About virus and security risks

Symantec Endpoint Protection
scans for both viruses and for security risks. Viruses and security risks can arrive through email messages or instant messenger programs. Often a user unknowingly downloads a risk by accepting an End User License Agreement from a software program.
Many viruses and security risks are installed as drive-by downloads. These downloads usually occur when users visit malicious or infected Web sites, and the application's downloader installs through a legitimate vulnerability on the computer.
You can change the action that
Symantec Endpoint Protection
takes when it detects a virus or a security risk. For Windows clients, the security risk categories are dynamic and change over time as Symantec collects information about risks. See:
You can view information about specific virus and security risks on the Symantec Security Response Web site.
Viruses and security risks
Programs or code that attach a copy of themselves to another computer program or file when it runs. When the infected program runs, the attached virus program activates and attaches itself to other programs and files.
The following types of threats are included in the virus category:
  • Malicious Internet bots
    Programs that run automated tasks over the Internet. Bots can be used to automate attacks on computers or to collect information from Web sites.
  • Worms
    Programs that replicate without infecting other programs. Some worms spread by copying themselves from disk to disk, while others replicate in memory to reduce computer performance.
  • Trojan horses
    Programs that hide themselves in something benign, such as a game or utility.
  • Blended threats
    Threats that blend the characteristics of viruses, worms, Trojan horses, and code with server and Internet vulnerabilities to initiate, transmit, and spread an attack. Blended threats use multiple methods and techniques to spread rapidly and cause widespread damage.
  • Rootkits
    Programs that hide themselves from a computer's operating system.
Programs that deliver any advertising content.
Messages that Web servers send to Web browsers for the purpose of identifying the computer or user.
Programs that use a computer, without the user's permission or knowledge, to dial out through the Internet to a 900 number or FTP site. Typically, these numbers are dialed to accrue charges.
Hacking tools
Programs that hackers use to gain unauthorized access to a user's computer. For example, one hacking tool is a keystroke logger, which tracks and records individual keystrokes and sends this information back to the hacker. The hacker can then perform port scans or vulnerability scans. Hacking tools may also be used to create viruses.
Joke programs
Programs that alter or interrupt the operation of a computer in a way that is intended to be humorous or frightening. For example, a joke program might move the recycle bin away from the mouse when the user tries to delete an item.
Misleading applications
Applications that intentionally misrepresent the security status of a computer. These applications typically masquerade as security notifications about any fake infections that must be removed.
Parental control programs
Programs that monitor or limit computer usage. The programs can run undetected and typically transmit monitoring information to another computer.
Remote access programs
Programs that allow access over the Internet from another computer so that they can gain information or attack or alter a user's computer.
Security assessment tool
Programs that are used to gather information for unauthorized access to a computer.
Stand-alone programs that can secretly monitor system activity and detect passwords and other confidential information and relay it back to another computer.
Stand-alone or appended applications that trace a user's path on the Internet and send information to the controller or hacker's system.