Video Screencast Help

SEP for vulnerabiliy of openSSL

Created: 21 Apr 2014 • Updated: 21 Apr 2014 | 6 comments
Milan_T's picture

Hi,

 

Recently disclosed open ssl "Heartbleed” Vulnerability may compromise security on thousands of sites. As per my knowledge Symantec endpoint protection manager with version 12.1 is not vulnerable but it's successor's can be compromised by this vulnerability. Also symantec has released version i.e. SEP RU 12.1.4a where this issue has been fixed.

 

Is their any why to utilize Symantec endpoint protection to protect other vulnerable products??

Operating Systems:

Comments 6 CommentsJump to latest comment

.Brian's picture

SEPM 12.1 RU4 MP1a has been released to close this hole, see here:

http://www.symantec.com/docs/AL1555

Also, they put out an IPS signature to help mitigate:

http://www.symantec.com/security_response/attacksi...

Please go thru this article as well:

Is Symantec Endpoint Protection affected by the Heartbleed OpenSSL vulnerability (CVE-2014-0160)

http://www.symantec.com/docs/TECH216558

You can use the SEP firewall as well to allow only the necessary traffic to pass thru

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

James007's picture

Symantec Endpoint Protection 12.1 Release Update 4 Maintenance Patch 1a (RU4 MP1a) has been released for the English version of our product and additional languages will become available throughout the week.

 
This document will be updated as the additional languages become available on Symantec FileConnect. Please see Obtaining the latest version of Symantec Endpoint Protection or Symantec Network Access Control for additional instruction on downloading this new update. This new version updates the Symantec Endpoint Protection Manager to 12.1.4104.4130 to address this issue. There are no updates to the client installation packages included with this release. This Symantec Endpoint Protection Manager update is a complete release and accepts migrations from any previous release of the Symantec Endpoint Protection 12.1 product line.
 
Note: In the installation media, the Versions.txt indicates that the SEP client version was updated as well. This is incorrect and the client versions included with this release are 12.1 RU4 MP1. Only the Symantec Endpoint Protection Manager version is updated to 12.1 RU4 MP1a

Symantec Endpoint Protection 12.1.4.1a is now available

Article:AL1555 | Created: 2014-04-17 | Updated: 2014-04-17 | Article URL http://www.symantec.com/docs/AL1555

See this thread

https://www-secure.symantec.com/connect/forums/symantec-endpoint-protection-version

 

pete_4u2002's picture

you should be using maximum features of SEP o mitigate risk. Like as above said IPS, Firewall, Application control, SONAR , Download Insight etc.

 

Milan_T's picture

Hi Pete_4u2002,

 

It would be great solution if all Symantec Customers can use Maximum Features of SEP also on web servers. But Due to certain business requirement or certain application collision with SEP or component of SEP this would not enabled on all systems. Most of the time SEP features on web servers / DMZ servers is not enabled like IPS, Firewall or SONAR. In that case such critical servers would be at high risk such as heartbleed.

Mick2009's picture

Hi Milan_T,

Definitely use the SEP client's optional IPS component.  There are signatures against exploits of the vulnerability.

 

These articles also may be of interest to you:

Heartbleed Bug Poses Serious Threat to Unpatched Servers
https://www-secure.symantec.com/connect/blogs/heartbleed-bug-poses-serious-threat-unpatched-servers

 

Heartbleed Poses Risk to Clients and the Internet of Things
https://www-secure.symantec.com/connect/blogs/heartbleed-poses-risk-clients-and-internet-things

also see: http://www.symantec.com/outbreak/?id=heartbleed

 

With best regards,

Mick

With thanks and best regards,

Mick

Mick2009's picture

Followers of this thread may be interested in attending Symantec's webcast on Tuesday the 29th.  The following blog post has all the details and a link to the registration page

The Heartbleed Bug: How to Protect Your Business
https://www-secure.symantec.com/connect/blogs/heartbleed-bug-how-protect-your-business

With thanks and best regards,

Mick

With thanks and best regards,

Mick