Endpoint Protection

Hi All,

We are using SEP 12.1 RU3 . As per the qualys scan report we found vulnerable on few servers . But there is no activity detected on SEPM Reports or risk logs.

We need to block the vulnerable . Please advice

Are the SEPMs exposed externally? If not, risk is low.

See here which talks about adding workarounds:

Is Symantec Endpoint Protection affected by the Heartbleed OpenSSL vulnerability (CVE-2014-0160)

 Also, this thread has a lot of good info:

https://www-secure.symantec.com/connect/forums/openssl-bug

Also see this page:

Heartbleed Vulnerability
http://www.symantec.com/outbreak/?id=heartbleed

Also: if the SEP client defending the SEPM has its IPS component in place, this IPS signature will offer protection:

Attack: OpenSSL Heartbleed CVE-2014-0160 3

http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=27517

This signature was added in Security Update: 772 [Extended version: April 10, 2014 Rev: 012]

IPS is a crucial part of today's defenses.

Two Reasons why IPS is a "Must Have" for your Network

https://www-secure.symantec.com/connect/articles/two-reasons-why-ips-must-have-your-network

Hope this helps!

Mick

Hello Everyone,

SEPM 12.1 RU2 to SEPM 12.1 RU4 MP1 (inclusive) are vulnerable. They utilize OpenSSL 1.0.1.

Customers using an affected version should block general access to port 8445 on their SEPM to mitigate this vulnerability until a product update is available. 

Subscribe to this article to be notified of any changes to this article.

Is Symantec Endpoint Protection affected by the Heartbleed OpenSSL vulnerability (CVE-2014-0160)

http://www.symantec.com/docs/TECH216558

Hello,

Be advised about another type of attack exploiting the Heartbleed Vulnerability - Reverse Heartbleed - Security Response has posted a brief blogs about this already:

Heartbleed Poses Risk to Clients and the Internet of Things

https://www-secure.symantec.com/connect/blogs/hear...

Heartbleed – Reports from the Field

Heartbleed Bug Poses Serious Threat to Unpatched Servers

Hope that helps!!

Thanks you all for the valuable information

Happy to help. Please don't forget to close out the thread by clicking the Mark as Solution link for the most helpful post. You can also mark multiple posts as the solution by clicking the Request split solution link.

Thanks and take care

Brian

Symantec Endpoint Protection 12.1.4.1a is now available

Symantec Endpoint Protection 12.1 Release Update 4 Maintenance Patch 1A (12.1 RU4 MP1a) English has been posted to FlexNet!

https://www-secure.symantec.com/connect/blogs/symantec-endpoint-protection-121-release-update-4-maintenance-patch-1a-121-ru4-mp1a-english-ha

Hi,

Symantec Endpoint Protection 12.1 Release Update 4 Maintenance Patch 1a (12.1.4104.4130 - 12.1 RU4 MP1a) English has been released and is now available for customers to download on FlexNet. This new SEPM release addresses the OpenSSL “Heart Bleed” vulnerability. Additional language versions will become available throughout the week.

 Additional note that the Tech article has been updated with Directions to download the maintenance patch:
http://www.symantec.com/business/support/index?page=content&id=TECH103088
 
Please continue to check the product matrix and each product Tech note for up to the date information on other products.
http://www.symantec.com/outbreak/?id=heartbleed

Regards

Followers of this thread may be interested in attending Symantec's webcast on Tuesday the 29th.  The following blog post has all the details and a link to the registration page

The Heartbleed Bug: How to Protect Your Business
https://www-secure.symantec.com/connect/blogs/heartbleed-bug-how-protect-your-business

With thanks and best regards,

Mick