Hi guys, A lot of problems you are experiencing are just not so critical as protection "features".
1. Symantec still has a very low detection of Tidserv(currently TDL-4 ver.). In special cases this rootkit was only detected by IPS system(Anti-rootkit always fails to detect this). Further more, the Tidserv Removal Tool(FixTDSS) doesn't updated a lot and it is useless while removing 'fresh' samples. Symantec did nothing to the most prevalent and complex threat in USA.
2. Symantec team does not develop antivirus( I mean auto-protect) protection and removal against difficult malware (like TidServ, ZeroAccess, BlackEnergy and so on) into regularly updated Antivirus Engine from version to version. I mean that Symantec does not develop any algorithms which can remove the infection into threat removal engine.
3. NIS/NAV 2012 does not save the cloud-related info(trust level, prevalence, file hash) from files which are downloaded from Internet to Extended file attributes(EFA) database.
What do I mean? Lets do a little experiment. Take 2 files; first file will be the undetected by Auto-protect malware, the second one is an archive with the first file inside of it. Place those two files to the some Internet file hosting(like Rapider or any other) and after that try download and run both of these files.
What I experienced:
1. The first file was blocked by Insight(Download Insight part) technology as not trusted file. Its Ok.
2. Archive(within the same file) downloaded, unpacked and executed, and .... BAM - you are infected! Insight failed to scan this file-container because this is an archive. SONAR failed to stop this because ... this is SONAR. :)
Conclusion: NIS/NAV '12 has problems with synchronization and data sharing between its components... Sad but true.
Thanks for reading, and take care.
