Video Screencast Help
discussion comment 30 May 2016
new idea 30 May 2016
[Current ] On SEPM, each limited admin could view & edit all LiveUpdate Content Policies, even thougn the policy is not assigned to a group that the limited admin managed. this could causing a limited admin wrongly edit a LiveUpdate Content Policy that doesnot belong to him. [Requirement] On SEPM, limited admin could only view & edit a LiveUpdate Content Policies which had ...
updated idea 30 May 2016
【现状】在SEPM上, Limited Admin用户可以查看和编辑全部 Liveupdate Content 策略,无论该策略是否分配到自己管理的用户组。这很容易导致误操作。 【需求】 Limited Admin用户仅可以看到和编辑分配到自己有权限管理的用户组上的Liveupdate Content 策略。 【原因】 避免误操作,无意中修改自己权限范围外的LiveUpdate Content 策略  
updated discussion 30 May 2016
Hello, Is Symantec aware of this new ransomware ZCryptor? At least I couldn't find any information from Symantec about it. Please check the below from Microsoft: https://blogs.technet.microsoft.com/mmpc/2016/05/26/link-lnk-to-ransom/ Regards
new idea 29 May 2016
Guten Tag Betrifft: Symantec Endpoint Protection Small Business Edition .cloud In der Liste mit der Computerübersicht ist in der Spalte "Letzte Verbindung am" das Datum im Format MM.DD.YYYY dargestellt. Ist es möglich, dieses auf DD.MM.YYYY umzustellen? Freundliche Grüsse
discussion comment 30 May 2016
updated discussion 30 May 2016
Hello, Is Symantec aware of this new ransomware ZCryptor? At least I couldn't find any information from Symantec about it. Please check the below from Microsoft: https://blogs.technet.microsoft.com/mmpc/2016/05/26/link-lnk-to-ransom/ Regards
new discussion 27 May 2016
Hi All, what all automated reports/notifications can be configured in 2.0  please suggest... Regards Amit Klaynia 9999055167
updated article 29 May 2016
Introduction By popular demand, below is an index of my Connect articles.  Illustrated, semi-formal and mildly amusing, I hope they assist admins and individuals along their neverending quest to find a safe path in this ever more dangerous world.... Security Series The first article, Using SEPM Alerts and Reports to Combat a Malware Outbreak, demonstrated how to use ...
updated article 29 May 2016
Introduction This is lucky number thirteen in my Security Series of Connect articles.  For more information on how to keep your enterprise environment secure using often-overlooked capabilities of Symantec Endpoint Protection (and the OS upon which it functions), see Mick's Greatest Hits: Index of Helpful Connect Security Articles. Chapter Thirteen: Delver of the Arcane ...
updated article 23 May 2016
The communication between the DCS agent and the DCS manager is based on TCP connections. The DCS agent makes a TCP connection to the DCS manager and sends data and gets a response. The DCS agent then closes the connection. The current protocol used over the TCP connection is either HTTP or more commonly HTTPS. When using the HTTPS protocol, the DCS agent verifies the ...
updated article 19 May 2016
Use the attachment below to walk through the provisioning process, or any time you need to add a domain. If you want to watch a video demonstration of the tool, please click here.
updated article 18 May 2016
Overview SEP allows for clients to report their log information to the Symantec Endpoint Protection Manager (SEPM). This client logging can be done with or without using external logging. Either way, this allows for reports to be created in the SEPM console. These reports can be viewed or saved to external files. The external logging feature in the SEPM allows for saving log data outside of a ...
new blog entry 29 May 2016
シマンテックは、フィリピンの銀行があるグループの攻撃を受けていることを確認しています。これは、バングラデシュの中央銀行から 8,100 万米ドルを盗み、ベトナムの Tien Phong 銀行からも 100 万ドルを盗み出そうとしたグループです。 そのグループが使っているマルウェアが、フィリピンの銀行を狙った標的型攻撃にも使われました。それだけではなく、この攻撃に使われたツールの一部では、Lazarus として知られる脅威グループが関与する歴史的な攻撃で使われていたマルウェアと共通するコードも見つかっています。この攻撃は、2015 年 10 月までさかのぼることができますが、それはベトナムで攻撃未遂が発覚した 2 ...
