Video Screencast Help
updated discussion 29 Jul 2016
The title is a bit weird, so I'll explain-- I am using Lookup Plugins in the following manner to support incident analysis:  1. Data Insight lookup plugin, for inferred ownership data, 2. the python plugin called "script-lookup.py," for mapping the DI data ownership name to its counterpart in AD,  3. and the LDAP plugin.  For endpoint DLP and network prevent ...
discussion comment 29 Jul 2016
updated discussion 29 Jul 2016
The title is a bit weird, so I'll explain-- I am using Lookup Plugins in the following manner to support incident analysis:  1. Data Insight lookup plugin, for inferred ownership data, 2. the python plugin called "script-lookup.py," for mapping the DI data ownership name to its counterpart in AD,  3. and the LDAP plugin.  For endpoint DLP and network prevent ...
discussion comment 29 Jul 2016
updated article 26 Jul 2016
Often times we deploy SEP 12.1 to clients and assume the components are functioning correctly. While the majority of the time this is true, it never hurts to spot check clients to ensure they're working as expected. Below are tests you can run for each component to verify functionality. Test Virus and Spyware Protection The quickest way to test this functionality is to download the EICAR file ...
updated article 22 Jul 2016
Customers Can Now Integrate Compliance Monitoring Into Their Evolving DevOps Process MOUNTAIN VIEW, Calif. – July 20, 2016 – Symantec Corp. (NASDAQ: SYMC), the global leader in cybersecurity, today announced the next version of Symantec Control Compliance Suite, the enterprise-class IT governance, risk and compliance solution. Symantec Control Compliance Suite delivers new ...
updated article 21 Jul 2016
Introduction This is the tenth in my Security Series of Connect articles.  For more information on how to keep your enterprise environment secure using often-overlooked capabilities of Symantec Endpoint Protection (and the OS upon which it functions), see Mick's Greatest Hits: Index of Helpful Connect Security Articles. This article gets down to some practical particulars on how to take ...
updated article 20 Jul 2016
Click here to visit the site on Symantec.com.
updated article 20 Jul 2016
Please click here to view the current Symantec Security Insights newsletter. Thank you!
updated article 19 Jul 2016
Introduction This is the sixth in my Security Series of Connect articles.  For more information on how to keep your enterprise environment secure using often-overlooked capabilities of Symantec Endpoint Protection (and the OS upon which it functions), see Mick's Greatest Hits: Index of Helpful Connect Security Articles. This new "Symantec Insider Tip" article aims to provide advice and ...
updated blog entry 28 Jul 2016
「知己知彼,百戰不殆;不知彼而知己,一勝一負;不知彼,不知己,每戰必殆。」這是軍事家孫子的名言。 他的思想至今仍舊適用。企業若是能洞悉攻擊者,同時瞭解自身的長處和弱點,就更有機會贏得這場勝負未明的網路安全之戰。千萬別等到貴公司受到攻擊,才開始加強整個企業的安全態勢。對攻擊者採取主動攻勢吧! 有什麼方法能夠確保您的企業網路是否安全,並且隨時做足應戰準備?我們依據 2016 年網路安全威脅研究報告 (ISTR) 的最佳實務準則,撰寫了這份有系統的網路安全檢查清單,這份年度報告提供了對本年度全球威脅活動的概述與分析。 確保所有存取公司網路的裝置已安裝適當的安全防護。 採取主動監控和組態管理,讓連接公司網路的裝置保持在最新狀態。其中包括伺服器、工作站、筆記型電腦與遠端裝置。       2. ...
updated blog entry 28 Jul 2016
許多來源網站提供的盜版資源,可能含有潛藏危險。一項賽門鐵克針對熱門來源網站的研究觀察到,近日出現了可能不當的應用程式 (Potentially Unwanted Application,簡稱 PUA) 散佈活動。我們在幾個網站發現到,不少下載來源會假冒成《刺客教條:梟雄》或《巫師 3》等熱門遊戲,這些來源會引誘使用者在不知情的情況下,在電腦上安裝 PUA。賽門鐵克認為這種 PUA 散佈活動,不當使用合法附屬的付費安裝程式。 可能不當的應用程式 PUA 是一種可能影響安全性、隱私權、資源消耗或者與其他安全風險有關的軟體。PUA 可能會利用幾種方法安裝到電腦或裝置。這種程式會偽裝成免費軟體程式,或與第三方軟體綁定。多數情況下,使用者要同意才能安裝軟體,但有時候侵入性較強的 PUA,可能會在使用者不知情下自行安裝。 假冒遊戲來源的 PUA ...
