



Symantec Endpoint Protection clients use Intrusion Detection System (CIDS) to retrieve information about files being accessed.įor more details on WS.Reputation.1, refer to the following link: It is a protection technology based solely on the reputation of files (No signature or behavioral analysis is performed by Download Insight). sys) when they are downloaded through or launched by a portal application. The Download Insight feature of Symantec Endpoint Protection scans all Portable Executable (PE) and MSI files (including. Symantec Endpoint Protection just uses the existing reputation of the file to inform that very few users are using this file in their community. Symantec Endpoint Protection incorrectly reports this as warning. PatchSetup.exe is signed by a valid Veritas Technologies LLC certificate and it can be safely installed. After running a report, we find that SEP has blocked the domain 195.22.28.222 Users started noticing Malicious domain attack pop ups on their computers.Symantec Endpoint Protection displays the WS.Reputation.1 warning while installing Veritas System Recovery Service Pack using patch for PatchSetup.exe and UpdatePatchUpgradeInfo.exe files. Symantec is blocking the attack but we are not seeing anything locally.

We still have all machines trying to ping out to that address using local rescources. Task Scan is Clean as well on any of the affected hosts:Īs per firewall report - see the local file trying to connect to remote host. My Company\Corelogic\General User - USB CD Disabled Traffic has been blocked for this application: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Traffic has been blocked for this application: C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\CLICKTORUN\OFFICECLICKTORUN.EXEĤ0A73317AC3ADC9236338920FF106CEB9844AF15295F02D6F85A9427D1DAC01DĬ:/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/CLICKTORUN/OFFICEC2RCLIENT.EXEĤ7FFE729F666E6D19EADDD771E166F1BE2B055C47D1B8507761106CF5F2BE2DE Malicious Site: Malicious Domains Request Malicious Site: Malicious Domains Request attack blocked.