new blog entry 29 May 2016
Android 6.0 Marshmallow で導入された最新の権限承認モデルに対処するために、モバイルマルウェアの作成者はマルウェアを進化させています。現在のモデルは、インストール時に権限をすべて認めてしまうのではなく、アプリが必要とする場合にのみユーザーが権限を承認するように設計されました。しかし、Android.Bankosy や Android.Cepsohord など危険性の高いマルウェアは、悪質な活動を実行するうえで必要な権限を取得しようとして、このような手法にも適応するようになっています。 実行時に権限を要求する Android 6.0 Marshmallow デバイスでは、プライバシーを侵害する恐れのある権限を、インストール時にすべて承認するのではなく、実行時に必要なときにだけ要求するようになりました。 例外的なのは、アプリの "target_sdk" 属性を ...
new blog entry 29 May 2016
赛门铁克发现一家菲律宾银行受到网络犯罪团伙攻击。该团伙曾在孟加拉中央银行盗取8100万美元,并试图在越南先锋银行盗取100多万美元。 网络攻击者在对一家菲律宾银行攻击中也使用了该团伙所用的恶意软件。除此之外,此次攻击中一些工具所使用的代码,与一个名为“Lazarus”的网络威胁团伙在以往攻击中所使用的恶意软件相似。这些攻击可追溯至2015年10月份。两个月后,相关人员才发现那次对越南的攻击以失败告终,这也是我们迄今为止最早了解到的相关攻击事件。 调查发现网络攻击者用恶意软件掩盖欺诈性转账的证据。在此之后,孟加拉中央银行受攻击事件触发了SWIFT(环球同业银行金融电讯协会)支付网络的警觉。SWIFT进一步发出警告,声称其已发现网络攻击者正以相同方式利用恶意软件攻击另一家银行。越南先锋银行随后发表声明,声称该行在去年第四季度拦截了一次超过100万美元的欺诈性转账。SWIFT认为第二次 ...
updated blog entry 29 May 2016
手机恶意软件开发人员对软件进行了升级,使其能够操纵安卓6.0 Marshmallow引入的最新权限许可模型。该模型的设计目的是让用户只能在应用程序需要权限时对其进行授权,而不是在安装时就接受所有权限。然而,像Android.Bankosy和Android.Cepsohord这样的危险病毒已适应了这种方法,试图在执行恶意攻击活动时获取所需权限。 在运行时请求权限 在安装安卓6.0 Marshmallow操作系统的设备上,若应用程序不是在安装时请求权限,而是在运行时按需请求权限,则可能会构成隐私泄露的风险。 然而该规则也有例外,那就是应用程序“target_sdk”属性值设置为23以下的情况。例如,如果应用程序开发人员故意将这个值设置为22以避免应用程序在运行时请求权限,那么用户可在应用程序安装期间授予其所有的请求权限。然而,我们应注意:无论运行Marshmallow设备的 ...
updated blog entry 27 May 2016
While your organization has turned to Office 365 for productivity with the cloud, is your data safe and secure? According to an IDC white paper sponsored by Symantec, organizations should focus their efforts on the main areas of authentication and access control, data loss prevention, email security, and advanced threat protection to improve upon Office 365's integrated security features. In ...
updated blog entry 27 May 2016
Regular readers of the Symantec blog may sometimes read blogs that mention a fraudulent file that is signed with a valid digital certificate or that an attacker signed their malware with a stolen digital certificate. You may recall that the creators of Stuxnet, arguably the most notorious malware in history, signed it using the private keys of valid digital certificates of well-known ...
updated blog entry 27 May 2016
Contributor: Jeet Morparia Symantec has recently observed various malware families seen in the wild signed with multiple digital certificates. As seen with Suckfly, valid, legitimate certificates can be stolen from an organization, often without their knowledge, and then used to sign malware to evade detection. In this case, attackers have used multiple digital certificates together to ...
updated blog entry 27 May 2016
Symantec has found evidence that a bank in the Philippines has also been attacked by the group that stole US$81 million from the Bangladesh central bank and attempted to steal over $1 million from the Tien Phong Bank in Vietnam. Malware used by the group was also deployed in targeted attacks against a bank in the Philippines. In addition to this, some of the tools used share code similarities ...
new blog entry 26 May 2016
Mobile malware authors have updated their threats to handle Android’s latest permission-granting model, which was introduced in version 6.0 Marshmallow. The model was designed to let users grant permissions only when apps require them, rather than accepting them all on installation. However, dangerous threats such as Android.Bankosy and Android.Cepsohord have adapted to this method in an ...
