Lumension Endpoint Management and Security Suite (LEMSS) 7.2
Memory-resident viruses can evade detection mechanisms when:
- No Real-Time Monitoring Policy that provides on-access scanning protection is assigned to the endpoint.
- A packer that compresses and encrypts an executable file can hide the virus from on-demand scans (Scan
Now and Recurring Virus and Malware Scan).
- The virus was previously unknown and became known by a recent definition update.
- The malware sample uses an anti-heuristic technique.
- Malware is delivered using a heap-spraying technique on a browser or zero days exploit on a trusted process.
- Download the Norman Malware Cleaner (http://www.norman.com/downloads/malware_cleaner) and store it on a USB device.
- Reboot the infected endpoint into Safe mode.
- Run Norman Malware Cleaner scan from the USB device.
- On the Scan tab, select the Full scan mode and then click Start.
- Restart the endpoint when the scan completes.
The memory-resident virus is removed. If the endpoint is still infected, contact HEATsoftware support – the infection may be new or unknown and require an AntiVirus definition file update to assist in its removal. You may be asked to run a forensics tool or provide logs to aid in examining and discovering new threats.
After Completing This Task
Assign a Real-time Monitoring Policy to the endpoint.