Symantec Endpoint Protection - Detecting and Removing Spyware

This document describes what to do if Symantec Endpoint Protection (SEP) detects spyware.

Symantec Endpoint Protection includes the ability to scan for, detect, and remove spyware and viruses. This feature is included in File System Auto-Protect, and is enabled by default. When Auto-Protect detects spyware or a virus, all threats will be displayed in the scan window. 

To remove the viruses or spyware found: 

1. Click Remove Risks Now.

2. If you are prompted about terminating processes or applications, click Yes.

3. A list of the items that have been quarantined will be displayed. You can highlight multiple risks by clicking the first risk, then holding the shift key while you click the last risk. Once all of the items have been selected, click Delete to delete the items.

4. A confirmation for deletion of the risks will then display on the screen. When prompted, click Yes.

5. Finally, a clean quarantine window should appear once all threats have been successfully removed. 

You will also want to run a full system scan to verify that all spyware files were detected and properly removed. You can find full instructions to do so at Symantec Endpoint Protection (Win) - Running a Full Virus Scan

If any Risks are detected, you will want to check Quarantine again.

Some ad sponsored applications will attempt to reinstall their spyware components automatically on reboot. You may need to uninstall some applications and repeat the above steps to permanently remove the spyware.

See Also: