How to view the threat list on Endpoint security products

book

Article ID: 157481

calendar_today

Updated On:

Products

Endpoint Protection Endpoint Security

Issue/Introduction

Is there a way to display all of the threat names which a Symantec endpoint security product detects?

Resolution

Follow the steps in each product section to see the threat list.  Details on the threat families listed can be found on the Security Response online site. 

 

Symantec Endpoint Protection (SEP) on Windows

  1. In the client, on the Status page, next to Virus and Spyware Protection, click Options > View Threat List.
  2. A Detectable Risk List window opens, displaying a list of all detections for this component in the current definition set.
    • Note: You cannot export or search this list and it may take some time to fully generate.

 

Symantec Endpoint Protection on Macintosh (SEP for Mac)

  1. Open SEP for Mac through the menu bar icon, or via Applications > Symantec Solutions > Symantec Endpoint Protection.
  2. In the menu bar, click Tools > Virus Definition Information.
  3. The Virus Definitions Info window opens, displaying a list of all detections in the current definition set.
    • Note: You cannot export this list.

To search the list for a specific threat or threats, enter some or all of a threat name next to Display names containing. The list updates as you type.

For specific information on a detection, click that detection's name, and then click Learn More. This action opens a new window with information from Security Response.

 

Symantec Endpoint Protection for Linux (SEPFL)

  1. Open a terminal (command line interface) and navigate to the SEP directory. The following is the default installation location.‚Äč
    • cd /opt/Symantec/symantec_antivirus
  2. Type ./sav info -t and press Enter to display the list within the terminal window.
  3. To save this list to a text file, type ./sav info -t > ~/risklist.txt, and then press Enter.
    • This will save the text file risklist.txt to your user directory.

 

Important Note 

 

Given the amount of malware currently in circulation, Symantec recommends protecting every endpoint in an enterprise network (server, laptop, desktop, embedded point-of-sale (POS) and mobile device) with an up-to-date client. It is not sufficient to install an endpoint security program on one server with the expectation it will keep all its clients protected. It is also extremely risky to run LiveUpdate less often than once per day.

Essential information from Symantec Security Response can be found in the article Symantec Endpoint Protection – Best Practices.

 

Technical Information

Will SEP for Mac detect and remediate only threats that are designed to target Macintosh computers? Will SEPFL only detect and remediate Linux threats?

  • SEP on Windows will detect all known Linux threats, Windows threats, and Mac threats
  • SEP on Mac will detect all known Linux threats, Windows threats, and Mac threats
  • SAVFL on Linux computers will detect all known Linux threats, Windows threats, and Mac threats.

For example: if an organization has a file server that is running Linux and is defended by SEP for Linux, that server can block threats that target the environment's Windows clients.