9.x and Earlier
Edvaldo Ferreira
|
November 23rd, 2009
Hi people!
I'm installed and configured client SAV linux in a Ubuntu8.04.1 Server but it not perfoming update definitions from a LUadmin 2.2.1.13. By internet work well but when the source is LUadmin happens the issue below:
root@vsvr-testeatv:/opt/Symantec/virusdefs# sav liveupdate -u
3.000000%
6.000000%
9.000000%
12.000000%
16.000000%
19.000000%
Command failed: Failure in post processing of micro definitions during update.
Unable to perform update
root@vsvr-testeatv:/opt/Symantec/virusdefs# sav info -d
10/29/2009 rev. 5
root@vsvr-testeatv:/opt/Symantec/virusdefs#
Enviroment:
Symantec Antivirus version 1.0.8.17 for Linux Ubuntu 2.6.24-19-server Ubuntu8.04.1 Server
Liveupdate Administrator: 2.2.1.13 installed on Windows 2003 32 bits Std
Maybe will be good install the newest version of LUadmin ?! Some suggestions?!
Security, 10.x, 9.x and Earlier, Basics, Configuring, Installing, Endpoint Protection (AntiVirus), Tip/How to, Upgrade
0 comments
sri2384
|
November 18th, 2009
Try this script...if competitve uninstall did not work...
1. open a notepad
2. type msiexec /x {Product code of CA Etrust 8.1} /passive or /quiet
/passive - visible uninstallation /quiet - silent uninstallation
3. Save this notepad as a .bat file
4. Run this .bat file on the machine which has CA etrust 8.1
Product code can be obtained from the registry
HKLM \ Software \ Microsoft \ Windows \Current Version \ uninstall.
Under the unistall folder you would find multiple folders respective to each application. Find the right folder for CA etrust 8.1 and copy the product code from Dword string Uninstall String or Modify Path
0 comments
wts
|
November 17th, 2009
I am trying to find some information on SAV Corporate 9.0.
Is it true that this version is no longer receiving virus defintion updates? It appears that it is, but I have seen conflicting comments on this matter.
Also, what type of protection is offered by SAV Corporate 9.0? Does is just protect against viruses or does it offer protection for other types of malware, such as spyware, phishing, etc?
2 comments
Kevin Haley
|
November 17th, 2009
Yes, it’s a cheap trick and not even close to original. But the lesson here is that even obvious social engineering tricks can get people to click on a link. We can’t help ourselves. We love to click. Clicking on links and attachments that are accompanied by just the slightest bit of social engineering appears to be a basic human need. I expect it to show up in a revision of Maslow’s Hierarchy of Human Needs any day now—behind love, but certainly ahead of safety.
I do have a point to all this. Two actually. As we compiled the Security Trends to Watch in 2010, what occurred to me is that the people who most needed to read this information never will. At least not without some social engineering on my part. And since social engineering plays such a prominent role in future trends, it seemed appropriate. So I’ve decided to use this little trick to get people to read the list of trends below. So…
Don’t read this if you think antivirus technology...
11.x, Security, Security Response, 10.x, Evolution of Security, 9.x and Earlier, IT Risk Management, Malicious Code, Online Fraud, Security Risks, Spam, Vulnerabilities & Exploits, Endpoint Protection (AntiVirus)
0 comments
RODO
|
November 13th, 2009
Hello,
I manage a cluster of SEP v9. One of the server have the collector.exe (v 2.0.1.22) which use 80% of CPU. Is it normal ?
If not, how can i fix this problem ?
Thank you for your help.
Have a good day
RODO
4 comments
shp
|
November 12th, 2009
I would like to add an idea about online status of the users in Symantec connect.
It will be good to see a status icon(small bubble) beside user virtual face(avatar) like Green for online orange for inactive etc....
It will be easy for us to know the person availability and do PM.
