Symantec Connect - Security - Blog Entries

Articles 12.1

Swapnil — Wed, 15 Feb 2012 20:29:28 +0000

How to prevent SEP features from being disabled in the client GUI in SEP 12.1

http://www.symantec.com/business/support/index?page=content&id=TECH168990

Clients show "No Symantec protection technologies are installed" after migrating the SEPM from 11.x to 12.1

http://www.symantec.com/business/support/index?page=content&id=TECH164677&actp=search&viewlocale=en_US&searchid=1329336009500

How to upgrade the Symantec Endpoint Protection Manager (SEPM) to Version 12.1 RU1

http://www.symantec.com/business/support/index?page=content&id=TECH176260&actp=search&viewlocale=en_US&searchid=1329336036507

How to install clients using "Client Deployment Wizard" in the Symantec Endpoint Protection Manager 12.1

http://www.symantec.com/business/support/index?page=content&id=TECH164308&actp=search&viewlocale=en_US&searchid=1329336072299

Symantec Endpoint Protection 12.1: Disabled option for reputation submissions in installation settings may be re-enabled for deployed clients

http://www.symantec.com/business/support/index?page=content&id=TECH162045&actp=search&viewlocale=en_US&searchid=1329336098689

Creating a managed .MSI package in Symantec Endpoint Protection 12.1

http://www.symantec.com/business/support/index?page=content&id=TECH165483&actp=search&viewlocale=en_US&searchid=1329336121772

After installing Symantec Endpoint Protection 12.1 on a machine, you receive a warning that the trial license has expired even though the SEPM has an active non-trial license

http://www.symantec.com/business/support/index?page=content&id=TECH171252&actp=search&viewlocale=en_US&searchid=1329336154035

Best practices when deploying Symantec Endpoint Protection client package over saturated 64k WAN links

Symantec Endpoint Protection 11.x and 12.1 User Mode Considerations: Client Mode Registration explained

http://www.symantec.com/business/support/index?page=content&id=TECH157004&actp=search&viewlocale=en_US&searchid=1329336228402

Symantec Endpoint Protection 12.1: Best Practices for Disaster Recovery with the Symantec Endpoint Protection Manager

http://www.symantec.com/business/support/index?page=content&id=TECH160736&actp=search&viewlocale=en_US&searchid=1329336409813

Symantec Endpoint Protection Manager 12.1 (SEPM) fresh install with a new SQL database - graphical overview

http://www.symantec.com/business/support/index?page=content&id=TECH169451&actp=search&viewlocale=en_US&searchid=1329336439852

How to move Symantec Endpoint Protection Manager 12.1 from one machine to another

http://www.symantec.com/business/support/index?page=content&id=TECH171767&actp=search&viewlocale=en_US&searchid=1329336482705

How to upgrade/cross-grade Symantec Endpoint Protection 12.1 from Small Business Edition to Enterprise Edition

http://www.symantec.com/business/support/index?page=content&id=TECH166993&actp=search&viewlocale=en_US&searchid=1329336512749

Symantec Endpoint Protection 12.1 - Non-persistent Virtualization Best Practices

http://www.symantec.com/business/support/index?page=content&id=TECH180229&actp=search&viewlocale=en_US&searchid=1329335886615

How to prepare a Symantec Endpoint Protection 12.1 client for cloning

www.symantec.com/business/support/index?page=content&id=HOWTO54706

Symantec Endpoint Protection 12.1: Tamper Protection causes continuous reboot after cloning or sysprep

http://www.symantec.com/business/support/index?page=content&id=TECH163030

How to repair duplicate IDs on cloned Symantec Endpoint Protection 12.1 clients

http://www.symantec.com/business/support/index?page=content&id=TECH163349

Symantec Endpoint Protection 12.1 - Virtualization Best Practices

http://www.symantec.com/business/support/index?page=content&id=TECH173650&actp=search&viewlocale=en_US&searchid=1329336592107

How-to Documents for Symantec Endpoint Protection 12.1

http://www.symantec.com/business/support/index?page=content&id=TECH163705&actp=search&viewlocale=en_US&searchid=1329336726211