new download 16 May 2016
To make use of stop-words for russian language, download attached file, unzip it and place to the "Protect\config\stopwords" subfolder in the Symantec DLP installation directory. Then go to the "Advanced settings" page of selected detection server and set the variable "Lexer.StopwordLanguages" to "en,ru". Do it for every detection server you have.
updated download 22 Apr 2016
Symantec DCS Policy Utility v1.0.0.11 For Windows OS (Note .NET Framework 4.5 is required) Designed to help you tune your policy by processing the log files from an Agent. There's a getting started tab that explains the best steps to get the logs and events you need to troubleshoot your policy. The program does not make any changes to the machine or policy. It parses the sisidsevents and ...
updated download 01 Apr 2016
When a customer is using the forensics software "Encase 7" with our Symantec Endpoint Encryption Full Disk 8.2.0 software, the customer will need the appropriate DLLs so that the Encase product can successfully work with our Full Disk product. The DLLs required are attached here and can also be located within the original product download under the subfolder "utilities". The DLLs required in ...
updated download 01 Apr 2016
At times, a customer may require the details for creating a batch file (startup script) to assist in the uninstallation of a Symantec Endpoint Encryption Device Control client that was installed via GPO. You cannot use the automatic uninstall feature in the GPO software installation package because the Device Control uninstall procedure is password protected. To uninstall Device Control you ...
new download 01 Mar 2016
Symantec Data Loss Prevention- Triggering Endpoint Response Rules Video
new download 01 Mar 2016
Oracle 11g Symantec DLP Installation
updated download 16 Feb 2016
This script is intended for use in Symantec Data Loss Prevention and provide an ability to sort incidents not only by file name but also by separate subfolders in it's path. You need to create following Custom Attributes: FPath_Drive_Letter FPath_Root_Folder FPath_SubFolder_1 FPath_SubFolder_2 FPath_SubFolder_3 FPath_SubFolder_4 ''' Created on 8 feb 2016 @author: Stepanov Alexander ...
new event 27 May 2016
The Philadelphia Security User Group invites you and all Symantec customers in the Mid-Atlantic region to join us for our annual user group meeting at Hershey Park, PA on Friday, August 5 from 9:00 am to 1:00 pm. Breakfast will be served for you, with free park tickets for your whole family! Register Today! Agenda Real Data Center Security in a Cloud Environment Endpoint Protection Risk ...
updated event 27 May 2016
Please join us for the next Cleveland Security User Group meeting on Thursday, June 23 from 9:00 a.m. to 1:00 p.m. at FirstEnergy in Akron. Our meeting will be a good mix of customer presentation and time for networking with other Symantec Security users in the area.  Lunch will be served!  Presentations:  9:00 – 9:30: Welcome and Introductions – Brad Gladish 9:30 – 10:30: ...
updated event 24 May 2016
Please join us for the next Brazil Data Loss Prevention User Group meeting, June 1 from 09:00 to 12:00. Agenda: 09:00-09:30 – Welcome/Introductions 09:30-10:00 – User Group initiative/concept 10:00-10:15 – Break 10:15-11:00 – Customer Success Story 11:00-11:45 – DLP What’s new and Roadmap 11:45-12:00 – Closing and Next Steps
updated event 19 May 2016
Please join us for the next South Florida Security User Group meeting on Wednesday, June 22 from 11:30 am to 2:00 pm at Bokamper's in Miramar. Lunch will be served! Agenda  Welcome – Raul Documet Presentation – Symantec: ATP / DLP Lunch & Networking Presentation – Javier Sola – ATP / DLP Customer Roundtable Conclusion, Prize Drawings & Feedback
updated event 19 May 2016
Please join us for the next Michigan Security User Group meeting on Tuesday, June 7 from 10 am to 1 pm at CBI’s offices in Ferndale. Lunch will be served! Agenda: 10:00 – 10:30  Welcome and Introductions 10:30 – 11:30  Symantec / CBI joint presentation: Don’t Be a Victim, Be a Hero History of Ransomware and ATP Advanced Persistent Threats (APTs) use technologies, people and ...