11.x, Emerging Threats, Security, 10.x, Evolution of Security, 9.x and Earlier, Basics, IT Risk Management, Best Practice, Malicious Code, Security Risks, Configuring, Spam, Features, Installing, Performance, Reporting, Endpoint Protection (AntiVirus), Tip/How to, Upgrade
2 comments
nac
|
November 12th, 2009
Hi ;
I have SCS 2.0 and checkpoint VPN installed on the systems. When i install SEPMR4 MP2 it upgrades SCS2.0 finely but VPN gets lost, I cant see VPN key at system tray, I cant start VPNservices.
I f I start VPN service manually it gives error.
Any help?
1 comments
Bishop21
|
November 10th, 2009
I have spent the whole day trying to figure this out....
I can not uninstall SAV9 without a reboot via command line.
I have tried a little bit of everything and need some help:
Things I have tried:
MsiExec.exe /x{848AC794-8B81-440A-81AE-6474337DB527} /passive REBOOT=REALLYSUPRESS
MsiExec.exe /norestart /passive /x{848AC794-8B81-440A-81AE-6474337DB527}
MsiExec.exe /norestart /quiet /x{848AC794-8B81-440A-81AE-6474337DB527}
and may other variations...The problem is that SAV9 prompts to restart and in passive and quiet mode it forces the restart...I am putting this command line in WSE to uninstall SAV9 before installing SEP11 and I just can not get around this...HELP ME PLEASE!!!!!!!!!!!
3 comments
Andy Chow
|
November 10th, 2009
Everyday, I'm looking at the Symantec ThreatCon level. It is always either between level1 and level2.
Can anyone here tell me whether Symantec has escalated their ThreatCon to Level 3 or even Level 4 before?
If so, when was the last time it has happened, and what was the cause of it?
5 comments
Acretian
|
October 28th, 2009
Registry Location
For SEP
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV
For SAV
HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion
On the Key you can find two Values
PatternFileDate : Current Definition date
PatternFileRevision : Revision
These are Hexadecimal values
Example:
PatternFileDate : 27090e - 2009 Oct 14
27090e - YYMMDD Format
27 - 2009
27 Hex is 39 Decimal, this value is since 1970. So 1970+39 = 2009
09 is October (00- Jan, 0B - Dec)
0e Hex - 14 in decimal
PatternFileRevision : 16Hex - 22
16 HEX is 22 in Decimal
Hope this helps :)
0 comments
mon_raralio
|
October 21st, 2009
Hi,
I've found this outdated tool from Symantec downloads (In the security world, anything over a year old is really outdated, IMHO). It is a tool used to reset the registry that was damaged by malwares. The link is:
http://www.symantec.com/business/security_response/writeup.jsp?docid=2004-050614-0532-99
Some other tools are found in: http://www.symantec.com/business/security_response/removaltools.jsp if you haven't seen it, I suggest you take a look into it.
Anyway, has Symantec made another similar registry cleaner or basic removal tools available for free. Some might say that SEP will do the job...well, a lot of people might say that. But my point is, if there is already a malware present and that wouldn't allow me to run any AV installer and formatting the PC is not an option. There's no way of cleaning the threat if it cannot be identified and the one doing the install have no idea what to change in the OS. Just to make our task a little easier.
5 comments
Manish@symantec
|
October 12th, 2009
Hi,
Here's an Idea. I would like to see a pop up in my SEPM console or in an Unmanaged Client Console about the new product MR or MP release.
The present Scenario is customers have to subscribe themselves to the below mentioned link for getting a notification email about the same. So we can go an extra mile, by giving ease of notification in the Consoles itself.
http://www.symantec.com/business/support/news_bull...
11.x, Security, 10.x, 9.x and Earlier, Basics, Best Practice, Features, Reporting, Endpoint Protection (AntiVirus), Tip/How to, Upgrade
0 comments
san1965
|
October 10th, 2009
Hi,
I have XPSP3 machine with Norton 2009. The two have coexisted peacefully for these past year or two. However, for the past one month, I have been experiencing BSOD with 0x50 message whenever I run IE.
Please note that I do not get this message while running any other application. It is only when I run IE. The first IE version that bombed was 7.0. I uninstalled and dropped to IE 6.0. Still the same problem. I tried installing IE 8.0, and the BSOD came during installation itself.
