NOD32 Business has missed two threats in the past two weeks

Discussion in 'ESET Endpoint Products' started by Razzle69, May 25, 2012.

Thread Status:
Not open for further replies.
  1. Razzle69

    Razzle69 Registered Member

    Joined:
    Jul 14, 2011
    Posts:
    3
    We have had two different computers infected with the Win32/Olmarik.TDL4.trojan over the past two weeks. At least one was caused by a user clicking a link in an email. NOD32 is unable to remediate this threat in any way. I have to rely on other company tools to remove the infection. Even the standalone Eset malware remover for this trojan does not find it.

    Why isn't nod32 able to catch and/or remediate this infection? I have the exchange agent installed on the exchange server, and all of the clients are up to data with mail scanners active. How is this getting missed?
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I'd suggest emailing ESET's viruslab as per the instructions here and providing them with the scan log.
     
  3. Razzle69

    Razzle69 Registered Member

    Joined:
    Jul 14, 2011
    Posts:
    3
    OK, i have exported the offending email the user said that they got the trojan from, and have sent that and the logs to eset for analysis. Meanwhile, i am trying to find out how to protect from this going forward.
     
  4. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    Don't give users admin rights on systems, run DEP in OptOut mode, enable SEHOP, upgrade to Windows 7 and Nod32 v5 if possible, run a WSUS server to verify that OS/Office updates are being installed, and come up with a mechanism to get software updates to the major infection vectors pushed to systems (Acrobat, Flash, Java, etc).
     
Thread Status:
Not open for further replies.