Video Screencast Help
updated discussion 26 Jun 2016
Hi: We are currently using the ESM(Enterprise Security Manager) product to ensure the server setting compliance. I would like to verify some technical questions on the auditing standpoint. - Is it possible that after restarting the ESM server, some of the registered server agents will be disappeared from the ESM console.  In other words, when performing the restart second time, the ...
new discussion 26 Jun 2016
Hi, I'm trying to find a way to block inbound macro-enabeld .doc and .xls files from passing through SMSMSE. I have created the following content filtering rule: However, those files are still coming through. Does anyone have an idea regarding this? Can SMSMSE even scan inside binary files? When I open this kind of file with a test editor, I can see the strings I'm trying to block. For ...
updated discussion 24 Jun 2016
Does anyone know how to get the PID number of the process that is being blocked by IPS. Of course it's the svchost.exe, but it never tells you what the PID number. And is there a way to get the TID number just in case it just a single thread that is tripping it off?
updated discussion 26 Jun 2016
Hi: We are currently using the ESM(Enterprise Security Manager) product to ensure the server setting compliance. I would like to verify some technical questions on the auditing standpoint. - Is it possible that after restarting the ESM server, some of the registered server agents will be disappeared from the ESM console.  In other words, when performing the restart second time, the ...
new discussion 26 Jun 2016
Hi, I'm trying to find a way to block inbound macro-enabeld .doc and .xls files from passing through SMSMSE. I have created the following content filtering rule: However, those files are still coming through. Does anyone have an idea regarding this? Can SMSMSE even scan inside binary files? When I open this kind of file with a test editor, I can see the strings I'm trying to block. For ...
updated discussion 24 Jun 2016
Does anyone know how to get the PID number of the process that is being blocked by IPS. Of course it's the svchost.exe, but it never tells you what the PID number. And is there a way to get the TID number just in case it just a single thread that is tripping it off?
updated article 24 Jun 2016
As of SCU2016-1 there is only “CIS Microsoft Windows Server 2012 V 1.0.0” standard in Predefined folder which is currently few years old and lagging behind latest CIS benchmarks: CIS Microsoft Windows Server 2012 non-R2 Benchmark v2.0.0 CIS Microsoft Windows Server 2012 R2 Benchmark v2.2.0 In this article I’ll focus on implementing following checks from above CIS benchmarks which can extend ...
updated article 23 Jun 2016
Note: These slides were presented at the June 16 meeting of the Las Vegas DLP User Group. This information is the experience of a customer, so the procedures used were his and are not those of Symantec.
updated article 23 Jun 2016
Updated on 1st Feb'15             SEP 11.x licensing is basically just a "paper" license product. However, with SEP 12.1 the licensing is a "software" license product and uses a  license file. It is important to become familiar with this license concept. Depending upon the license vendor, you receive either a product license serial ...
updated article 22 Jun 2016
Overview SEP allows for clients to report their log information to the Symantec Endpoint Protection Manager (SEPM). This client logging can be done with or without using external logging. Either way, this allows for reports to be created in the SEPM console. These reports can be viewed or saved to external files. The external logging feature in the SEPM allows for saving log data outside of a ...
updated blog entry 24 Jun 2016
Compliance has traditionally been perceived as a ‘cost’; something that slows things down rather than something that can enable a business. Agile organizations do things faster. Today agile development has become ubiquitous both for startups and for large established companies. Over the last few years, agile concepts have moved from software development to business processes in the ‘Lean ...
updated blog entry 22 Jun 2016
网络攻击者正利用新型Adobe Flash player零日漏洞对限定目标进行攻击。该漏洞(CVE-2016-4171)的补丁程序将于明天(6月16日)发布。为了在补丁发布前保护客户安全,赛门铁克推出了一个反病毒特征码(Exp.CVE-2016-4171),该特征码可阻挡网络攻击者对此漏洞进行利用。 这个严重漏洞可影响以下操作系统中21.0.0.242和更早版本的Adobe Flash Player: Windows Mac OS X Linux Chrome OS Adobe声称一份有关此零日漏洞在网络中受攻击者利用的报告引起了该公司的注意。网络攻击者正利用此漏洞对限定目标进行攻击。Adobe将于6月16日发布此漏洞的补丁,将其作为月度安全性更新工作的一部分。 缓解措施的建议 我们建议Flash ...
updated blog entry 20 Jun 2016
Enterprises can rise to the very peak of their goals and expectations when they have the highest levels of Threat Protection, Information Protection and Cloud Security firmly in place. That was the overriding message to emerge from the Gartner Security & Risk Management Summit (13–16 June 2016 at the National Harbor, MD), which homed in hard on the ‘hot spots’ that are challenging businesses ...