Using WinDbg dump, the problem has been linked to SymEvent.Sys file. My question is - is there any patch that can resolve the problem? Should I unistall Norton 2009 and re-install it?
Any guidance to my problem is much appreciated.
Thanks in advance...
1 comments
hurray
|
October 8th, 2009
I was trying to manually run a scan but got the following error message:
Could not start scan. Scan engine returned error 0x20000058
Does anyone have any idea why this is happening and how to get the scan working?
Thanks.
Hurray
9 comments
veilsnzills17
|
October 8th, 2009
Hi,
I'm posting this on behalf of a customer who had bought a second-hand Vista computer with a SAV 9.0 pre-installed and wants to remove it. I cannot forward him to technical support as he doesn't have any support. Is there a document here that I could email to him?
Thanks in advance.
4 comments
Dermot Harnett
|
October 7th, 2009
Overall spam volumes averaged at slightly over 86 percent of all email messages in September 2009, which is a decrease of 4 percent since July 2009. However, it is considerably greater than September 2008 when spam levels averaged at 78 percent of all email.
Notable this month is that the percentage of spam containing malware has increased, reaching up to 4.5 percent of all spam at one point. When compared to August 2009, Symantec has observed a nine-fold increase in spam containing malware during September. With respect to spam categories, the main movers were Internet spam, which increased by 3 percent again this month and averaged at 32 percent of all spam; and financial spam, which decreased 3 percent to account for 17 percent of all spam.
Click here to download the October 2009 State of Spam Report, which highlights the following trends:
· Spam Spotlight : Implications of the Increasing Malicious Spam September 2009:...
11.x, Security, Security Response, 10.x, 9.x and Earlier, Online Fraud, Spam, Endpoint Protection (AntiVirus)
0 comments
japanindia
|
October 7th, 2009
Hi everybody,
I am using windows xp professional 2000 version. I tried to install symentec end point protection .It was successfully installed. But , i found a window continuously comming on screen saying`windows is installing, please wait `.Then, i tried to uninstall in order to reinstall. But, the window continuously came saying the same thing.I think symentec endpoint is adding unnecessary files. I also tried to uninstall by entering in to control panel. Again, it did not give me to uninstall saying,`windows is installing, please wait` or like similar expression. Now, i tried with all means to uninstall it, but not able to do it. Does anybody has encountered such problem? Help from anybody is appreciable.
kiran
10 comments
Prachand
|
October 6th, 2009
Troubleshooting installation errors using MSI logs
During the installation of Symantec products ( SEP , SAV , SPC ), you may get errors that provide insufficient information about what has occurred. As all Symantec products for Windows use MSIs to perform the installation, it is very useful to check the MSI installer logs to gather more information about the error.
The install creates msi logs, which by default are created in the Temp directory.
This can be located by typing %temp% into the address bar in Windows Explorer.
The files to look at :
SEP_Inst.log ( For Symantec Endpoint Protection Client )
SEPM_Inst.log ( For Symantec Endpoint Protection Manger)
SPC_Inst.log ( For Symantec Protection Center SEP 12)
SAV_Inst.log ( For Symantec Antivirus)
Understanding MSI log files
1. It is a good idea to read the file from the bottom up, as the...
11.x, Security, 10.x, 9.x and Earlier, Basics, Best Practice, Installing, Endpoint Protection (AntiVirus), Endpoint Protection Small Business
3 comments
spurser
|
October 6th, 2009
I am a new employee here and we are experiencing virus issues.
Upon further research, I found that SAV 8.0 server is not running nor has Live update occured since April 2009.
On the server, I look at services and Symantec AntiVirus Server is not running. When I try to start the service, it errors with
Could not start the Symantec AntiVirus Server on Local Computer. Error 10: Environment is incorrect.
I realize this is an older version, I just need any help to get us back in the safety zone.