updated blog entry 28 Jul 2016
最新的情報網頁已經在 2016 年 5 月更新,提供網路安全威脅的最新分析、趨勢以及關於惡意程式、垃圾郵件和其他潛在業務風險的精闢見解。以下是本期最新情報的一些重要資訊。 Angler 工具組在過去一直被我們評選為第二大的工具組網路攻擊,在 5 月份躍升第一,在所有工具組活動中佔 51.2%。Nuclear 刺探套件被評選為 4 月的第一大工具組網路攻擊,在本月卻掉到 5 名以外,很有可能是因為 4 月底發佈的研究所致,這份研究揭露 Nuclear 刺探套件的基礎架構,因此降低了它的威脅性。繼 Spartan 工具組在 4 月份掉到前 5 名以外,Nuclear 刺探套件也失去原有的威脅。Spartan 工具組在先前也曾被評選為第一大的工具組網路攻擊。 圖 1.Angler 工具組在 5 月位居刺探套件造成的網路攻擊排名之首。 手動分享持續穩坐社交媒體詐騙第一名,雖然自 4 ...
updated blog entry 28 Jul 2016
網路態勢正不斷演進,攻擊者資金雄厚、發展快速,攻擊變得更複雜,偵測也耗時過久。然而,預算越來越受到限制,內部資源亦顯不足。此外,86% 的企業表示他們缺乏專業人員來滿足與日俱增的網路安全需求。[1] 資訊安全長正針對這些重大問題提出疑問並尋找解答。 賽門鐵克協助高階主管彌補安全監控缺口的經驗已超過十年以上。透過遍及全球的服務,我們看到了正在成型的市場趨勢一定會對您未來的安全計劃造成影響。在您決定如何強化您的安全態勢時,以下提供六個重點供您參考。 隨著威脅環境成長,遵循法規的工作也變得更加複雜。隨著科技的進步和威脅態勢的爆炸性成長,無論是 PCI DSS、ISO 27001、SOX 或要求一貫監督和報告的眾多其他規格,遵循現有法規都成為更大的挑戰。要迎頭趕上這些不斷演變需求,您所需要的時間、資源和預算可能成本昂貴且使人分心。您必須取得專業人員的協助。安全委外管理服務供應商 ...
updated blog entry 28 Jul 2016
賽門鐵克已找到證據,證明攻擊菲律賓某銀行的團體,和過去自孟加拉中央銀行盜走 8100 萬美元,並曾嘗試自越南先鋒銀行盜走 100 萬美元的團體為同一組織。 該團體所用的惡意程式也被用來攻擊菲律賓的銀行。除此之外,部分工具使用的共用程式碼,和過去銀行攻擊事件所用的惡意程式有相似之處。而這些惡意程式和一個被稱作 Lazarus 的威脅團體有關。這一連串銀行攻擊事件最早可追溯到 2015 年 10 月,比越南攻擊失敗事件被發現的時間早兩個月,而那也是迄今所知最早的銀行攻擊事件。 對孟加拉中央銀行的攻擊,以及發現攻擊者利用惡意程式掩蓋詐騙轉帳的事實,引發了 SWIFT 付款網路的警示。SWIFT 進一步警告,表示已找到證據顯示另一家銀行正遭到惡意程式以相似手段攻擊。越南先鋒銀行隨後發表聲明,表示在去年第四季,攔截到一筆超過 100 萬美元的詐騙轉帳。SWIFT ...
