SymHelp provides access to two threat analysis tools that can be
used to help identify potential malware on a system where
anti-malware software is unable to detect it. Both tools make use
of Symantec Power Eraser technology to identify potential malware
by examining load points or by directly examining executable files
in directories commonly used by malware. The files are rated based
on heuristics and on collected reputation data (Symantec Insight)
when there is an internet connection available. Since there is a
chance of a false positive identification with this technology,
users should review the information provided in the tool's reports
prior to determining whether or not to remove them. These tools are
available in the Threat Analysis Tools section of the Home
page.
The following two threat anaylsis tools are available:
Symantec Power Eraser Symantec Power Eraser identifies
potential malware and provides the option to remove suspected
malware files. Additional root kit detection is also available in
this tool. Once removed files can be restored if it is determined
that they were removed in error. Information regarding files
selected for removal is delivered to Symantec.
Symantec Power Eraser requires internet access in order to
run.
Load Point Analysis Load Point Analysis identifies
potential malware and provides detailed information regarding the
files examined. This can aid in the user's determination of which
files are potentially malware and which might be known applications
permitted on the system. Additionally, users can specify files and
folders to scan. Files identified as suspicious should be submitted
to Security Response for further examination.
Load Point Analysis does not require internet access on the system
on which the tool is run. Internet access on an uninfected machine
can be used to gather reputation information on files scanned on a
potentially infected machine that has had its internet access
blocked until remediation can be established.