Video Screencast Help
Endpoint Management Community Blog
Showing posts tagged with Symantec Management Platform (Notification Server)
Showing posts in English
Ludovic Ferre | 24 Jan 2013 | 3 comments

I have a customer that is using the Connector Solution (in 6.0 and 7.x) to import users, group and parameters into their CMDB's for various business reasons.

Over time their import data has grown and so has the process time, to some extremes: updating 10~20K entries on a dataclass from a CSV file containing 1,000,000+ lines (a mere 30MiB) would take 3 hours + (in 6.0, and many more in 7.x).

Note that the imported data is not one for one - i.e. we are not populating a data table but linking keys from other tables, which is different process to handle from the SMP.

In a couple of cases we decided to take the processing outside of the Connector Solution, via a simple SQL procedure. This worked great but it requires some serious amount of work to implement the data insert, update and delete part of the procedure. This allowed us to run the import in less than one minute (fyi, it's Import #3 in the table below).

Thankfully my customer reported (today...

Ludovic Ferre | 23 Jan 2013 | 0 comments

The Symantec product listing xml was updated Monday.

Here are the information we have from it:

File name:
File hash: 3e447dd07844f9fad531a3240215a11b
File date: 2013-01-18 15:37
File size: 13,990,445 bytes (~14MB)
Release date: 2013-01-21

From the Git commit [1] we can see the following changes:


  Add /solutions/7_1/mobilemgmt/7_2_sp2_1_rtm/symantec_mobileframework_7_2_sp2_1_x64.msi_info ...
Ludovic Ferre | 22 Jan 2013 | 1 comment

I just finished a remote session with a customer that found a computer from the database that is not sending data back.

I had received the log files yesterday and the log viewer was all red and blue. Upon inspection it was clear that the agent COM components are not working (not registered or unregistered), so no basic inventory, client session management or sub-agents could perform their normal tasks.

Still the agent was getting it's policy file from the server, but not being able to do anything with the given policy (given its state).

We checked the computer Windows logs and found nothing interesting in there, so we crafted a SQL query to detect other computers with similar issues:

       i.Name, MAX(_eventtime) 'Last config request',
       MAX(s.ModifiedDate) 'Last Basic Inventory',
       MAX(s.createdDate) 'First inventory',
       DATEDIFF(d, max(s.modifiedDate),
mmurphy7 | 18 Jan 2013 | 0 comments


Internet browsers are perhaps one of the most exploited applications because of all they are capable are doing with the internet. For 2012, Mozilla’s Thunderbird, SeaMonkey, and Firefox had the following security advisory bulletins:

Bulletins 106
Vulnerabilities 152
Bulletins with Privilege Exploitations 53
Vulnerabilities with Privilege Exploitations 93
% of Bulletins with Privilege Exploitation 50.0%
% of Vulnerabilities with Privilege Exploitation 61.2%


While not the case in 2011, for 2012 all of Mozilla’s Security Advisories applied to Firefox. So this means that there were 93 out of 152, or 61.2%, of total vulnerabilities that had privilege exploitations. As we learned from the...

mmurphy7 | 18 Jan 2013 | 0 comments

With the new year upon us, it’s time for Arellia’s 2012 analysis of Adobe Security Bulletins and those with privilege exploits. As a refresher from the Introduction on Privilege Exploitation, privilege exploitation is where the malicious software takes advantage of the rights of the logged in user to change the configuration of the local computer.  Breakdown of Adobe Bulletins:

Bulletins 28
Vulnerabilities 125
Bulletins with Privilege Exploitations 20
Vulnerabilities with Privilege Exploitations 98
% of Bulletins with Privilege Exploitation 71.43%
% of Vulnerabilities with Privilege Exploitation...
Ludovic Ferre | 02 Jan 2013 | 0 comments

It looks like we tried to push out some update before the worl did _not_ end :D.