How to prepare Symantec Endpoint Protection clients on virtual disks for use with Citrix Provisioning Server

http://www.symantec.com/business/support/index?page=content&id=TECH123419&actp=search&viewlocale=en_US&searchid=1329336758094

Scan tasks fail on Symantec Endpoint Protection 12.1 clients when tasks are run from the Symantec Endpoint Protection Integration Component

http://www.symantec.com/business/support/index?page=content&id=TECH163130&actp=search&viewlocale=en_US&searchid=1329336829109

Symantec Endpoint Protection Manager (SEPM) installation returns the error: "The server schema is older than the database schema, the configuration cannot continue."

http://www.symantec.com/business/support/index?page=content&id=TECH178820&actp=search&viewlocale=en_US&searchid=1329336914399

Symantec Endpoint Protection 12.1 RU1 Client-only patch

http://www.symantec.com/business/support/index?page=content&id=TECH174706&actp=search&viewlocale=en_US&searchid=1329336943469

Migration from Symantec Endpoint Protection Manager 12.1 stops at Cscript.exe

http://www.symantec.com/business/support/index?page=content&id=TECH180824&actp=search&viewlocale=en_US&searchid=1329336983988

Unable to open the Symantec Endpoint Protection client interface after migrating to 12.1 on Windows 7 64-bit

http://www.symantec.com/business/support/index?page=content&id=TECH164707&actp=search&viewlocale=en_US&searchid=1329337024438

How to uninstall Symantec Endpoint Protection 12.1 client from Windows XP and Windows 2003 32-bit and 64-bit operating systems manually

http://www.symantec.com/business/support/index?page=content&id=TECH163585&actp=search&viewlocale=en_US&searchid=1329337057115

Symantec Endpoint Protection 12.1: VPN client is identified as a potential risk by SONAR

http://www.symantec.com/business/support/index?page=content&id=TECH162189&actp=search&viewlocale=en_US&searchid=1329337087586

SEP 12.1 LiveUpdate Engine cannot connect through a proxy server using NTLM authentication

http://www.symantec.com/business/support/index?page=content&id=TECH173767&actp=search&viewlocale=en_US&searchid=1329337117265

How to Block or Allow Devices in Symantec Endpoint Protection

http://www.symantec.com/business/support/index?page=content&id=TECH175220&actp=search&viewlocale=en_US&searchid=1329337147942

What is the Endpoint Protection 12.1 IIS ISAPI proxy and when is it installed?

http://www.symantec.com/business/support/index?page=content&id=TECH180596&actp=search&viewlocale=en_US&searchid=1329337174265

How to debug the Symantec Endpoint Protection client

http://www.symantec.com/business/support/index?page=content&id=TECH102412&actp=search&viewlocale=en_US&searchid=1329337208323

Symantec Endpoint Protection 12.1 Manager counts Symantec Endpoint Protection 11.0 clients as seats towards the license.

http://www.symantec.com/business/support/index?page=content&id=TECH178829&actp=search&viewlocale=en_US&searchid=1329337249630

How to use a custom port for the Embedded database on Symantec Endpoint Protection 12.1

http://www.symantec.com/business/support/index?page=content&id=TECH157461&actp=search&viewlocale=en_US&searchid=1329337295235

Many *.qsp files are detected as a virus in C:\Windows\Temp folder in Symantec Endpoint Protection

http://www.symantec.com/business/support/index?page=content&id=TECH173652&actp=search&viewlocale=en_US&searchid=1329337324796

Why is Symantec Connect (Forum) Important?

AR Sharma — Tue, 14 Feb 2012 08:42:05 +0000

I have seen administrators of SEP, DLP, SSIM etc to be on Connect invariably. They don't refer to admin guide of SEP, DLP etc as much as they refer to forum, article, download on Connect. Why is that? Why can't Symantec develop admin guide just like the articles on Connect?

I think the answer is simple!

Admin guide developed by Symantec is about the product. For example, admin guide of SEP will talk about the using SEP, using its feature, product functionality etc.So, its actually product documentation. Whereas, Connect has the solution of practical challenges that administrators find in day to day operation. So, Connect is more about the implementation of product in a specific environment. Now, there can be 1000s of different environment and providing the solution of challenges of each environment differently is difficult for any product vendor. Also, given different environment, how product would behave is difficult to ascertain!

