Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog
Showing posts tagged with Endpoint Protection (AntiVirus)
Showing posts in English
Abhishek Pradhan | 23 Aug 2009 | 1 comment
When it comes to fighting malware, you may be asking as a security professional, “Why would I need to perform malware analysis? I don’t work for an anti-virus vendor.” If you are responsible for the security of a network, at some point in your career you will most likely have to perform malware analysis.
The goal of malware analysis is to gain an understanding of how a specific piece of malware functions so that defenses can be built to protect an organization’s network. There are two key questions that must be answered. The first: how did this machine become infected with this piece of malware? The second: what exactly does this malware do? After determining the specific type of malware, you will have to determine which question is more critical to your situation.
Types of Malware Analysis
There are two types of malware...
Satyam Pujari | 21 Aug 2009 | 5 comments

Symantec’s Web site ratings service Norton Safe Web presents the Dirtiest Web Sites of Summer 2009 – the top 100 infected sites based on number of threats. Norton Safe Web is a new reputation service from Symantec. 

What makes these sites so dirty?
Symantec explained it by pointing out the fact that the average number of threats per malicious site rated by Norton Safe Web is 23. With that said, the average number of threats on the Dirtiest Web Sites list is a staggering 18,000 per site. Forty of the top 100 have more than 20,000 threats per site. Moreover, 75-percent of sites on the list have distributed Malware for more than six months.

“This list underscores what our research shows. There has been exponential growth in the number of online threats that are constantly evolving as cybercriminals look for new ways to target your money, identity, or assets. In 2008, most new infections occurred while people were...

Warrior6945 | 21 Aug 2009 | 0 comments

Clients move to the Default Group Automatically

Even after replacing the sylink.xml the clients move to the Default group automatically.
This happens as a lot of tmp and dat files are generated in the AgentInfo Folder


1. Stop the Symantec Endpoint Protection Manager service
2. Browse to the following location
    C:\Prog Files\Symantec\ Symantec Endpoint Protection Manager\data\inbox\AgentInfo
3. Delete all the files in the above folder.
4. Start the Symantec Endpoint Protection Manager service
5. Update the policy on the client.

Paul Mapacpac | 20 Aug 2009 | 4 comments

1. Your role in the organization/company (CTO, CIO, CEO, SysAdmin, etc)?

To give you a background, the company that I have been working for deals with Resarch, Media/Public Relations, Crisis Issue Management and everything with regards to relations communications. I worked here before as a technical support/network engineer and we have been using Symantec Antivirus 10.x.x for 5 years. We also act as an IT consultant for this company serving all kinds of their IT needs in all categories (cellphones, desktops, servers, etc)

Due to an unpleasant events, we were replaced by a group of IT which replaced the anti-virus system. I am not sure why they replaced the virus system since the SAV Antivirus System was very reliable for the company. My guess is that this group wanted to get cut from the antivirus seller.

Now, I was re-hired and working as the MIS Manager/Officer for the company. Based from my techsupport group, they encounter numerous issues...

Doug Kerr | 20 Aug 2009 | 4 comments

For several months I have been using a music notaton program. I actually had the current commercial release of the "lite" version, the current commercial release of the "professional" version, and two beta versions installed (I have been working with the publisher on features).

Last night was added to the Norton visus defintions the signature for a newly-dsicovered virus, w32.Induc.A. Evidently, the exe files for all those installed versions of the program carried common code that NAV 2009 recognized as the signature of that virus. So it removed all of tthem and quarantined them.

I had NAV send one of the files to Norton for anlysis (the filename is Magicscore6.exe.).

If this is a false detect, I would hope that anlyss of teh file would show that it does not carry a virus, and the virus defintion would be updated to recognize the legitimacy of these files.

In the meantime, my music editing work is off-the-air.

Doug Kerr

binayak | 19 Aug 2009 | 0 comments

If you need to install Active Directory or any Windows Components using Add/Remove Windows Components feature such as IIS in Windows Server 2003, there are certain files that need to be copied from the Windows Server Setup Disk and these files are stored inside the i386 folder. So everytime you install Windows Components you have to carry the Windows Installation Disk with you and define the path of that folder.

Here is the solution:

1.  Copy the i386 folder in the System Driver (generally C: drive).

2.  Open Registy Editor.

3.  After you open the Registry Editor, navigate to :

HKEY_Local_Machine\SYSTEM\ CurrentControlSet\Services\HealthService\Parameters\ConnectorManager

4. Doubleclick the EnableADIntegration key. Change the Value to 1 and click OK.

Now you don't have to define the path everytime,...

jeffwichman | 17 Aug 2009 | 0 comments
Good day everyone,
My name is Jeff Wichman, from the "Symantec Twin Cities Security & Compliance User Group." If you are responsible for your organization’s Information Assurance, use Symantec for some part of your security program, and in the Minneapolis/St Paul area I highly suggest you join us at one of our quarterly meetings. No I do not work for Symantec, I am just happy with what I have experienced with the SEP product. I am going to leave the name of my employer out of this article simply because these are my opinions and not necessarily those of my employer. We are a currently running close to 10,000 clients with SEP (11.0.4202.75). Approximately half of our clients are remote users connecting to various WiFi hotspots, untrusted third party networks, and occasionally in one of our main remote offices. The other half consists mainly of windows based servers and 4,000 internal...
riva11 | 15 Aug 2009 | 1 comment

There are several discussions about phishing and socially engineered malware attacks, I found an article that help to understand how browsers are ready to detect these attacks.
Take a look on the report published on NSS Labs "Q3 2099 Phishing Test Report", This report examines the ability to protect users across the following browsers  :

  • Apple Safari v4
  • Google Chrome 2
  • Microsoft Internet Explorer v8
  • Mozilla Firefox v3
  • Opera 10 Beta

Extract from NSS Labs Blog :
Socially engineered malware is the most common and impactful threat on the Internet today, with browser protection averaging between 1% and 81%. Internet Explorer 8 caught 81% of the socially engineered...

PaulNorthgate | 13 Aug 2009 | 19 comments

Hi Everyone,

First let me tell you a bit about me and my company, (well I wish it was my company, unfortunately I am but a humble employee who loves their job), I work for a large IT company in N.Ireland and we supply IT services (Hardware, software, support, security you name it, we do it) to every School in N.Ireland as well as some schools in England. My role is as a Solutions Development and Implementation specialist. (Sounds fancy, but i'm really only learning!)

Anyway more about Symantec's role in our organisation. As you can imagine securing a managed network which supports one of the largest ADs in Europe is no mean feat in itself, however what happens when unruly pupils (Sorry about my generalisation! i myself was once an unruly pupil and somewhat expect every school going teenager to be just like me, which i'm sure isn't the case) bring Linux, MAC and Windows based notebooks and netbooks to school, fully loaded with malware, filesharing tools, 1337...

J.Porter | 12 Aug 2009 | 2 comments

When I signed on to work in my current position as infosec specialist, I was required to attend the Symantec Endpoint Protection 11.0 MR4: Administration course. Little did I know how hard it would be to actually register and attend a course in my area. The course was cancelled 3 times due to lack of enrollment 3 times, before I finally attended. I began working with SEP11 MR2, and finally got into the MR4 course with 1 year of experience under my belt. The instructor stated "Wow, you've been working on the product for a year so you can probably teach the class"! 

The course was a good course, but the instructor was right. I didn't learn a significant amount of new information. My sole job is to manage Symantec Endpoint Protection Management servers, so naturally I learned a thing or two over the last year. On the otherhand, this class is great for those who are new to...