new blog entry 20 Jun 2016
ここ数週間、主立ったマルウェアファミリーの多くで、急激な活動の停滞が確認されています。なかでも、この傾向が強く表れているように見えるのが、Locky(Trojan.Cryptolocker.AF)、Dridex(W32.Cridex)、Necurs(Backdoor.Necurs)、そして Angler 悪用ツールキットです。さまざまなサイバー犯罪集団の活動が停滞しているという報告を受けてシマンテックが遠隔測定を実施したところ、ほとんど活動を停止したグループもあれば、活動を大幅に縮小したグループもあることが確認されました。 Locky は、最近の数カ月でも特に隆盛をきわめたランサムウェアのひとつですが、6 月に入ってからは、スパム攻撃でも悪用ツールキットでも、その新しい亜種がほとんど出現していません。消滅したわけではありませんが、活動が大幅に沈静化していることから、Locky ...
new blog entry 19 Jun 2016
在最近几周内,一些重要恶意软件的使用率急剧下降。受此事件影响的有Dridex (W32.Cridex)、Locky (Trojan.Cryptolocker.AF)、Angler漏洞利用工具包和Necurs ...
new download 17 Jun 2016
Ever had the CCS Agent registered with wrong name or agent IP changed? In some situations it can be pain to fix this as it requires going to agent and running the registration again (imaging you do not have access to agent server and you have to raise ticket to 3rd party supplier and he asks you to raise a change request). Well with these two simple scripts, you can change both agent name and ...
new download 16 May 2016
To make use of stop-words for russian language, download attached file, unzip it and place to the "Protect\config\stopwords" subfolder in the Symantec DLP installation directory. Then go to the "Advanced settings" page of selected detection server and set the variable "Lexer.StopwordLanguages" to "en,ru". Do it for every detection server you have.
updated download 22 Apr 2016
Symantec DCS Policy Utility v1.0.0.11 For Windows OS (Note .NET Framework 4.5 is required) Designed to help you tune your policy by processing the log files from an Agent. There's a getting started tab that explains the best steps to get the logs and events you need to troubleshoot your policy. The program does not make any changes to the machine or policy. It parses the sisidsevents and ...
updated download 01 Apr 2016
When a customer is using the forensics software "Encase 7" with our Symantec Endpoint Encryption Full Disk 8.2.0 software, the customer will need the appropriate DLLs so that the Encase product can successfully work with our Full Disk product. The DLLs required are attached here and can also be located within the original product download under the subfolder "utilities". The DLLs required in ...
updated download 01 Apr 2016
At times, a customer may require the details for creating a batch file (startup script) to assist in the uninstallation of a Symantec Endpoint Encryption Device Control client that was installed via GPO. You cannot use the automatic uninstall feature in the GPO software installation package because the Device Control uninstall procedure is password protected. To uninstall Device Control you ...
new download 01 Mar 2016
Symantec Data Loss Prevention- Triggering Endpoint Response Rules Video
updated event 24 Jun 2016
Please join us for the next Western New York User Group meeting on Tuesday, June 28 from 12:00 p.m. to 2:30 p.m. at Dave & Busters. Our meeting will be a good mix of customer presentation and time for networking with other Symantec Security users in the area. Lunch will be served! Agenda:  Welcome, Introductions, and Lunch Customer Presentation: Kevin Haley – ISTR Report ...
updated event 21 Jun 2016
The Philadelphia Security User Group invites you and all Symantec customers in the Mid-Atlantic region to join us for our annual user group meeting at Hershey Park, PA on Friday, August 5 from 9:00 am to 1:00 pm. Breakfast will be served for you, with free park tickets for your whole family! Register ...
updated event 18 Jun 2016
NetX a Symantec Authorized Training Partner (ATP) delivers Instructor-led Training Classes either on-site or remotely.  We offer over 20 different Symantec Classes, for a complete list please visit netxinc.com/training Attend from your home, office or one of our convenient locations.   Our training classes are Guaranteed to Run, We Never Cancel!  Symantec Endpoint ...
updated event 18 Jun 2016
NetX a Symantec Authorized Training Partner (ATP) delivers Instructor-led Training Classes either on-site or remotely.  We offer over 20 different Symantec Classes, for a complete list please visit netxinc.com/training Attend from your home, office or one of our convenient locations.   Our training classes are Guaranteed to Run, We Never Cancel!  The Symantec Control ...
updated event 18 Jun 2016
NetX a Symantec Authorized Training Partner (ATP) delivers Instructor-led Training Classes either on-site or remotely.  We offer over 20 different Symantec Classes, for a complete list please visit netxinc.com/training Attend from your home, office or one of our convenient locations.   Our training classes are Guaranteed to Run, We Never Cancel!  Symantec Data Loss ...
