Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog
Showing posts tagged with Endpoint Protection (AntiVirus)
Showing posts in English
jumbosafari | 22 Jan 2010 | 2 comments

A question.
does norton antivirus 2008 stop autoruns viruses on external media before they actually run?
i get the notification from norton in the taskbar but my fear is the virus has already executed then norton notifies me.
i can be wrong, maybe norton stops the autorun virus from executing and then notifies me.
any help would be great. thanks.

mon_raralio | 21 Jan 2010 | 4 comments

We're currently seeing a lot of Mark.W0rm.exe files appearing in our network. At the moment, the only available information is that it is a "test" virus that copies itself to common Windows folders.
Removal is quite simple:

End the task Mark.W0rm.exe in task manager if present and delete the file copied into the following directories:

C:\Documents and Settings\[user]\Local Settings\
C:\Documents and Settings\[user]\My Documents\My Music\My Music.exe
C:\Documents and Settings\[user]r\My Documents\My Documents.exe
C:\Documents and Settings\[user]\My Documents\My Pictures\My Pictures.exe

Note: It may also copy itself on shared folders so you might want to check for that too.

possible-solutions | 19 Jan 2010

As we all know there is a mass attack of /*LGPL*/ and /*Exception*/ type script on websites. I have seen plenty of websites infected with this type of infection and finally I decided to write a script to remove the codes inserted in files all over the server directories.

As a new version of /*LGPL*/ and /*Exception*/ is out in wild. The code inserted in web pages after the BODY Tag or at end of Javascript files looks a bit like.

<script>/*LGPL*/ try{ window.onload = function(){var C1nse3sk8o41s = document.createElement('s&c^$#r))i($p@&t^&'.repl

<script>/*Exception*/ document.write(.....)


The SCRIPT tag above is not present in javascript(.js) files.
Well it is just another type of IFRAMER worm. Once deobfuscated, it loads javascript from

sezam | 18 Jan 2010 | 9 comments

When SEPM console is tried to be open an ERROR: "Could not find the main class Program will exit "  occurs.


The problem is UAC. To make SEPMconsole working properly You need to dissable UAC.

sezam | 14 Jan 2010 | 0 comments
Some time I face with customer which have a problem with continuous SEP installation.

This could be connected with 2 problems:

1. Domain or Local User privileges are to restricted[remember to much restrictions is also not good. You need to know how to balance with restrictions]
2. Installation is corrupted.

This problem is annoying because Windows Installer want to install SEP client continuously which can be very nervous.

Solution for this problem is to:


1. Find UninstalString value for Symantec Endpoint Protection which is situated in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

2. Paste this string to command line with changed option /I to /X (  ex.  MsiExec.exe /X{68B52EFD-86CC-486E-A8D0-A3A1554CB5BC}   ) 

sezam | 14 Jan 2010 | 5 comments


Sometimes SEP client is unable to install itself on Windows7 operating systems.

The problem is connected with 2 issues.

1. EXE file extractor[FreeExtractor] is not working correctly.

Sometimes on Windows 7 setup.exe file cannot automatically extract into %TEMP% folder.
To resolve this issue You need to Extract setup.exe file application like Winrar and install SEP using setup.exe or *.msi file in extracted folder.

2. Live Update application cannot be installed.

To resolve this problem You need to perform first step from point 1. but in hear firstly You need to install Live Update using LUSETUP.exe file after install it using setup.exe or *.msi file.
Second solution is to install SEP as unmanaged client.

sezam | 07 Jan 2010 | 0 comments

Some days ago I faced with an issue.
In a big network all Live Update applications were configured with Proxy[Unmanaged clients]. But the proxy setting were needed to be disabled.

Network configuration is handled by files:
- Settings.LiveUpdate;

- 1.Settings.LiveUpdate;
- 2.Settings.LiveUpdate.

which are situated in C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate folder.

If You have a big environment and You need to perform disabling of proxy setting for FTP an WWW the best is create a script which will delete Settings.LiveUpdate and 1.Settings.LiveUpdate files.

I think It could be useful. | 01 Jan 2010 | 5 comments

please tell me prefect idea how to rid off this problem | 29 Dec 2009 | 1 comment

I have used Norton products since the DOS days when I became an electronic engineering technician.  I have tried other products
and always ended-up returning to Norton when I got hit by undefined viruses.  The last time I tried other AVs was in 2002 when a
malicious worm hit the internet.  My PC was infected of course.  I wasn't using Norton's product because of personal financial
restraints then.  Eradicating the worm was a  long and difficult process.  I learned a very important lesson, again!  Do not EVER,
for any reason, move away from what you know works.  I worked for a major international office supply corporation in the Technology
Department from 2000 to 2007.  I have shared my experience using Norton products to many customers.  Not one came back to
express any difficulties after purchasing the AV.  However, the ones who do, would leave my department having purchased a Norton...

Warrior6945 | 24 Dec 2009 | 1 comment

 Error: "Authentication failure" when trying to log into Symantec Endpoint Protection Manager console with an additional Admin account

When you login to the Symantec Endpoint Protection Manager console using the Default Administrator you can login successfully However if you create a new Admin and try to login you get an error "Authentication failure"
Reseting the password for the additional Admin account also does not help.

In the SEPM Console go to the Admin tab
Select Domains
Check if more than one Domain is present, if Yes then add the admin account to all the Domains 
Also while logging in to SEPM, you may select the correct Domain by clicking on the button "Options"
You should be able to login successfully.