Endpoint Protection

I'm running 2 SEPM consoles with one database, both consoles are 12.1.4. One of the consoles have the Open SSL vulnerability. How do I fix this and will this affect anything?

Upgrade to 12.1.5 where it was fixed

https://www-secure.symantec.com/connect/forums/sep-121-mp4a-12140234080-vulnerable-heartbleed

I would rather not, is there another way? and why only one of the consoles not both?

Should be an IPS signature for it

http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=27517

http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=27539

I dont see a fix in there

The fix is to upgrade.

The bandaid is to enable the IPS component and let it stop and potential attacks.

Hello,

Check this Article:

Is Symantec Endpoint Protection affected by the Heartbleed OpenSSL vulnerability (CVE-2014-0160)

http://www.symantec.com/docs/TECH216558

Below I have listed options to mitigate the vulnerability.

1. Upgrade OpenSSL to version 1.0.1g which should update to the latest fixed version of the software (1.0.1g)

http://www.openssl.org/source/

(steps 2 it is workaround to protect the SEPM until a patch is released for the SEPM)

2. Block off port 8445

To temporarily mitigate the vulnerability before you upgrade the Symantec Endpoint Protection Manager console, you can block the affected port with a firewall rule. However, if you block the port, the management console loses specific functionality. You should review the implications prior to implementation.

Note: The port mentioned below is the Symantec Endpoint Protection Manager default port. If you have changed the communication port, please alter the firewall rules appropriately.

Steps: Add a firewall rule to block the specific port on the computer on which you installed Symantec Endpoint Protection Manager. This firewall rule should apply to all hosts and all applications.

To confirm that the rule applied successfully, simply telnet to the port. If the rule is configured correctly, the firewall successfully blocks traffic and does not permit a connection on the port.

Note: For instructions on creating a firewall rule using the Symantec Endpoint Protection client, please see HOWTO81156: Adding a new firewall rule. If you configure the policy from the Symantec Endpoint Protection Manager, you will need to wait for the policy to propagate to the Symantec Endpoint Protection client installed on the SEPM server prior to testing. To force the SEP client to download the modified policy immediately, right-click the SEP system-tray icon and click Update Policy.

Implications: If an administrator logs in to the SEPM with port 8445 blocked, the first three reporting tabs (Home, Monitors, and Reports) will not display in the Remote Java console. Blocking port 8445 will deny access to the Remote Web Console as well. Administrators may configure firewall rules to allow access to port 8445 or 443 from explicit hosts, IP addresses, or IP address ranges to enable these features.

FIPS mode: FIPS mode utilizes port 443 for client/server communications. If FIPS mode is enabled, port 443 should be restricted. Blocking port 443 will deny communication to/from all clients that are in FIPS mode. Administrators may configure firewall rules to allow access to port 443 from explicit hosts, IP addresses, or IP address ranges to enable these features.

The following blog post has all the details and a link to the registration page

The Heartbleed Bug: How to Protect Your Business
https://www-secure.symantec.com/connect/blogs/heartbleed-bug-how-protect-your-business

Regards,