One of the users at work running Norton AV 2011, with current definitions and real time protection, clicked on one of those "your package from Fedex couldn't be delivered...." emails, and got infected with what was apparantly Trojan.Spy.ZBot.  He said Norton did pop up with alerts, but it didn't stop the infection.  He had a Microsoft Standalone System Sweeper CD, so he booted to that, that's what reported it as Trojan.Spy.ZBot.

But my question is really: Why doesn't Symantec products stop this virus from infecting in the first place, when a person has up to date definitions and real time protection?  Espcially since it did apparatly detect it, just not stop it.  Another person at a different workplace where they use Symantec endpoint protection got infected with the same thing, again, with up to date virus definitions.

I realize that the user needs to have some responsiblity, but try telling that to your boss when he asks why the antivirus product didn't stop the infection?  Boss says "what's the use of having it at all, then".

thanks, John