Connect has questions, articles, download for the different scenarios, that administrator has faced already or facing currently. These administrator can talk with each other here and get mutually benefited.

Therefore, product documentation is about the product functionality, features etc, whereas Connect is about the solution practical challenges that is faced by administrators on the ground. And both of them are equally important.

I am writing this because, I have heard from some entry level admins that people trust Connect more than the admin guide itself. I have explained them and writing here my views for other entry level admins. This may help them in understanding the value of each one of them (admin guide and Connect)

Traveliing light in a time of digital thievery

bruceparker — Mon, 13 Feb 2012 00:26:54 +0000

http://www.nytimes.com/2012/02/11/technology/electronic-security-a-worry-in-an-age-of-digital-espionage.html

SEP 12.1 is now Available

Tmullen — Fri, 10 Feb 2012 20:15:02 +0000

Powered by Symantec Insight™, Symantec™ Endpoint Protection is fast, powerful security for endpoints. It offers advanced
defense against all types of attacks for both physical and virtual systems. Seamlessly integrating the essential security tools
you need into a single, high performance agent with a single management console, Endpoint Protection provides world-class
protection without slowing you down.

Hawaii Security & Compliance User Group

Microsoft Privilege Exploitation in 2011

stebro — Fri, 10 Feb 2012 17:13:30 +0000

2011 is quickly fading in the rear view mirror so here’s a brief analysis on Microsoft vulnerabilities\patches and privilege risk for the year. As mentioned in the Introduction on Privilege Exploitation, privilege exploitation is where the malicious software takes advantage of the rights of the logged in user to change the configuration of the local computer.

Here is a summary of privilege exploitation in 2011 and 2010 for comparison:

	2011	2010	2010 to 2011
Bulletins	100	106	-5.7%
Vulnerabilities	213	269	-20.8%
Bulletins with Privilege Exploitations	46	59	-22.0%
Vulnerabilities with Privilege Exploitations	91	157	-42.0%
% of Bulletins with Privilege Exploitation	46.0%	55.7%
% of Vulnerabilities with Privilege Exploitation	42.7%	58.4%

As you will observe, there was a general improvement in the number of bulletins, vulnerabilities, those with privilege exploitation.

Each bulletin has one or more vulnerabilities that apply to one or more operating systems or applications. Here is a listing of affecting software and the number vulnerabilities with privilege exploitation:

Software	Vulnerabilities
IE 6	29
IE 7	29
IE 8	29
XP	26
Vista	26
Office	25
Server 2008	24
7	24
Server 2003	23
IE 9	21
Excel	14
Visio	5
PowerPoint	2
Forefront	1
Groove	1
Visual Studio	1

As you can see, Internet Explorer is the top for vulnerabilities with privilege exploitation. Exploits in this case are likely a malicious URL either on a website or in an e-mail that allow the malicious user or software to run commands and calls at the privilege of the running user. If the user is a member of the administrators group, game over.

Of the operating system vulnerabilities with privilege exploitation exposure, here are some of the most frequently affected components (there are many others):

.NET
Silverlight
Windows Media Player \ Center
OLE

Removing end user administrator rights is not a silver bullet, but it will reduce the risk to malicious software not to mention additional benefits around system stability and support costs. Here is another way to think about these statistics. If you could do one thing to reduce the impact of a car accident by 40%, would you do it? Start buckling those seat belts and start removing end user administrator rights. For more information on the latter, look at Arellia Application Control Solution.

About Arellia: Arellia provides solutions for securing local administrator accounts and groups, privilege management and whitelisting, and compliance remediation. Arellia products are integrated with the Symantec Management Platform and sold exclusively through Symantec.

We live in a Mobile world

Marie Pettersson — Fri, 10 Feb 2012 08:53:17 +0000

I am absolutely blown away with what is going on in the mobile world and the latest numbers from IDC demonstrate the fact that mobile is breaking every record. A year on year growth of 57% for Smartphone shipments compared to last year. Do I need to say more? These devices will be used for business and private matters and they function merely as a pc. So what is the difference? I think that we don’t consider that question enough, we simply use it together with all the features we can get our hands on; mobile banking and payments, browsing the web, reading emails, downloading apps, gathering intelligence, and the list goes on... So why should we separate the way we manage mobile devices from any other device or endpoint connected to our network?

