We're using Symantec Endpoint Protection Small Business Edition 12.0.1 with 2003 server and xp pro, all 32 bit. We have one particular machine that has detected (twice now) the virus called FileDate.11.537. According to the logs, both times it was detected about 1 or 2 minutes after a definition update. Here is some information ...
Detection 1)
(Logged in the central management console)
12/20/2012 - 3:13 AM
Detected file ...
C:\documents and settings\all users\application data\symantec\liveupdate\9.product.inventory.liveupdate
Detection 2)
(Local Logs only. Not logged in the central management console)
1/16/2013 - 4:08 AM
Detected file ...
c:\windows\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB2387149.cat
I cannot find any signs of infection. This is a rare virus, with very little information available online. It has been mentioned that this virus is not in the wild. One trait of this virus is that it renames the date stamps of some files to a date of August 17, 1991. I've used windows search and cannot find any files with this date stamp. I'm really not sure what else to even look for.
To be safe, I have brought in all windows updates, and updates to flash, java, reader, etc. I also did a manual live update on each machine and rebooted. I've done full scans with Symantec Endpoint Protection and the Eset online scanner. Both came up empty.
--> My question is what should I do about this? <-- I'm assuming this is a recurring false positive, considering the files detected, the time of detection, the time after the definition update, the fact that only 1 machine is affected, that this virus is not *supposed* to be in the wild, and that all full scans have come up empty.
--> What should I look for as symptoms of this virus? <--
Also, I thought we were entitled to a free support incident or two with our license. Is that true? If not, how much does a support incident like this cost?
Again, my overall question is what to do about this. I can find very little information on this virus, so I'm not sure what to even look for. Do I chalk this up to a recurring false positive (all scans came up empty) or should I be doing something else?