Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog
Showing posts tagged with Endpoint Protection (AntiVirus)
Showing posts in English
Acretian | 28 Oct 2009 | 1 comment
Registry Location

For SEP

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV
 
For SAV
HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion
On the Key you can find two Values  
PatternFileDate  : Current Definition date
PatternFileRevision : Revision
These are Hexadecimal values
Example:
PatternFileDate  : 27090e - 2009 Oct 14 
27090e - YYMMDD Format
27 - 2009
27 Hex is 39 Decimal, this value is since 1970. So 1970+39 = 2009

09
is October (00- Jan, 0B - Dec)

0e Hex
 - 14 in decimal
PatternFileRevision : 16Hex - 22
16 HEX is 22 in Decimal 
Hope...
sandeep_sali | 27 Oct 2009 | 0 comments

vdefhub.zip file cannot be viewed on an Vista machine whereas it can be viewd in the same location in an XP machine

vdefhub.zip is an hidden file in Windows Vista

  
Ø Click the round blue Start in the left corner
Ø Click Control Panel
Ø Click Folder Options
Ø Click the View tab
Ø Click Show hidden files and folders
Ø If you want to see system files as well, unclick Hide protected operating system files (Recommended)
Ø Click OK
Ø You should be able to view the file now

Bijay.Swain | 06 Oct 2009 | 1 comment
We are using 1000 license of SCS 3.1 . And all of the Pcs are spread over 20 Km area .  Now we are upgrading those clients to Symantec Endpoint Protection.
Now the problem is we are in a workgroup model network (No active directory domain) so we can’t use group policy/Login script/domain admin account to use push deployment feature of SEP. And Sep doesn’t have any web deployment feature like SCS had earlier. I searched for any option for remote deployment in a workgroup model network but unable to get any solution.
 
So decided to try something which will work in my environment and I came up with an idea, which I have recorded (procedure) as a .swf  file and putting it in the website .It may help others to deply client in workgroup.
Best feature of this is it also removes the old version of Symantec antivirus if present on the client system. You just have to call the user and ask him to open the website...
mthompson | 29 Sep 2009 | 4 comments

I'm a bit confused about the renewal of SEP11.0.  I know it no longer requires a license file or activation but i'm confused about yearly renwal.  Has that gone away?  My system never says its out of date or that the virus definitions have expired.  How am I to know if they have exprired or need renewal? Especially if my system always has a current up to date - date.

I also recenlty installed this on a completly different network for another company and it installed with old 2008 definitions with the warning that said it was out of date but than it did a Live Update and all was well.  I haven't registered anything yet, so this new system is doing the samething, how to know if it is out of date?

Do I really have to worry about this anymore if I buy it once, am I all good?  Confused on what the web-site says and what a Sales Rep says.

---- also on the same note, if I don't have to renew every year is this beacuse Symantec...

Kedar Mohile | 28 Sep 2009 | 2 comments

Migrating SEPM DB to SQL 2008

The procedure would remain same as before. You might want to check the following

  1. Remove the SEPM from any replication setup with other SEPMs
  2. Backup the SEPM server certificate
  3. Backup the existing SQL database using SEPM backup and Restore wizard
  4. Install an instance of Microsoft SQL Server 2008
  5. Uninstall the Symantec Endpoint Protection Manager
  6. Reinstall the Symantec Endpoint Protection Manager configured to use a new Microsoft SQL Server 2008 database
  7. Restore the SEPM server certificate
  8. Restore the backup copy of the database
  9. Reconfigure the Symantec Endpoint Protection Manager database to recognize Microsoft SQL Server 2008 by running Management Server Configuration Wizard

Reference: Symantec Endpoint...

snekul | 22 Sep 2009 | 0 comments

Sometimes besides just having a large quarantine as far as MB is concerned, sometimes you also end up with a large quarantine as far as the number of files is concerned.  I found this on a computer where the user was complaining of slow speeds.  In this case, they were repeatedly visiting a website that was infected with malware and the quarantine grew huge as a result.  57,996 objects in the Quarantine folder! I simply deleted everything in this folder and all was well again.  I'm not sure if the slow speeds were a result of the Symantec's handling of the large quarantine or because it kept finding this stuff on the system.

SEP_Crazy_Quarantine.png

As a side tip, on machines that have been running for a while and may be filled with junk,...

Aniket Amdekar | 22 Sep 2009 | 1 comment

Normal
0

false
false
false

EN-US
X-NONE
X-NONE

MicrosoftInternetExplorer4

upgrade process2.jpg

Step 1: Back up the database

 Back up the database used by the Symantec Endpoint Protection Manager to ensure the integrity of your client information.

Step 2: Turn off replication

Turn off replication on all sites that are configured as replication partners. This avoids any attempts to update the database during the installation.

Step 3: Stop the Symantec Endpoint Protection Manager service

The Symantec Endpoint Protection Manager service must be stopped during the installation.

Step 4: Upgrade the Symantec Endpoint Protection Manager software

Install the new version of the Symantec Endpoint Protection Manager  on all sites in your network. The...

snekul | 21 Sep 2009 | 1 comment

As the "go to" guy for SEP on campus an interesting question came up, "How can I get a list of my machines that are actually running on SEP?" The SEP Manager (SEPM) has quite a few options, but the reports section seemed to be missing an option to export a list of all your machines. After searching around, I did find a solution. The trick is to go to the log section, not the reports section.

So in SEPM go to "Monitors" and choose the "Logs" tab. Then choose the log type of "Computer Status." Hit the button to get advanced settings. Then in the "Domain" field you'll want to enter your SEPM domain name so you only get your machines, otherwise you'll get all of them from all SEPM domains (unless that's what you want). You'll also want to expand the time range when searching. The default of last 24 hours will only show machines that have checked-in in the last 24 hours, so you'll want to expand that appropriately...

snekul | 21 Sep 2009 | 0 comments

I helped an admin out yesterday who was running out of disk space on a system. It turns out a very large email folder in Thunderbird was triggering a virus alert and an attempt to clean it up, but the cleaning failed. As such, the file was left in quarantine and left on the file system. Each time a scan ran, this happened again and the hard drive slowly filled up. By default, SEP clears items out of quarantine that are over 30 days old. I suggest adding the second option to your systems that also sets a file-size limit. Probably aim high, like 5120 MB or so, since it isn't permanent. This should be enough to prevent systems that had ample hard disk space from running out for some reason caused by SEP and misbehaving software, yet still allow for file recovery in most circumstances.

Mudit Kumar | 18 Sep 2009 | 16 comments

It’s important to know which kind of DSN you are suppose to check when you are Troubleshooting ODBC Connection.

If you want to check ODBC Connection on x64 system, you can check or create an ODBC Connection(DSN) for 32 Bit application and also use it for 64 Bit application.

32-bit applications will only look for ODBC connections created in the 32-bit, and 64-bits applications will look for ODBC connections from the 64-bit. 

So if you want to configure DSN for 32-bit application on 64-Bit OS you will have to use:

1. C:\Windows\SysWOW64\odbcad32.exe(Used to check ODBC for Symantec Endpoint Protection Manager)

You want to do the same on 64-bit application on 64-Bit OS you can use:

2. C:\Windows\System32\odbcad32.exe

Note: In case of Symantec Endpoint Protection...