


How come Symantec is having trouble detecting this malicious file?

However here is a brief list of other AV engines that detected the threat. Our SEP with the latest rapid release didn't detect the malicious file. The Norton protection at Yahoo Mail service didn't detect the malicious file. Retrieved & Scanned: Monday morning at 8:49am.Here is another example of a FakeAV type malware which is pushing 3+ days old and Symantec still doesn't detect it even with this morning's rapid release definitions installed. I see instructions on how to hunt & remove the threat yourself but shouldn't the client already do that? I followed the suggested best practices with updating and that doesn't seem to help with the new threats. If I submit the file late in the afternoon, I'll download the rapid release definintion the following morning and the majority of the time it still fails to identify the FakeAV file. (6) I download the latest rapid release definition and it fails to identify the FakeAV file. The emails used to include which Rapid Release version to use but I haven't seen that detail included for some time now. (5) Anywhere from 15 minutes to several hours later, I get an email stating that they already have the malicious file profile within their rapid release definition. I'll eventually get an email with the details of the submission. (4) I upload malicious FakeAV files to the Symantec's submission premium site. I also test the file with a site that tests against 40 AV engines which includes Symantec. (3) I test the file with MalwareBytes with the latest defintinions. At the employee's workstation, I boot from a CD with the PowerEraser tools and supply it with the latestet rapid release definitions and it doesn't detect the issue. (2) I then download the latest rapid release definitions onto my investigative environment and perform a scan on the malicious file. (1) I test the file with my current official denfinitions on my invetigative environment (linux & windows) and perform a scan on the malicious file. When I come across a new FakeAV variant obtained from either as a malicious file attachment or a download file from a malicious URL, I run the following procedures