updated blog entry 28 Jul 2016
什麼是 DDoS 攻擊,為何需要防備它? 分散式阻斷服務 (DDoS) 攻擊會利用發動活動來攻擊目標,導致合法流量無法存取網站。換句話說,銀行、娛樂公司、報社、電子商務入口網站,甚至是讓您在 Xbox Live 上遊戲廝殺的網際網路連線速度會愈變愈慢,甚至當機。 從 2000 年開始,DDoS 攻擊即層出不窮,攻擊的規模、數量及密度也年年增加。這些攻擊歷經時間的考驗、幾乎沒有預防方法、租用費用十分低廉,可帶來持久的破壞性後果。 在 Wrist Grab 與 DDoS 攻擊中,Gino Grieco 提出以下說明: 「現代的 DDoS ...
new blog entry 28 Jul 2016
投稿人:Tommy Dong 之前,我们曾发表过相关博文,介绍谷歌电子市场(Google Play)上的恶意软件在Viber上盗取图片。其后,我们在谷歌电子市场上发现了另一个恶意应用程序,这种应用程序可将受害者的个人媒体文件(照片和视频)移至远程服务器之上。 侵占用户所有视频 在加强手机云监测功能以识别泄露个人可识别信息之应用程序(PII)的过程中,我们偶然发现谷歌电子市场上有一款很具恶意的应用程序。这款应用程序便是Sunuba 游戏公司制作的HTML源代码查看器。 该应用程序伪装成开发工具,但实际上是将设备在“/DCIM/Camera” ...
new blog entry 27 Jul 2016
寄稿: Tommy Dong 6 月のブログ記事で、Viber から写真を盗み出すマルウェアが Google Play に出回ったことをお伝えしました。それ以来、個人のメディアファイル(写真と動画)を被害者のモバイルデバイスから抜き取ってリモートサーバーに送るアプリが、Google Play ではほかにも確認されています。 キミノ ドウガハ スベテ イタダイタ モバイルインサイトは、個人情報(PII)を盗み出すアプリを特定するシマンテックのクラウドベース機能です。その強化を進める過程で、シマンテックは明らかに悪質なアプリを Google Play 上で発見しました。それは、Sunuba Gaming による「HTML Source Code ...
updated blog entry 27 Jul 2016
Contributor: Tommy Dong Last time we blogged about malware on Google Play that stole photos from Viber. Since then we’ve discovered another app on Google Play that is moving personal media files (photos and videos) off victims’ mobile devices and onto a remote server. All your videos are belong to us In the course of enhancing our Mobile Insight cloud-based features to identify apps that leak ...
new download 17 Jun 2016
Ever had the CCS Agent registered with wrong name or agent IP changed? In some situations it can be pain to fix this as it requires going to agent and running the registration again (imaging you do not have access to agent server and you have to raise ticket to 3rd party supplier and he asks you to raise a change request). Well with these two simple scripts, you can change both agent name and ...
new download 16 May 2016
To make use of stop-words for russian language, download attached file, unzip it and place to the "Protect\config\stopwords" subfolder in the Symantec DLP installation directory. Then go to the "Advanced settings" page of selected detection server and set the variable "Lexer.StopwordLanguages" to "en,ru". Do it for every detection server you have.
updated download 22 Apr 2016
Symantec DCS Policy Utility v1.0.0.11 For Windows OS (Note .NET Framework 4.5 is required) Designed to help you tune your policy by processing the log files from an Agent. There's a getting started tab that explains the best steps to get the logs and events you need to troubleshoot your policy. The program does not make any changes to the machine or policy. It parses the sisidsevents and ...
updated download 01 Apr 2016
When a customer is using the forensics software "Encase 7" with our Symantec Endpoint Encryption Full Disk 8.2.0 software, the customer will need the appropriate DLLs so that the Encase product can successfully work with our Full Disk product. The DLLs required are attached here and can also be located within the original product download under the subfolder "utilities". The DLLs required in ...
updated download 01 Apr 2016
At times, a customer may require the details for creating a batch file (startup script) to assist in the uninstallation of a Symantec Endpoint Encryption Device Control client that was installed via GPO. You cannot use the automatic uninstall feature in the GPO software installation package because the Device Control uninstall procedure is password protected. To uninstall Device Control you ...
