Endpoint Protection

We keep failing our PCI compliance scans because of weak ciphers and SSL connections.  Those are disabled on the server in the registry file however Symantec Scan Engine 5.2 opens the admin port and accepts weak ciphers which is what triggers the failure.

How do we disable those weak ciphers on the Symantec admin port?

I assume you're referring to the quarterly external scans and not those of an internal scan.

Someone else reported the same problem and didn't come up with a solution.

I'm not familiar with this product, but the PCI external scans are testing for what the outside world can see of your network. Some might be tempted to block connections to the inscure port from untrusted IPs.  Though that probably depends on exactly how you use Symantec Scan Engine.

Yes I was referring to the external scans for PCI compliance and not Symantec's virus scans.

I did find a solution.  I think it's ironic that Symantec forces known security problems but I did find a way to pass the tests.  I blocked all traffic on that port on an external firewall.  Symantec is still trying to use the port, and the weak ciphers, but since the port is blocked no one outside the network can access it and the PCI scans are clean.

Since I access that port only from the server itself I don't need remote access and since I'm inside the firewall I'm not blocked by the firewall setting.

Given how long 40 bit ciphers have been a known weakness I'm disappointed that Symantec hasn't fixed the problem.

Jerry