Video Screencast Help

Security Community Blog

Showing posts tagged with Endpoint Protection (AntiVirus)
Showing posts in English
SebastianZ | 10 Jan 2014 | 0 comments

January 9, 2014 - Symantec has posted SYM14-001 Security Advisories relating to Symantec Products - Symantec Endpoint Protection Privilege Assumption, Policy Bypass, Local Elevation of Privilege. This is medium severity vulnerability. Detailed information about the vulnerabilities and what SEP builds are affected can be found at:

http://www.symantec.com/security_response/security...

SebastianZ | 09 Jan 2014 | 3 comments

As per Microsoft Support Lifecycle Policy both Windows XP SP3 and Office 2003 will reach end of support on April 8, 2014. The end of support means that after this date there will be no new security updates, non-security hotfixes or patches for both those products available. Technical support for XP from Microsoft will also not be available any more. Running XP SP3 (or lower) and Office 2003 after the end of support date may expose the company to potential security and compliance risks. Worth consideration is also fact that aside of vulnerable system it is expected for several third party software vendors to stop support of their applications on XP Platform after April 2014 as well - this ads additional danger of vulnerable applications and multiplies the possible infection vectors.

For Symantec Endpoint Protection customers running SEP 11.x and 12.1 on XP platform - Symantec will continue releasing definitions for all so...

SebastianZ | 08 Jan 2014 | 0 comments

In a recent "sticky" thread on Battle.net forums a new threat targetting WOW players has been reported. The Trojan "Disker" is able to compromise even the accounts using Authenticator Protection. It steals both the account credentials and Authenticator password. To verify if the machine has been compromised with the trojan it is advised to create a MSinfo file and check in it for following entries in the Startup programs section:

Disker rundll32.exe c:\users\name\appdata\local\temp\w_win.dll,dw Name-PC\Name Startup
Disker64 rundll32.exe c:\users\name\appdata\local\temp\w_64.dll,dw Name-PC\Name Startup

Trojan originates from a fake Curse website offering malicious Curse clients for downloads - the website itself was popping-up recently on major search engines while looking for "curse client" phrase.

Blizzard advises to report any compromised account directly alongside of information regarding installed addons or plugins...

SebastianZ | 08 Jan 2014 | 0 comments

It appears so. Zeroaccess botnet responsible for infecting around 2 million computers worldwide was targeted at making money through pay-per click advertising. It is also known it was able to download other threats like misleading applications on the compromised machines. It would download additional software in order to mine bitcoin currency. While the malicious activity was in progress the Trojan.Zeroaccess would hide itself with help of very advance rootkit.

Already in July 2013 Symantec Security Response Engineers managed to "sinkhole" over 25% botnet machines following an extensive study on finding out the ways of bots communication. Making use of a weakness in Zeroaccess P2P mechanism ca. 500k machines were freed from the botnet. In the meantime the botnet creators distributed a new version of Zeroaccess that addressed the...

SebastianZ | 02 Jan 2014 | 0 comments

Last week Trend has reported about a new variant of Cryptolocker worm. In Trend Micro terminology -> WORM_CRILOCK.A (http://about-threats.trendmicro.com/us/malware/worm_crilock.a) - this is being detected by Symantec as Trojan.Cryptolocker.B (http://www.symantec.com/security_response/writeup.jsp?docid=2013-122312-5826-99). In a difference to previous variants of Cryptolocker this particular variant spreads over removable devices. Another significant difference is that it does not rely on a malware downloader routine any more to infect the systems but instead works as activator for software like Office or Adobe Photoshop in P2P sites.

 

Reference:
New...

Brandon Noble | 30 Dec 2013 | 2 comments

I guess we need to face it. Sality is here to stay.

We have been dealing with new Sality variants for more than 8 years and the Sality.AE family for a little over 5…the variants keep coming. It has become one of the most common file infectors reported by Enterprise customers. With its ability to move through shares and disable AV, it’s one of the most destructive and tricky threats we have out there. That said, it’s not too hard to stop, provided you have two things. The first is an understanding of how it spreads and infects, the second is a willingness to mount the proper defense while you seek out the hidden pockets of this threat and eradicate it.

So, first things first. How does it spread?

This is a file infector and it can only spread through shares. Its uses two methods, I refer to as a “Push” and a “Pull” to infect. Managing these attacks will keep the threat from spreading to more computers.

 

...

Mithun Sanghavi | 23 Dec 2013 | 0 comments
Release Updates (RUx) typically contain a significant number of fixes and may include feature-work or enhancements.  The current Release Update is considered the latest release of the product and is the appropriate version for most customers performing a new install or upgrading from an earlier release or build of the product.
 
Maintenance Patches (RUx MPx) contain a small number of fixes for specific customer issues and are based on a specific RU.  MPs can only be applied against the specific Release Update upon which they are based, e.g., RU6 MP1 can only be applied against RU6.  Maintenance Patches are appropriate for customers experiencing an issue that is resolved in the Maintenance Patch.

RTM - Release To Manufacturing

MR - Maintenance Release (Now replaced by the term "RU")

RU - Release Update...

captain jack sparrow | 03 Dec 2013 | 0 comments

can transmit information between computers using high-frequency sound waves inaudible to the human ear. The duo successfully sent passwords and more between non-networked Lenovo T400 laptops via the notebooks’ built-in microphones and speakers. Freaky-deaky!
The infected victim sends all recorded keystrokes to the covert acoustical mesh network. Infected drones forward the keystroke information inside the covert network till the attacker is reached.

ref:
http://www.pcworld.com/article/2068525/researchers...

megamanVI | 07 Nov 2013 | 3 comments

Cryptolocker (http://en.wikipedia.org/wiki/CryptoLocker) is a new malware that surfaced recently. It is wreaking havoc on Windows file shares and locking people out of their files. The malware encrypts commonly used documents and prevents the user from accessing them. The malware will then attempt to extract payment from you to unlock your files. Arstechnica has a great writeup on this (http://arstechnica.com/security/2013/10/youre-infe...).

 

Some tips on dealing with this malware:

  1. Ensure your virus protection is up to date
  2. Restrict workstation permissions so that the general users have limited access rights...
Chad Dupin | 30 Oct 2013 | 0 comments

Stump_The_Chump_Header.jpg

Register Today

We are playing Eye Of The Tiger to get ready for Stump The Chump: SEP Style

Want to know something specific about Symantec Endpoint Protection (SEP)? Think you know something about architecting, installing, configuring, or administering SEP that nobody else does?  If you stump the chump, it’s worth $20 at Best Buy.

James Lanning of ITS Partners (a.k.a. "The Chump) will be hosting a webinar event during which you will have the opportunity to him ask any architecture, installation, configuration or administration-related question about the latest version of SEP. If he doesn’t know the answer...