updated event 16 Jun 2016
Please join us for the next South Florida Security User Group meeting on Wednesday, June 22 from 11:30 am to 2:00 pm at Bokamper's in Miramar. Lunch will be served! Agenda  Welcome – Raul Documet Product Update on Advanced Threat Protection / Data Loss Prevention - Curtis Carroll Lunch & Networking Presentation – Javier Sola – ATP / ...
updated event 15 Jun 2016
Please join us for the next Cleveland Security User Group meeting on Thursday, June 23 from 9:00 a.m. to 1:00 p.m. at FirstEnergy in Akron. Our meeting will be a good mix of customer presentation and time for networking with other Symantec Security users in the area.  Lunch will be served!  Presentations:  9:00 – 9:30: Welcome and Introductions – Brad Gladish 9:30 – 10:30: ...
updated video 17 Jun 2016
In this quick update our risk management expert, John Higday, highlights the updates in ATP 2.0.2 which  provides IT security teams with the best visibility in their endpoint environment.   Advanced Threat Protection - Expose, prioritize, and remediate sophisticated advanced attacks across endpoints, networks, and email, from one single console.   Download our ATP whitepaper at ...
updated video 19 May 2016
This video will help new customers to provision their domains and inbound routes once they have access to the administration portal. If you want a desktop aid to provide a step by step guide as to the tool, then please download that here.
new video 17 May 2016
Bay Dynamics recently announced the availability of the standalone IT Analytics Server 2.1, which includes an enhanced web based cube browser. This video walks you through how as an existing Symantec Endpoint Protection customer, you can leverage IT Analytics Server to visualize your cube data and take advantage of its benefits.
updated video 17 May 2016
Bay Dynamics recently announced the availability of the standalone IT Analytics Server 2.1, which includes an enhanced web based cube browser. This video walks you through how as an existing Symantec customer, you can leverage IT Analytics Server to visualize your cube data and take advantage of its benefits.
new video 17 May 2016
In this video, we demonstrate how to install the new standalone IT Analytics Server v2.1 with the Symantec Data Loss Prevention content pack.
updated video 17 May 2016
This training module aims to walk you through how to setup a new business partner in the Encryption module of the Management Portal. Watch more Videos in the Self-serve TLS video series: Self-serve TLS: Moving domains from one Business Partner to another Self-serve TLS: Getting visibility into your enforcements Self-serve TLS: Enforcing TLS encryption between you and the Email Security ...
new video 13 May 2016
This video shows you the new features in Advanced Threat Protection 2.0.2.
updated video 13 May 2016
In this video, you'll see how you can use a STIX file to perform a database search in Advanced Threat Protection 2.0.2 and later.
updated video 13 May 2016
This video shows how you can create on demand and scheduled reports in Advanced Threat Protection.
updated idea 24 Jun 2016
Commonly we'll assign a temporary PC name during PC configuration, then rename the PC when it gets deployed, but the alias still shows the temporary name instead of the correct computer name. In our managed environments, the computer name is far more important than the alias assigned at the time of SEP.cloud installation.  We would like the ability to have the ALIAS automatically ...
updated idea 23 Jun 2016
Better active directory integration.  it would be really nice to access everything from one console and not have to click and search to find computers or endpoints.  if i click on the client tab and go to my groups, it would be nice to just right click and install package, or highlight and select multiple workstations and right click and send package.  Other vendors have ...
updated idea 21 Jun 2016
Symantec Mail Security for Microsoft Exchange's quarantine has a few areas that could stand for some improvement. After quarantining a specific attachment type to stop 0day obfuscated Trojan downloaders, I found that I could not release legitimate emails to their intended recipients, because SMSE does not list recipients in the CC or BCC fields of an email.  Legitimate emails with just ...
updated idea 20 Jun 2016
Hi, For deployment via SCCM which is a Microsoft product it requires that we have a single MSI package for SEP client be created via SEPM  Currentlly we have 2 options one one is a single EXE file & other is MSI with sperate files for  the SEP client package that is created via SEPM We need a single MSI file for SEP client package so that the SEP client can be deployed via ...
updated idea 20 Jun 2016
PROBLEM: Symantec Messaging Gateway refuses to do a backup. When the process is started from the console the error message is: ERROR: There is not enough drive space available to perform the backup. Space Required:  kb SYMANTEC SOLUTION: The standard solution offered my Symantec Tech Support is to follow the instructions in articles TECH96749 and TECH198862. In some cases this is not ...
new idea 16 Jun 2016
It would be nice if when you create a package from SEPM it would add the Version and Group it belongs to to the metadata.   This way if you look at the EXE you could see what it is for.