Threat Analysis Scan replaces Symantec Power Eraser
In SymDiag version 2.1.22 and later, running a Basic scan in the Threat Analysis Scan while the reputation database is available is equivalent to running Symantec Power Eraser. To learn more about the Threat Analysis Scan see:
TECH215550: 'About the Threat Analysis Scan in SymDiag'
TECH215519: 'Identify suspicious files with the Threat Analysis Scan in SymDiag'
Using Today's SymDiag to Combat Today's Threats
Symantec Power Eraser is designed to complement mainline antivirus applications by detecting and remediating specific types of threats:
- New variants of existing threats that are not detected by the current definition sets
- Fake antivirus applications and other rogueware
- Rootkits
- System settings that have been tampered with maliciously
Because Symantec Power Eraser uses aggressive methods to detect these threats, there is a risk that it can select some legitimate programs for removal. Use standard antivirus applications and troubleshooting techniques first; if they do not remove all of the threats, use Symantec Power Eraser.
Symantec Insight
Symantec Power Eraser uses Symantec Insight to help identify if a file can be trusted. Symantec Insight is a reputation based rating system that is available to Symantec products as an online (cloud) service. For this reason Symantec Power Eraser must be run on a system that is connected to the internet. For more information see Symantec Insight.
Definitions
Symantec Power Eraser uses heuristic techniques to help identify potential malware. These heuristic techniques are defined in a set of updatable definitions. Symantec Power Eraser downloads the latest definitions automatically when you run it. The current definitions are version 4/28/2014 r880.
Scanning Other User Profiles (New Feature)
Sometimes a user cannot log into a system because undetected malware is causing the startup process to fail. If the potential malware is only using load points associated with that user then it is necessary to scan that user’s load points to find that malware. Symantec Power Eraser now has the capability to scan user profiles other than the user profile that is currently logged into the system. To access this feature, prior to starting the scan go to the Settings dialog and check the box for 'Scan other user profiles'. This will add the scanning of load points in all other user profiles on that system to the scan.
Analyzing Load Points Offline
Symantec Power Eraser requires that there is an internet connection on the system so that it can make use of Symantec Insight reputation information in its report. Load Point Analysis uses Power Eraser technology to scan the most common load points and provides a list of suspected malware similar to Symantec Power Eraser. But while Load Point Analysis uses Symantec Insight and other file checks to score the trustworthiness of a file, it can be run on a system without an internet connection. If the report is saved to disk, the resulting .sdbz can be opened in SymDiag on another system with internet access and the Load Point Analysis report completed with Symantec Insight reputation information.
Power Eraser and Autoruns
Autoruns is a SysInternals utility that scans load points and displays detailed information about how those load points are configured to start applications automatically. Power Eraser checks all the same load point/"auto-starting" locations as Autoruns..
References
