Video Screencast Help
Security Community Blog
Showing posts tagged with Endpoint Protection (AntiVirus)
Showing posts in English
snekul | 21 Sep 2009 | 0 comments

I helped an admin out yesterday who was running out of disk space on a system. It turns out a very large email folder in Thunderbird was triggering a virus alert and an attempt to clean it up, but the cleaning failed. As such, the file was left in quarantine and left on the file system. Each time a scan ran, this happened again and the hard drive slowly filled up. By default, SEP clears items out of quarantine that are over 30 days old. I suggest adding the second option to your systems that also sets a file-size limit. Probably aim high, like 5120 MB or so, since it isn't permanent. This should be enough to prevent systems that had ample hard disk space from running out for some reason caused by SEP and misbehaving software, yet still allow for file recovery in most circumstances.

Mudit Kumar | 18 Sep 2009 | 16 comments

It’s important to know which kind of DSN you are suppose to check when you are Troubleshooting ODBC Connection.

If you want to check ODBC Connection on x64 system, you can check or create an ODBC Connection(DSN) for 32 Bit application and also use it for 64 Bit application.

32-bit applications will only look for ODBC connections created in the 32-bit, and 64-bits applications will look for ODBC connections from the 64-bit. 

So if you want to configure DSN for 32-bit application on 64-Bit OS you will have to use:

1. C:\Windows\SysWOW64\odbcad32.exe(Used to check ODBC for Symantec Endpoint Protection Manager)

You want to do the same on 64-bit application on 64-Bit OS you can use:

2. C:\Windows\System32\odbcad32.exe

Note: In case of Symantec Endpoint Protection...

Rafeeq | 17 Sep 2009 | 4 comments

Email Notifications from Specific Accounts
------------------------------------------
Hi All,

I have seen many cases where people wanted to get alerts and mails from their existing accounts/ new security account they have configured for SEP.

The default email delivery or alerts comes from SYSTEM.Some times these gets rejected by mail servers if rules are defined.

So how can we change the from address from default SYSTEM TO something else May be securityadmin@yourdomain.com

for any alerts or email we first need to configure mail severs.

For newbie's

1)Login to Symantec Endpoint Protection Manager.
2)Click on Admin tab.
3)Select the Management Server for which you wish to configure the mail server and go to Properties.
4)Click on Mail Server tab.
5)Enter the IP address of your Mail server.
6)Enter the credentials for the Mail server...

Satyam Pujari | 17 Sep 2009 | 7 comments

It has always been observed that autoplay/autorun feature of MS windows OS is one of the most preffered selection of malware propagation.We've witnessed some devastating examples of malware which used this feature effectively to replicate and converting a single machine infection to a malware outbreak with in first few hours.Conficker a.k.a W32.downadup is the most recent example of such malware.But this is not at all a new method of infection,rather this method of infection is there since decades.Some more popular examples are Trojan.Brisv.A!inf,W32.Gammima and many more in the long list.

Many other AV vendors detect autorun.inf but Symantec does not.Many people take it in a wrong way but there's a valid reason behind this decision that why Symantec does not detect autorun.inf.
 
sandeep_sali | 16 Sep 2009 | 2 comments

Normal
0

false
false
false

EN-US
X-NONE
X-NONE

MicrosoftInternetExplorer4

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman","serif";}

Title: - Points to remember while collecting memory dump.

 

Symptoms: -

 

Ø  No dump file

Ø  Corrupt dump file

 

Cause: -

 

Ø  No Paging file

Ø  Paging file on a...

Rafeeq | 15 Sep 2009 | 5 comments

Before I would begin , I know few of you would have these questions.

What is Social Engineering?

In simplest terms its gaining trust and misleading users.

Well..Does it really work?

Can the smartest people be easily mislead?

the answer is YES!! 

Kevin Mitnick the famous hacker said that "SE helped him a lot to gain access to most critical systems".

If so, Are we protected?

In this world where we all are connected through internet.Banking, stocks, sport updates,Face book,Twitter, everything is connected.As we are depeneding on computers for our daily work, even computers are depended on us.The more we depend the more vulberable we become. The attackers / creators mislead users by some means and gain access to the systems whichleads to financial loss.

SE in Email:

I'm sure we all would have received emails like I'm the only descendant of a rich African who recently passed...

Aniket Amdekar | 14 Sep 2009 | 0 comments

The Symantec ThreatCon rating is a measurement of the global threat exposure, delivered as part of Symantec DeepSight Threat Management System.

We always see the Threatcon level indicator on the Symantec.com website as well as the Endpoint Protection Manager.

Following is the description for each one of the levels:

Threatcon Level 1

ThreatCon Level 1

Low : Basic network posture
This condition applies when there is no discernible network incident activity and no malicious code activity with a moderate or severe risk rating. Under these conditions, only a routine security posture, designed to defeat normal network threats, is warranted. Automated systems and alerting mechanisms should be used.

 

...
Hinata Uzumaki | 11 Sep 2009 | 1 comment

Symantec Endpoint Protection offers Home/Student Use licenses that are intended to allow customers to deploy a limited number of copies of the client onto the home machines of employees (or faculty and staff) at a significant discount over a normal new license purchase (SEP 11.0 standard license). The installation, configuration, and management method for these agents is at the discretion of the customer (the company or the school).

Support is not sold for Home/Student Use licenses. Support is shared with the Support agreement covering the associated standard license. The customer is responsible for providing support to the home-user; issues requiring escalation are submitted normally via the customer's registered technical contacts and maintenance agreement.

In short: Home or student users must contact their company or school to get downloads or technical assistance.

 

Hinata Uzumaki | 09 Sep 2009 | 4 comments

Customers who have Symantec Endpoint Protection 11.0 have the following downgrade options to Symantec Antivirus 10.x:

1. If customer has Symantec Endpoint Protection 11.0 BUSINESS PACK, customer can have a downgrade license file for Symantec Antivirus 10.x.

For renewals, this can be obtained by registering the serial number  (for recent orders, Symantec has now started sending out certificates with the license files attached to it so you can skip the registration part)  in the License Portal.

For new purchases and if no license file was generated after registration, Customer Care can provide downgrade license files.

2. If customer has Symantec Endpoint Protection 11.0 (volume license), customer's downgrade option is to download Symantec Antivirus Corporate Edition 10.x, this version of Symantec Antivirus is the one that doesn't need a license file but it has the same features as the one which has the license file.

If customer doesn't...

edp@gurunanakhospital.in | 03 Sep 2009 | 5 comments

I paid for renewal and recieved the certificate pdf file for endpoint 11.0. I used that serial# to registar and it said no license file needed  how do i renw my old symc endpoint protection 11.0 with the new serial number