Adaptive Mobile did a report last year on the mobile threats and their key conclusions were that mobile scams are way more profitable than the traditional pc scams (2% conversion rate compared to 0,000008%) and guess what, this will only make it more attractive as there is more money to be made by criminal minds. In addition the methods to compose mobile malware and similar will be faster, since the structure and base are already in place and only small adjustments are needed to make it work in the mobile world. So again, the difference between securing mobile devices and any other device or endpoint should not be that big, they all need to be managed to provide the possibility to protect the information on the device, or information being accessed through the mobile device.

We are rapidly approaching Mobile World Congress 2012 and mobile briefings, meetings, analysis, events, planning and more is part of my mobile world. It will be a great show (the forecasted 60 000 attendees kind of confirm that) and I look forward to demonstrating the up and coming solutions for the mobile world, that will contibute to making it a secure mobile world.

Visit Symantec at MWC 2012 - hall 8 at booth #A171 and schedule a meeting with our business or technical experts.

EMEA Endpoint Management and Mobility Group (EMM)

how to set the password to enable the USB access of User end

sumitgupta786 — Fri, 03 Feb 2012 15:15:57 +0000

Problem

Need to set the password to disable Smc service

Cause

For the Security Purpose required to Set the password

Solution

Go to SEPM.

Go client Tab and then choose the Group where you want to set the password.

Under that Group choose the policy TAB.

Click on General Setting then tab on Security Setting.

There four option avail

Check the "Require a password to stop the client service"

Enter the passwor that have mention on right hand side of the security tab.

Then ok and then right click on that Group and update the content.

It will set the password to stop the SEP.(command smc -stop)

Who Will Protect Your Data?

MartinLee — Tue, 31 Jan 2012 11:53:24 +0000

Managing the continued increase in data is a major issue for organisations. IDC predicts that we stored 1.8 zetabytes of information in 2011 (1.8 x 1021 bytes), and that this will increase to 7.9 zetabytes stored by 2015 [1].

Figure 1. Graph of data being stored worldwide [1].

At the same time, the value of data is also growing. The annual Cost of a Data Breach study by the Ponemon Institute, shows a clear year on year increase in the costs incurred per data record compromised when data is lost or stolen. [2]

Figure 2. Graph of total costs incurred per data record breached [2].

Other factors may dramatically increase the cost of dealing with lost data; proposed EU legislation will fine companies up to 5% of turnover for contravening data protection laws [3]. Therefore, in the environment in which we operate, more and more information is being created, this information is increasingly valuable, and we will risk major fines if part of this growing mountain of data is compromised.

Hence, the profession of information security which seeks to secure this data, the systems in which it resides, and the networks upon which it travels, against disclosure or loss while ensuring that this data is available when required to authorised users. It is relief to know that the number of people working in information security worldwide is growing at about 11% per year, with in excess of 700,000 working in the domain in the EMEA region [4].

However, there are 20.8 million registered companies in the EU alone [5]. If we assume that the 700 000 information security workers all work in the EU, which is certainly an over estimation, this implies that there is a single information security worker for every 34 companies.

The average number of employees per company across organisations of all sizes within Europe is only 4 people [5]. Therefore we can assume that there will be an unequal distribution of these relatively rare information security employees. We can envisage that large companies will have teams of employees dedicated to protecting valuable data, while it is unimaginable that the ‘average’ company will dedicate one quarter of their workforce to information security. So who will protect the data of small businesses?

The security of data is one of the factors driving the uptake of cloud services. By pooling data from many companies within a cloud environment, the costs of securing this data can be shared across a large number of companies. In this way a small number of information security workers can ensure that the data of a large number of companies is secure against attack or loss.

Customers of cloud services need to ensure that data protection and security is specified in their service level agreement with the cloud provider. Equally, the end customer will have to consider how their data is used and accessed within their local network, but when it comes to large amounts of data, keeping it in the cloud is probably the safest option.

References.

