- Feb 1, 2013
That was my exact point I was trying to communicate! it's the only con of the product. Maybe the components do not communicate well with each other.Sometimes due to the IPS block, the program can’t continue with its malicious behaviour and this is the reason why it’s not picked up by other components.
This can be observed with other anti-bot components such as the Avast Resident Shield, Bitdefender Online Threat Defence, CheckPoint/ZoneAlarm Anti-Bot and others that block malicious traffic.
I am not sure what’s the reason for Symantec/Norton not to remediate programs instantly once they’ve generated an IPS-detected traffic, as far as I remember, Kaspersky System Watcher and Avast instantly remediate programs if there is traffic to a suspicious host. That, plus the program not being widely used and signed should be a clear evidence that it shouldn’t be left.
That’s one thing they really need to look at. For example CheckPoint can be configured to start incident remediation straight away.
Nevertheless, the traffic is blocked so it can’t do its harm. Power Eraser scan is advised to clean the infection. They should just start a background scan with it and remove everything.
I am not a product manager there sadly.