File name:
File hash: f66d34f93a3b240f0fa2f908428051b4
File date: 2012-12-20 10:31
File size: 13,727,806 bytes (~14MB)
Release date: 2012-12-21

Additional information:

  • ProductListing definitionName="symantec_v2" majorVersion="7" minorVersion="1" buildVersion="11"
  • Some changes occured in the package tree, as shown below with some prunning being done and Service Desk 7.5.1 being added
--- tree-737a531d1c28c34bd7b73f14e0633578.txt	2013-01-02 12:09:19.000000000 +0100
+++ tree-f66d34f93a3b240f0fa2f908428051b4.txt	2013-01-02 12:12:01.000000000 +0100
@@ -1,4 +1,4 @@
Ludovic Ferre | 01 Jan 2013 | 0 comments

Happy New Year Symantec and the Connect Community.

Today I updated my patch toolkit ([1][2]) with version 0.6.7, brining in a couple of features ontop of some project consolidation (nothing visible from the end-user standpoint but I have implementing a generic initializer and a config class that allow me to further consolidate the project codes).

Here are the features implemented in 0.6.7:

  • /severity=<severity>|* now has a wildcard token ("*") that allows users to select any severities instead of only one [available in both ZeroDayPAtch.exe and PAtchAutomation.exe]
  • /custom-sp=<sp_name> allows the user to specify a stored procedure name that will be executed [available in PatchAutomation.exe alone]

What's specially interesting in this case (and in the combination of both features) is that it is now possible to generate a result-set to be used in the tool based on what ever the end user want.

The /...

HighTower | 27 Dec 2012 | 7 comments

At the last couple of Symantec Endpoint Management User Group meetings I talked about a couple of things that can be done to improve the performance of your Symantec Management Platform.  I figured it would be best to summarize them in the group itself:

  1. The first one I mentioned had to do with changing the Kerberos authentication order in the IIS website from Negotiate > NTLM to NTLM > Negotiate
  2. The second we just ran across this week.  Our 16 core, 24gb RAM SQL server was running a constant 80-90% CPU utilization and we were experiencing frequent deadlocks.  On Sunday, a deadlock/blocking situation corrupted our PMImport and broke Patch.  Very bad things happened.

    In any event, we found that the SQL Tuning guide had been updated by...

Ludovic Ferre | 20 Dec 2012 | 0 comments

I was asked today to help on a long running hierarchy replication task. I pointed my customer to the default report whilst I was searching a hand crafted SQL to do the same, with a slightly friendlier look to it.

I found it, so I sent it to them and I share it with the Community now:

		rs._eventTime as 'Event time',
		replace (, '', '') + ' --> ' +
		replace (, '', '') + 
		case when '' then ' (Down)' else ' (Up)' end as 'Details',
		cast(rs.TotalReplicationCount as varchar) as 'Objects (total)',
		cast (rs.FailedReplicationCount as varchar) as 'Failed',
		cast (rs.DataTransferred as varchar) as 'Size in KiB',
		cast (DATEDIFF(mi, rs.[StartTime], rs.[FinishTime] ) as varchar)AS 'Duration (mins)'
Ludovic Ferre | 21 Nov 2012 | 1 comment

I just wrote an article in French regarding recommanded application pool configuration for the SMP and IIS.

It's available [1] but I won't tease you too much. Here is the most interesting part from it, a batch script to automate the pool creation, "straight off the bat" as a British friend of mine would put it. Please note that some web-applications work nicely in their own pools, but other need to remain in the /Altiris application domain. So if you feel like trying to craft your own, keep this in mind and be ready to revert.


@echo off
set appcmd=%comspec%\..\inetsrv\appcmd

%appcmd% add apppool -name:Altiris-NS-Agent
%appcmd% set apppool Altiris-NS-Agent -managedPipelineMode:Classic
%appcmd% set app "Default Web Site/Altiris/NS/Agent" -applicationPool:Altiris-NS-Agent

%appcmd% add apppool -name:TaskManagement
%appcmd% set apppool TaskManagement -managedPipelineMode:Classic
%appcmd% set app "Default Web Site/Altiris/...