updated video 19 May 2016
This video will help new customers to provision their domains and inbound routes once they have access to the administration portal. If you want a desktop aid to provide a step by step guide as to the tool, then please download that here.
new video 17 May 2016
Bay Dynamics recently announced the availability of the standalone IT Analytics Server 2.1, which includes an enhanced web based cube browser. This video walks you through how as an existing Symantec Endpoint Protection customer, you can leverage IT Analytics Server to visualize your cube data and take advantage of its benefits.
updated video 17 May 2016
Bay Dynamics recently announced the availability of the standalone IT Analytics Server 2.1, which includes an enhanced web based cube browser. This video walks you through how as an existing Symantec customer, you can leverage IT Analytics Server to visualize your cube data and take advantage of its benefits.
new video 17 May 2016
In this video, we demonstrate how to install the new standalone IT Analytics Server v2.1 with the Symantec Data Loss Prevention content pack.
updated video 17 May 2016
This training module aims to walk you through how to setup a new business partner in the Encryption module of the Management Portal. Watch more Videos in the Self-serve TLS video series: Self-serve TLS: Moving domains from one Business Partner to another Self-serve TLS: Getting visibility into your enforcements Self-serve TLS: Enforcing TLS encryption between you and the Email Security ...
new video 13 May 2016
This video shows you the new features in Advanced Threat Protection 2.0.2.
updated video 13 May 2016
In this video, you'll see how you can use a STIX file to perform a database search in Advanced Threat Protection 2.0.2 and later.
updated video 13 May 2016
This video shows how you can create on demand and scheduled reports in Advanced Threat Protection.
updated video 13 May 2016
This video shows how Advanced Threat Protection can help you analyze process behaviors that occur on your endpoints.
new idea 30 May 2016
[Current ] On SEPM, each limited admin could view & edit all LiveUpdate Content Policies, even thougn the policy is not assigned to a group that the limited admin managed. this could causing a limited admin wrongly edit a LiveUpdate Content Policy that doesnot belong to him. [Requirement] On SEPM, limited admin could only view & edit a LiveUpdate Content Policies which had ...
updated idea 30 May 2016
【现状】在SEPM上, Limited Admin用户可以查看和编辑全部 Liveupdate Content 策略,无论该策略是否分配到自己管理的用户组。这很容易导致误操作。 【需求】 Limited Admin用户仅可以看到和编辑分配到自己有权限管理的用户组上的Liveupdate Content 策略。 【原因】 避免误操作,无意中修改自己权限范围外的LiveUpdate Content 策略  
new idea 29 May 2016
Guten Tag Betrifft: Symantec Endpoint Protection Small Business Edition .cloud In der Liste mit der Computerübersicht ist in der Spalte "Letzte Verbindung am" das Datum im Format MM.DD.YYYY dargestellt. Ist es möglich, dieses auf DD.MM.YYYY umzustellen? Freundliche Grüsse
updated idea 27 May 2016
Hi, One of the customer is requested below,  if any e-mails that are including View or Release link shared to any users from outside of the company, can be view and read this e-mail without Authentication and the only solution is disabling “Sent View and Release Link(These links have Embedded Credentials)” option. Customer thinks that is a Vulnerability and ...
new idea 27 May 2016
Mail Security for Exchange 7.5.2 and 7.5.3 does not log Configuration change details. It does log when changes are saved but does not provide details of the change. This would be good information to log for auditing purposes.
new idea 27 May 2016
The system audit is lacking information from the object on wich an action is performed. This is an important point for an audit log and should be integrated on the SEPM logs system -> server Activity Logs. At least the following information is crutial for the action "the computer account has been moved to another group": machine, intial group, final group.
updated idea 26 May 2016
I know there is the load balancing/failover solution for clients checking into SEPM but I am looking to implement load balancning for my admins logging into the SEPM console. We have over 200 administrators and I do not want at any point one of our 3 management hosts to become overloaded because they are all logging into one directly at the same time. I would like to implement load ...
updated idea 24 May 2016
Endpoint Protection (12.1)定義ファイルのダウンロードサイズをカスタマイズできれば
updated idea 24 May 2016
I would like the ability to prevent missed scans from running when computers come back online. Most users turn their PC's off over the weekend, and then find it very frustrating when they come back to the office to find the computer running very slow due to missed scans running. Their should be an option for hosted Symantec Endpoint to skip missed scans. Thank you, Dave Cronin