I have a PC in our office that's running ESET NOD32 Antivirus BUSINESS EDITION Product Version 3.0.695. This morning the user clicked on an email link which caused Eset to flag a trojan warning. See below: Name Threat Action Information ~ Link removed~ a variant of Java/TrojanDownloader.Agent.NAL trojan connection terminated - quarantined Threat was detected upon access to web by the application: C:\WINDOWS\system32\svchost.exe. ~ Link removed~ » ZIP » Main.class a variant of Java/TrojanDownloader.Agent.NAL trojan ~ Link removed~ » ZIP » url.txt My problem is the trojan still executed and loaded Spyware on the users PC and I had to revert to a backup to get things working. Any idea why Eset didn't stop the load of the trojan? Why am I running Anti-virus if it can't stop this? Thanks for your help.
No security product will ever detect all new born threats from the very first moment and no product will ever have 100% detection of threats with a reasobable low number of false positives. Network administrators must take this into account and set up the appropriate policy on the mail server. I wonder why the user was able to receive such an attachment and run it, this implies insufficient security policy in their network environment. If possible, please submit the suspicious email to ESET per the instructions here or at least the link to the malware in question found in the threat log.
Please do not rely on just Nod32. Consider MBAM (if it will run) or prevx. Also, you need local policies too.