in SEP 12.1?

 

Virus and spyware scans identify and neutralize or eliminate viruses and security risks on your computers. A scan eliminates a virus or risk by using the following process:

 ■ The scan engine searches within files and other components on the computer for traces of viruses within files. Each virus has a recognizable pattern that is called a signature. Installed on the client is a virus definitions file that contains the known virus signatures, without the harmful virus code. The scan engine compares each file or component with the virus definitions file. If the scan engine finds a match, the file is infected.

 ■ The scan engine uses the definitions files to determine whether a virus or a risk caused the infection. The scan engine then takes a remediation action on the infected file. To remediate the infected file, the client cleans, deletes, or quarantines the file.

 

Selected files: The client scans individual files. For most types of scans, you select the files that you want scanned.

The client software uses pattern-based scanning to search for traces of viruses within files. The traces of viruses are called patterns or signatures. Each file is compared to the innocuous signatures that are contained in a virus definitions file, as a way of identifying

Specific viruses.

 If a virus is found, by default the client tries to clean the virus from the file. If the file cannot be cleaned, the client quarantines the file

to prevent further infection of your computer. The client also uses pattern-based scanning to search for signs of security risks within files and Windows registry keys. If a security risk is found, by default the client quarantines the infected files and repairs the risk’s effects. If the client cannot quarantine the files, it logs the attempt.

 Computer memory

The client searches the computer’s memory. Any file virus, boot sector virus, or macro virus may be memory-resident. Viruses that are memory-resident have copied themselves into a computer’s memory. In memory, a virus can hide until a trigger event occurs.

Then the virus can spread to a floppy disk in the disk drive, or to the hard drive. If a virus is in memory, it cannot be cleaned. However, we can remove a virus from memory by restarting our computer when prompted.

 Boot sector

 The client checks the computer’s boot sector for boot viruses. Two items are checked: the partition tables and the master boot  record.

 

USB Drive/ External Drive:

 A common way for a virus to spread is through the USB drive. A USB drive might remain in a disk drive when you start up or turn off your computer. When a scan starts, the client searches the boot sector and partition tables of a USB that is located in the disk drive. When we turn off our computer, we are prompted to remove the disk to prevent possible infection.

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Migration User
May 04, 2013 10:06 PM

Thumps Up too :)

Migration User
Jan 16, 2012 03:08 PM

thumb up

Migration User
Jan 08, 2012 10:41 PM

I was searching about How scan works, and found this article. It is a good article to read but there is  a question that is not answered, how is it diffrent from SEP 11.0 or any other any other Scan or any other Anti Virus.

Migration User
Dec 22, 2011 05:31 AM

Really helpful... Thank u

Migration User
Nov 22, 2011 05:28 AM

Voted up.....

Migration User
Oct 23, 2011 08:59 AM

Dear Prachand,

I would suggest a comparison chart in the inner workings of SEP 11 vs SEP 12 along with some slideshow/video which would be more easier for beginners to understand too.

Migration User
Oct 11, 2011 10:06 AM

Hello,

I too don't understand what is so different in scaning??

Migration User
Sep 23, 2011 12:53 PM

Useful data. Thxs for updated.

Migration User
Aug 18, 2011 12:29 PM

https://www-secure.symantec.com/connect/articles/my-first-impression-symantec-endpoint-protection-12x

Migration User
Aug 17, 2011 11:32 PM

There are quite a number of enhancements to the SEP's security stack.  These include:

1.  Insight - reputation lookup.  Insight compares a hash of each file against a database of known files - both good and bad.  The insight database knows the first time each file has appeared among our users, its prevelance and other security metrics.  This  helps identify rapidly mutating malware (after all, only malware mutates).  It also reduces false positives, improves performance and allows policies to be set on application use based on the actual threat level of applications.

2.  SONAR - real-time behavioral monitoring of code.  SONAR is a replacement of truscan.  It looks at hundreds of behaviors, identifing patterns indicitive of malicious behavior.  Sonar uses 3 inputs - Artificial Intelligence-based Classification Engine, Human-authored Behavioral Signatures and Behavioral policies to block new and previously unknown threats.  SONAR has been in use in our consumer products for a couple of years - but it has been continiously improved

3.  Browser protection -

•Monitors web pages as they’re rendered in the browser, blocking obfuscated attacks at render-time
•Intercepts: Browser script API calls

4.  Generic “signature-less” exploit protection for browsers against 0-day attacks

3.  Enhancements to our protocol aware IPS technology which decomposes and “deep-packet” scans all network traffic, blocking attacks before they can compromise the machine.

This subject deserves a more complete post - but this at least will give a quick overview of the new securitiy tech in SEP 12.1.  The bottom line is that it is significantly more effective then previous versions of SEP - and in real-world tests by AV-Test.org and Dennis Labs it has proven itself more effective than competitors. 

 

 

Migration User
Aug 16, 2011 05:31 AM

Yes Indeed. _Swami_ raises a valid point. What has actually changed compared to SEP 11 when for example installed on a stand-alone physical workstation? What new tricks does it do?

Migration User
Aug 12, 2011 02:16 AM

How is it different in SEP 11?

Related Entries and Links

No Related Resource entered.