Video Screencast Help
Search Video Help Close Back
to help

Security Community Blog

Showing posts tagged with Endpoint Protection (AntiVirus)
Showing posts in English
Featured: LiveUpdate Administrator (LUA) version 2.3.2 is now available
Mithun Sanghavi | 01 Nov 2012 | 3 comments

 

The Latest version of LiveUpdate Administrator (LUA) version 2.3.2 is now available.

Contact Symantec Technical Support to grab the Latest Copy of LiveUpdate Administrator (LUA) version 2.3.2

The installation file (147.35 MB) and will later be included on the SEP 12.1 RU2 DVD’s (SEP 12.1 RU2 is yet to be released)

Some of the features included in this release

  • Packaged with Apache Tomcat version 7.0.26 and PostgreSQL version 9.1.3.
  • Packaged with JRE 1.7 (private JRE, automatically bundled, installed and configured by the LUA installer).
  • Enhanced security with advanced features to protect the User Interface from certain attacks.
  • Added the ability to modify the LUA download directory path at any time (not just at install time).
  • Product Catalog will now automatically update to ensure catalog changes become available without any user...
Read more
Featured: New Trojan.Shylock wave
Brandon Noble | 28 Aug 2012 | 0 comments

We have been seeing a recent wave of Trojan.Shylock variants with a lot of additional functionality than the older versions we have been used to.

Initially, many of these variants are detected generically as Backdoor.Trojan or Trojan Horse, but our new Shylock heuristic signatures (Trojan.Shylock!gen6 and Trojan.Shylock!gen7) should be changing this to a more accurate naming convention, and should be picking up a much wider spread of these threats.

Additionally we are hearing about some behavior that we have not been able to reproduce. Reports are saying that legitimate documents are getting hidden and then shortcuts with the same name of the document are being added in their place. These shortcuts actually launch a thumbs.db(x) file which is the Shylock Trojan, and they are meant to trick the user into running the threat. This is common behavior of for threats, as noted in this blog article from May 2012,...

Read more
AV engine update - May 21st 2013
pete_4u2002 | 17 May 2013 | 0 comments

Reference: http://www.symantec.com/business/support/index?page=content&id=TECH205767

Symantec will post update to the AV Engine in Multiple Daily Virus Definitions on Tuesday May 21st 2013.

Beginning with the Virus Definitions that include the update AV Engine version 20131.1, additional files will be added. That update is expected to post in MDD1 on Wednesday May 21st.

Symantec Endpoint Protection 12.1+ and Norton AntiVirus/Norton Internet Security 2011+ customers will see 4 new index files.  Symantec Endpoint Protection 11+ and Norton AntiVirus/Norton Internet Security 2007+ products will see 8 additional index files.

As a result of the additional files, the size of each dated definition folder will increase. Note the size increase noted below will be the size that is added to the dated definition folders as they exist...

Read more
Running SERT on older Pentium 4 systems
Wally | 14 May 2013 | 1 comment

Hello all - I just want to share this information with you.  It worked for me, but no guarantees...

We have a couple of older P4 systems (XP SP3 32-bit) with the Intel 865PE chipset and ICH5 controller.   We couldn't boot from the SERT CD on these systems - got a boot error 5 - probably has something to do with the older chipset and WinPE.

So, here's what we did to boot from a USB memory stick

First follow the instructions in TECH131578 -

http://www.symantec.com/business/support/index?page=content&id=TECH131578&profileURL=https%3A%2F%2Fsymaccount-profile.symantec.com%2FSSO%2Findex.jsp%3FssoID%3D1367256265628krhzFurGC64N88iGa5T5a6LD1sSGJF28647W0

with the following exception in Step 6....

Read more
SEPM 12.1 and DLO 7.5 8443 port conflict
bartolomeu | 29 Apr 2013 | 0 comments

When you have installed both Symantec Endpoint Protection Manager and DLO Server 7.5 you can meet a port conflict. Both application use tomcat with default https port 8443.

i.e. if you have installed SEPM 12.1 and upgrade DLO to 7.5 you may encounter problems with logging to SEPM console like:

- Server Certificate is not present in your trusted store

- Unexpected server Error

Problem disappears after service Mindtree StoreSmart Dedupe Server (tomcat7.exe) is stopped.

DLO 7.5 have new feature: Dedupe Server, which uses tomcat on https port 8443, the same port that uses tomcat in SEPM.