updated event 28 Jul 2016
The Houston EPM User Group will be meeting at the same time, same location (but different room). 
new event 27 Jul 2016
Whether you are a large enterprise, SMB or just a regular user of the internet, cyber threats are increasing in number and sophistication. Tactics and techniques used today, will be different in another month. What can you do to bolster your security posture or simply increase personal awareness? Every year, Symantec releases it’s threat report (ISTR) which is based on data collected and ...
new event 27 Jul 2016
Topic: Microsoft + Symantec: A Next Generation Approach to Securing Users and Their Devices Speakers: Matt Reid, ITS VP of Risk Management and Troy Whittaker, VP of Systems Management Date: Thu, Aug 4, 2016 11:00 AM – 12:00 PM EST Details: Today’s cyber risks are forcing organizations to not only leverage technology, but also purchasing power through enrollments and new ...
updated event 26 Jul 2016
South Florida Cyber Security Forum has been created based on the complexity of today’s global threat environment. As IT no longer rules the roof, device and data explosion coupled by being ever targeted by data breaches and battered attacks continue to make cyber security grow. This all revolves around the balance between privacy, anonymity, technology and security.  This is a free ...
updated video 13 Jul 2016
In this quick update our risk management expert, John Higday, highlights the updates in ATP 2.0.2 which  provides IT security teams with the best visibility in their endpoint environment.   Advanced Threat Protection - Expose, prioritize, and remediate sophisticated advanced attacks across endpoints, networks, and email, from one single console.   Download our ATP whitepaper at ...
updated video 19 May 2016
This video will help new customers to provision their domains and inbound routes once they have access to the administration portal. If you want a desktop aid to provide a step by step guide as to the tool, then please download that here.
new video 17 May 2016
Bay Dynamics recently announced the availability of the standalone IT Analytics Server 2.1, which includes an enhanced web based cube browser. This video walks you through how as an existing Symantec Endpoint Protection customer, you can leverage IT Analytics Server to visualize your cube data and take advantage of its benefits.
updated video 17 May 2016
Bay Dynamics recently announced the availability of the standalone IT Analytics Server 2.1, which includes an enhanced web based cube browser. This video walks you through how as an existing Symantec customer, you can leverage IT Analytics Server to visualize your cube data and take advantage of its benefits.
new video 17 May 2016
In this video, we demonstrate how to install the new standalone IT Analytics Server v2.1 with the Symantec Data Loss Prevention content pack.
updated video 17 May 2016
This training module aims to walk you through how to setup a new business partner in the Encryption module of the Management Portal. Watch more Videos in the Self-serve TLS video series: Self-serve TLS: Moving domains from one Business Partner to another Self-serve TLS: Getting visibility into your enforcements Self-serve TLS: Enforcing TLS encryption between you and the Email Security ...
new video 13 May 2016
This video shows you the new features in Advanced Threat Protection 2.0.2.
new idea 26 Jul 2016
There currently exists only checks for whether or not older roles are installed (IIS for example), but nothing for the myriad other roles and features of Windows. I'd like to see checks for all the various roles (hyper-v, say) and features (telnet client, anyone?) available in a Windows install, so that these can be checked off against our standard.
new idea 22 Jul 2016
Can a guide be created showing multiple use cases of all the ways CCS standards can be used for.A use case guide is required providing extensive range of examples each with different examples. This helps organizations to adopt the product at the faster pace. Rather than go through the 1000 page user guide or a thin how to guide for standards with very few examples. Learning by examples is the ...
updated idea 22 Jul 2016
awooso posted: IPSEC
I am currently doing an implementation of Symantec firewall to block all intersubnet traffic except a very select few for a very select subnet. Symantec firewall does a great jo and offers a lot of really easy to configure controls except when dealing with IPsec........... Since IPsec required port 500 upd (some say IP protocol 50 and 51) it should be a simple build right? except Symantec ...
new idea 22 Jul 2016
From within the SEPM if you sync an AD container that has managed clients in a unsynched container it moves them to the synched container in the SEPM and will not allow you to move them back without breaking the client management.  This being said it would be very helpful to be able to scan AD for hosts & their client status if present with the option to deploy ...