6 comments
TimBanyas
|
October 5th, 2009
Our Win2000 server successfully downloads the latest definitions using LiveUpdate. But the user interface reports and old date for the definition version. I looked through the knowlege base and found an article that suggest the only fix is to upgrade to the latest version. Right now that is not an option for our organization.
Is there a way to force Corporate Edition to use the most recent version? Also, is there a way to verify which definition is being used in order to confirm what is being reported by the user interface?
Thank you in advance for any information.
Tim Banyas
10 comments
Mithun Sanghavi
|
October 5th, 2009
“Best practice”
for
Win32/Conficker.B [MS]
w32.downadup.B[SYM]
Infection/propagation Method
-Flash drives/open shares/mapped drives [autorun.inf]
-Admin$ - Random brute force password attack on the networked systems
-Exploit MS08-67 – RPC BO vulnerability in netapi32.dll
How it works ?
Initial attack happens on one of the networked systems.
This initial attack and execution can be achieved by visiting any malware hosting website [cracks/music /free download/hacked etc.], plugging infected flash drive in the production network.
Mostly un-patched systems/Browsers are the initial victim of this attack.
Once executed it Installs a service under
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ netsvcs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BadServiceName
This service is most of the time a .dll file [We need to submit this one...
11.x, Emerging Threats, Security, 10.x, 9.x and Earlier, IT Risk Management, Best Practice, Malicious Code, Security Risks, Endpoint Protection (AntiVirus), Tip/How to
4 comments
Starfish
|
October 3rd, 2009
I was having lots of problems with corrupt virus definitions. Finally we were advised to just uninstall Symantec Antivirus Corporate Edition from our server and reinstall. Now when we attempt to reinstall, we get the following error: "the wizard was interrupted before symantec antivirus could be completely installed." A few important things about our environment: this is the same server that the symantec console resides on. Also we are using the install that is located under CLT-INST. Finally Symantec Mail Security for exchange is also installed on this same server. We've had some suggest to manually remove symantec antivirus - however we went trhrough this 30 step manual removal on symantec's website and that didn't work. We are desparate to get symantec antivirus re-installed on this server. Please help..
8 comments
Speedy1205
|
October 1st, 2009
Hey Guys,
try at the moment to get autoprotect up and running. My kernel I use is not native supported 2.6.28-11-generic which is a newer one. When I try to compile the ap modules from Tarball I get the same error on each plattform. I use the 1.0.8 version of sav ap.
dbusch-desktop ap-kernelmodule-1.0.8-17 # ./build.sh --kernel-dir /usr/src/linux-headers-2.6.28-11-generic
Kernel release is not set, build the kernel modules for the current kernel release(2.6.28-11-generic)
/home/dbusch/Desktop/ap-kernelmodule-1.0.8-17/symev /home/dbusch/Desktop/ap-kernelmodule-1.0.8-17
rm -f *-custom-2.6.28-11-generic-i686.o symev-custom-2.6.28-11-generic-i686.ko symev-custom-2.6.28-11-generic-i686.mod.[co] .symev-custom-2.6.28-11-generic-i686.*.cmd
rm -rf .tmp_versions-custom-2.6.28-11-generic-i686 .build-custom-2.6.28-11-generic-i686
/home/dbusch/Desktop/ap-kernelmodule-1.0.8-17
/home/dbusch/Desktop/ap-kernelmodule-1.0.8-17/symap /home/dbusch/Desktop/ap-kernelmodule-1.0.8-17
rm -f...
11.x, Security, 10.x, 9.x and Earlier, Drivers, Configuring, Features, Installing, Endpoint Protection (AntiVirus)
2 comments
ajeet kumar
|
October 1st, 2009
If system is infected by virus, and task manager not wokring.
you want to see & kill the unknown process that time use this killbox tool.
Run killbox.exe
click on processes- select process and click on end task
11.x, Security, 10.x, 9.x and Earlier, Features, Windows, Endpoint Protection (AntiVirus), Tip/How to
1 comments
csaman
|
September 30th, 2009
Looking for a list of event codes to Event Viewer for tracking viruses, definition failures, etc. Anyone have a list or know of a link to get a list.
Thanks much....
2 comments