We use Symantec Endpoint Protection (SEP) which works very well in our small business environment. However, I have 2 users that seem to perpetually get browser hijacked and infected by various anomolies. Combofix/MAB typically resolves them. I m pretty sure its basic browser hijacking as they usually report going to very legitimate sites (google, NY Times, Forbes, TVGuide) when they get tagged. I have reviewed all thier visit logs and have some site logging apps and they really are not going anywhere negative like porn sites or music sites, etc.
I really dont want to go totalitarian on this as we like to treat people like adults. These users have been educated and pretty embarrased it keeps happening to them and that they are liekly being monitored - so I am pretty sure they are not doing anything elicit. But they keep getting hijacked and infected. And since no other users in the system have this issue Im wondering what Im missing.
We do run concurrent spyware apps alongside SEP, because again SEP works very well and no other users affected.
Considering running something drastic like e-blaster to monitor keystrokes and visited sites but my logs are already pretty through and I can tell by date that they are not flushing history or cache.
And I did read: http://www.bleepingcomputer.com/forums/topic2520.html
And I can see why those measure are important but the fact that its only 2 users, while the other 50 machines are fine, keeps me from going to that level on all our machines. Maybe just on thiers.
Anyway, any thoughts appreciated.