cancel
Showing results for 
Search instead for 
Did you mean: 
uhaba
Level 7
Report Inappropriate Content
Message 1 of 3

Removal of search protect / conduit search via PAP?

I have been running into several endpoints with the search hijacker / toolbar searchprotect. I've found several write-ups for manual removal but would like to include this as an unwanted program and set it up for removal through policy. What is the best approach for setting this up for VSE through ePO policy? Here is a symantec writeup on it: http://www.symantec.com/security_response/writeup.jsp?docid=2014-063009-1324-99&tabid=3

2 Replies

Re: Removal of search protect / conduit search via PAP?

SInce that is a 3rd party application that is not a virus, McAfee will not detect as a virus. You could send the files to Labs but I think they will tell you the same. You could create AP rules to prevent 3rd party software to be installed.

I think to to the same with PUP is a bit more difficult as you need to know the files that are installed and then create a user detection for each file that it is a bit of work. Alternative, you can get the uninstall key from add/remove programs and send the unistallation via GPO.

Cheers,

exbrit
Level 21
Report Inappropriate Content
Message 3 of 3

Re: Removal of search protect / conduit search via PAP?

There's an excellent removal guide here:  http://malwaretips.com/blogs/remove-conduit-search-virus/ but not sure if it will help too much in the Enterprise environment.

It involves applying one 3rd party tool.