1. This is a “false positive” (FP)which is common with all AV vendors (2-3 per year, depending on the vendor). We get fewer of these to start with, and LDAV has been specifically architect to mitigate the damage of this sort of problem. (in this case, it appears that Symantec’s “heuristics” found the problem and mis-identified it as “bloodhound.unknown”.)

2. This FP only effects Symantec users, so users of LDAV would not have gotten bit by this.

3. In the rare circumstance where we might issue a FP, LDAV has a unique, patent-pending way of dealing with them, called “Pilot”.

a. AV Pilot automatically allows a few administrators to use new AV signatures for a certain time frame (4 hrs? 8 hrs? Other? Admin decides) before they get rolled out to the general population of the organization.

b. This means that only a few users would be impacted by the FP, and damage would be contained to those who know how to deal with it.

c. Administrators could halt the roll-out of the FP through the LANDesk console before major damage has been done to all their users

4. In addition, the LDAV console allows you to save previous versions of pattern files, and roll everyone back to those if necessary

5. Also, LDAV saves a copy of the “malware” (in this case, a legitimate program) in the “backup” folder. This means it is available to be restored to its original location once you have rolled back from the tainted pattern files.

6. The “heuristics” in LDAV are much better at catching new malware than Symantec (We have a 90% catch rate vs their 20% catch rate, and we don’t have lots of FP in the process – for more details see http://www.zdnet.com.au/blogs/securifythis/soa/Why-popular-antivirus-apps-do-not-work-/0,139033343,139264249,00.htm

7. This one of the best illustrations as to why an INTEGRATED MANAGEMENT and SECURITY SOLUTION ultimately provides you with a MORE SECURE solution.