1. The 2011 Digital Universe Study: Extracting Value from Chaos. IDC.

http://idcdocserv.com/1142

2. 2010 Cost of a Data Breach. Ponemon Institute.

http://www.ponemon.org/local/upload/fckjail/generalcontent/18/file/2010%20Global%20CODB.pdf

3. Data breach law: Companies facing fines of five per cent of turnover. Silicon.com.

http://www.silicon.com/technology/security/2011/12/06/data-breach-law-companies-facing-fines-of-five-per-cent-of-turnover-39748307/

4. The 2011 (ISC)2 Global Information Security Workforce Study. ISC2

https://www.isc2.org/uploadedFiles/Industry_Resources/FS_WP_ISC%20Study_020811_MLW_Web.pdf

5. Are EU SMEs recovering from the crisis? Annual Report on EU Small and Medium sized Enterprises 2010/2011. European Commission - DG Enterprise.

http://ec.europa.eu/enterprise/policies/sme/facts-figures-analysis/performance-review/pdf/2010_2011/are_the_eus_smes_recovering.pdf

4 Tips to Combat the Uncommon Cold

Ctrox — Mon, 30 Jan 2012 18:37:23 +0000

Aliens have invaded earth with the intent to wipe out mankind. But ex-scientist turned cable technician, David Levinson (Jeff Goldberg), helps mobilize a plan to use the “common cold” or computer “virus” to fight back against the alien species and bring down their defenses in the 1996 movie Independence Day.

While the story is fiction, the potential damage that a virus or malware can do to businesses and peoples’ lives is all too real. In fact, attackers unleashed an average of more than nine new threats every second in 2010.

The healthcare industry knows firsthand about virus outbreaks. Take the Conficker virus that infected hundreds of MRI devices around the world. In fact, healthcare leads the industry in data breaches with more than 400 health information breaches involving over 12 million records over the past two-plus years.

According to Jon Oltsik, senior principal analyst at the Enterprise Strategy Group (ESG), one reason the healthcare industry is more vulnerable than others is that information is shared across a wider array of devices. It resides not only on laptops and workstations but also on clinical, testing, and monitoring systems. Further, healthcare devices must meet high performance and maximum availability requirements around the clock. So what is healthcare IT doing to make sure services are available 24x7, while protecting patient data?

In the January CIO Digest article, “4 Tips to Combat the Uncommon Cold” I had the opportunity to talk with ESG analyst Jon Oltsik and key IT decision makers from Continuum Health Partners, DrFirst, SAS, and The Royal Liverpool and Broadgreen University Hospitals NHS Trust to uncover best practices around protecting vast number of endpoints to deliver high quality patient care. Check out the other healthcare related stories in this issue on Barnabas Health and the Italian National Cancer Institute.

Products referenced in healthcare feature:

Altiris Asset Management Suite
Altiris IT Management Suite
Altiris Client Management Suite
Altiris Server Management Suite
PGP Universal Gateway Email
PGP Whole Disk Encryption
Symantec Data Loss Prevention
Symantec DeepSight Threat Management System
Symantec Endpoint Encryption
Symantec Network Access Control
Symantec Protection Suite
-        Symantec Endpoint Protection
-        Symantec AntiVirus for Endpoint Security
Symantec Validation and Identity Protection (VIP)
VeriSign Secure Site SSL Certificate with Extended Validation

Healthcare Online User Group

Test your password : Password Security Scanner

riva11 — Wed, 25 Jan 2012 12:07:06 +0000

Password Security Scanner is a free password tool that allows to test the security of passwords stored locally. This utility scans all passwords stored by popular Windows applications, and the result is a detailed information of every stored password such as total number of characters, number of numeric characters, number of lowercase/uppercase characters, number of repeating characters, and password strength is displayed, without revealing the actual passwords.

You can use this tool to determine whether the passwords used by other users are secured enough, without watching the passwords themselves.

Supported applications :

Internet Explorer 4.0 - 9.0
Mozilla Firefox (All Versions)
Dialup/VPN passwords of Windows
MSN/Windows Messenger
Microsoft Outlook
Windows Live Mail

Password Security Scanner is a portable application and doesn't require any installation process.

System requirements : from Windows 2000 and up to Windows 7.

Link : Password Security Scanner