I solved the problem by change DLO dedupe server port to 8443. I've edited "C:\Program Files\Symantec\Symantec DLO\Dedupe\Tomcat\conf\server.xml" file in notepad. I've updated all entries of "8443" to i.e. "8449".

Other possible solution is change the SEPM port. You can do it by "...

Read more
W32.Inabot - Support Perspective and Battle Plan
Brandon Noble | 25 Apr 2013 | 2 comments

I. BACKGROUND:
We have been receiving a few scattered cases of outbreaks from a file labeled snkb00ptz.exe or snkb0ptz.exe, but it seems to be on the rise.

It's normally considered poor troubleshooting to use the file name for any type of identification of a threat, but recent examples have made this practical. Even though these files were detected as many different threat names and families (Trojan.gen, w32.IRCBot.NG, Downloader, etc), the cases all reported the same behavior and symptoms.

After some additional investigation, Symantec Security Response has broken out detection for W32.Inabot. That's short for the Insomnia IRC bot. More information is available from the makers of this threat in their manual, here: http://pastebin.com/dvpu8Zwb

For those of you familiar with W32.Changeup, much of this...

Read more
Configuring Symantec Endpoint Protection 11.x for Maximum Protection
Mithun Sanghavi | 23 Apr 2013 | 0 comments

Hello,

The following general best practices document for configuring and managing SEP 11.0 was prepared by the Symantec product team.

It is always recommended to have the Latest version of SEP 11.x on your Client machines. Check this Article:

About Maintaining Consistency of Software Versions throughout a SEP 11 Organization

http://www.symantec.com/business/support/index?page=content&id=TECH131660

See the attached files for additional documents.

Here is a general outline for configuring SEP to maximize protection from today's emerging threats:

(This outline is in order of easiest to implement first)

  1. Implement recommendations from Symantec Security Response: http://www.symantec.com/docs/TECH122943
  2. Validate...
Read more
Smart tool to selectively Backup and Restore Registry Keys
riva11 | 09 Apr 2013 | 0 comments

SMARegisTry Backup is a simple open source tool for backing up and restoring only selected Registry keys. The program has a basic interface that allows you to browse the registry and create, load, save lists of registry keys you'd like to backup.
Helpful when you have to export a specific key or keys all at once and restore later in a new installation or to repair keys in a existing computer infected by a virus.

OS supported : Windows XP, Windows XP x64, Windows Vista x86 / x64, Windows 7 x86 / x64, Windows Server 2003, and all versions of Windows Server 2008

Requirements : .NET Framework 2.0 or higher

License : Free

Reference : SMARegisTry Backup   
Author...

Read more
Repair Browser and network settings changed by Malware
riva11 | 09 Apr 2013 | 0 comments

Anvi Browser Repair Tool is a free and portable tool for Windows created to repair browser settings and networking settings changed by rogueware or malwares.

This is not an antivirus but help you to restore some important configurations and settings ( for example , homepage, safe startup items, DNS settings, Title Bar, BHO plug-in, etc ) after an virus attack.
 
System Requirements

Operating Systems :

  • Microsoft Windows XP (32-bit and 64-bit) with SP2/SP3 or Home/Professional/Media Center
  • Microsoft Windows Vista (32-bit and 64-bit) Starter/Home Basic/Home Premium/Business /Ultimate
  • Microsoft Windows (32-bit and 64-bit) Starter/ Home Basic/Home Premium/Professional/Ultimate

Hardware Requirements :

  • 300 MHz processor or faster processor
  • 128 MB of RAM
  • 50 MB of free hard disk space

License : Free

Reference :...

Read more
Latest Symantec Endpoint Protection Released - SEP 12.1 RU2 MP1
Mithun Sanghavi | 09 Apr 2013 | 23 comments

 

Hello,

Symantec Endpoint Protection 12.1. RU2 MP1 is Released Today as on 8th April 2013.

You may find the Latest Release of Symantec Endpoint Protection 12.1.RU2 from: https://fileconnect.symantec.com/

SEP 12.1.2_MP1.JPG

 

This build's version is: 12.1.2100.2093.

Migration paths

Symantec Endpoint Protection 12.1.2100.2093 (RU2 MP1) can migrate seamlessly over the following:

  • Symantec Endpoint Protection 12.1.2015.2015 (RU2)

This Symantec Release build contains:

  • 18 top impacting fixes.
  • 25 internal defect fixes
  • Security updates for JRE
     

KnowledgeBase Articles:

Release Notes and...

Read more