EMEA Endpoint Management and Mobility Group (EMM)

 View Only

  • 1.  Virus is crating in network share drive-Scan engine for NAS device, it is infected

    Posted Jan 31, 2014 12:48 AM

    please suggest the solution for this.

     

    We have unix server we use that for file share purpose, I have been facing virus issue from last two weeks I can do just scan activity by network share drive but it is not usefully to me virus  is recreating again and again.

     

    Added

    it is not unix server.

     

    Scan engine for NAS device it is infected

    EMC version:- EMC VNX5300 (Unified) stoage box

    How to install CAVA for this.



  • 2.  RE: Virus is crating in network share drive-Scan engine for NAS device, it is infected

    Broadcom Employee
    Posted Jan 31, 2014 01:01 AM

    whats the unix version? can you use the SAV for linux?

    is scan detecting the threat?

     



  • 3.  RE: Virus is crating in network share drive-Scan engine for NAS device, it is infected

    Posted Jan 31, 2014 01:19 AM

    Not like unix but it is storage device we deployed all files there

    EMC VNX5300 (Unified) stoage box
     
    how can sav liux usfull this because it creating .exe file on that server
     
    scan detecting and deleting the files but not much usefully.


  • 4.  RE: Virus is crating in network share drive-Scan engine for NAS device, it is infected

    Posted Jan 31, 2014 05:08 AM

    Hi deepaknk,

    What exact threat is being found and deleted from that network share?  The SEP logs will tell you.

    Chances are that there is an infected computer which is connecting to that shared server and is constantly copying the malicious file up to it.  How many computers connect to that share?  Do they all have SEP defending them?  If so, have you checked that SEP is working on all those endpoints and all clients have their definitions up to date?

    You may be able to determine which computer is copying that malicious file up there by using the UNIX auditing features.  If not, you may need to use a process of elimination: isolating the UNIX box and then gradually connecting computers back to it. 

    Please keep this thread up-to-date with your progress!

    Mick



  • 5.  RE: Virus is crating in network share drive-Scan engine for NAS device, it is infected

    Posted Jan 31, 2014 05:09 AM

    By the way:

    Can a Symantec Endpoint Protection client be installed on Unix Servers?
    http://www.symantec.com/docs/TECH203874 
     



  • 6.  RE: Virus is crating in network share drive-Scan engine for NAS device, it is infected

    Posted Feb 05, 2014 05:34 AM

    sorry for unix server setence. it is just storage box they dont have any os for that box.



  • 7.  RE: Virus is crating in network share drive-Scan engine for NAS device, it is infected

    Posted Feb 05, 2014 06:09 AM

    Many thanks, deepaknk- what threat is being found and deleted?  Have you had any success identifying which infected computer(s) are continuously copying it there?

    Mick



  • 8.  RE: Virus is crating in network share drive-Scan engine for NAS device, it is infected

    Posted Feb 05, 2014 06:36 AM

    Here's an article on setting up CAVA:

    http://www.symantec.com/docs/TECH89267

    Note this uses Symantec Scan/Protection Engine, and not SEP.  The Protection Engine is a separate License/product.



  • 9.  RE: Virus is crating in network share drive-Scan engine for NAS device, it is infected

    Posted Feb 12, 2014 05:14 AM

    Hi deepaknk,

    Just wondering if your question has been answered or if there is anythign else you need?  The thread is still marked "needs solution."

    All the best,

    Mick



  • 10.  RE: Virus is crating in network share drive-Scan engine for NAS device, it is infected

    Posted Feb 12, 2014 08:15 AM
    Do you have any idea which account is being used to create the offending files? If you can change the password for that account, it should stop the spread of the virus.