Jump to content

Symantec Auto-Protect query

8lbbrown

By 8lbbrown
in Networks and the Internet

 Share

Recommended Posts

8lbbrown

8lbbrown

Posted
Posted

Running SAV 9.0 on a networked PC, user received the following notification while working on an excel file:

Symantec Anti-Virus Notification

Scan Type: Auto-Protect Scan

Threat: Bloodhound.Exploit.45

File: C:\Windows\Temp\~DF3B02.TMP

Location: Quarantine

Computer: xxxx

User: xxxx

Action Taken: Qaurantine succeeded: Access denied

Date Found: Sunday, 13 November 2005 14:52:39

As I understand auto-protect, this service scans files AS THEY ARE ACCESSED. (Opened, moved, copied, etc).

The user was working on an excel spreadsheet, there was no other activity on the pc. No other applications in use, and a virus scan was not in progress.

So what would have triggered an auto-protect notification? Does this mean that something else touched a file on the users pc?

Any help appreciated,

With thanks,


8lbbrown

8lbbrown

Posted
  • Author
Posted

Thanks eyeball - it certainly looks related...

But the spreadsheet is used daily (recently more than once) and has only triggered the one alert. I would have thought that every time it was used (it is used for the same tasks each time) that it would trigger the alert, for as long as the offending Symantec signatures were in use?

Also, there are no graphics in the spreadsheet, so I am scratching my head to see why excel would be creating emf files?

However, there has been no other suspicious activity since :yes:

Thanks for your help,

8lb

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...