Learn how to use the Threat Analysis Scan in SymDiag to determine which files on a computer may be malware.
This is helpful when you suspect or have evidence that malware is on a computer, but anti-malware software is not able to remediate it.
Run a Threat Analysis Scan
- Download SymDiag to your desktop.
- From your desktop, double-click SymDiag to launch the application.
- Accept the End User License Agreement (EULA).
- On the Home page, under Scans > Threat Analysis, click Start Scan.
- In the Threat Analysis Scan window, click Next.
The scan begins.
Note: If a connection to the Symantec Reputation database cannot be established, a link to a proxy configuration will appear You can run a scan without connectivity to the Symantec Reputation database; however, not all of the features available in the Threat Analysis Scan will be available. To learn more, see About the Threat Analysis Scan in SymDiag.
Review the Threat Analysis Scan results
If you run the scan with access to the Symantec Reputation database
Once the scan is complete, you will see a list of potential risks requiring further investigation.
- Copying files to one or more zip containers in preparation for submission to the Symantec Security Response online submission website.
- Removing files.
- Filtering the files.
- Examining data collected about the files.
Note: Unless otherwise instructed—if you are working with Symantec Support—do not remove any suspicious files unless you have copied the files into a zip container. Symantec Support may request that you submit suspicious files to the proper website so that they can be analyzed by Symantec Security Response.
WARNING: Do not send any suspicious files directly to a Symantec support agent, even if they are zipped and password-protected.
If you run the scan without access to the Symantec Reputation database (or you are working directly with Symantec Support)
- In the upper right corner, click the Save Report tab.
- Under File Information, click Browse.
- Navigate to a folder on your computer where you want to save the report.
- Click Save. SymDiag saves the file with the extension .sdbz.
Note: This file does not contain any copies of suspicious files, so it is safe to send directly to Symantec Support.
To complete a scan initially performed without access to the Symantec Reputation database
When you run a scan without connectivity to the Symantec Reputation database, Symantec recommends that you run SymDiag on a computer with access to the Internet to complete the scan.
- Copy the saved report with the .sdbz extension to another computer with Internet access.
- Open SymDiag on the computer with Internet access.
- Click File > Open Report.
- Open the saved report with the .sdbz extension.
- Click the Threat Analysis tab.
- Click Complete Report.
- Review the Threat Analysis Scan results and take the appropriate action as described earlier in this article.
For more information about SymDiag, see Download SymDiag to detect Symantec product issues.
Imported Document Id