Video Screencast Help
Search Video Help Close Back
to help

Security Community Blog

Showing posts tagged with Endpoint Protection (AntiVirus)
Showing posts in English
Preparing for the Inevitable
Nel Ramos | 26 Apr 2009 | 7 comments

Let’s face it team, all of us know that we shall be facing with a virus infection/ outbreak in the near future. Preparation is the key to be resilient on pending virus attacks. In order for us to be prepared, we need to be informed with accurate, intelligent and factual data coming from a reliable source. With these things put together, the chances for us to be pillaged by unknown destructive elements would be minimal.

One good example was when we got information that CNN.com had word on a possible outbreak of the computer worm CONFLICKER.C a.k.a. W32.Downadup.C on April fool’s Day. Since the site was legitimate, we then geared on how we could deflect a possible breach. We also verified this with other reliable sources with the same positive information. Good thing, Symantec already had posted multiple articles on this worm. We then started to monitor virus definitions updates in all our branches and initiated/ follow up the manual...

Read more
NetDiag.exe
Ajit Jha | 25 Apr 2009 | 3 comments

Hello Members,,

I have an utility called NetDiag.exe from Microsoft to share with you.This command-line diagnostic tool helps to isolate networking and connectivity problems by performing a series of tests to determine the state of your network client and whether it is functional.

The Utility is available on the following download link of Microsoft.

http://www.microsoft.com/downloads/details.aspx?di...

Hope it will help members to dignose Network Connectivity problems.

Regards
Ajit jha

Read more
How you can Protect your Network
Symantec World | 23 Apr 2009 | 0 comments

Hi All,

You want your network secure so have to folow the following points.

• File system protection
Consider how your network resources should be protected. All file servers should have an antivirus solution that actively scans the file system in real time so that, as files are modified or added, the antivirus application can quarantine or repair the affected files before they spread to client systems or other servers. The server should also be protected at the file system level in other ways. For example, all Windows servers should use NTFS, since FAT offers essentially no security. You should also eliminate unnecessary shares, require share permissions for all shares, and use hidden shares where possible to further protect the server from worms that propagate through unprotected shares.

• Don't open an attached file if you do not know what it is, who sent it to you, or you were not expecting it (even if it is from somebody that you know.)...

Read more
A live scenario on "How W32.Sality infects uses machine"
SAM_SHAIKH | 23 Apr 2009 | 3 comments

W32.Sality

Overview
W32.Sality is a parasitic virus which infects shared drives and Windows executable files by putting its code to host files. It contains downloader functionality to further install Trojan or key logger components. Sality opens a backdoor that allow the remote attacker to get the full control over the infected computer and in turn the confidential information, representing a serious security risk.

Aliases
Microsoft - Virus: Win32/sality.am
Kaspersky - Virus.Win32.Sality.aa

Symptoms
W32.Sality has the following symptoms:

• Modifies System.ini files (Check for the modified date)
• Services listening on the network port(s).
• Unexpected network trafic to one or more of the domain(s).
• No access to File Monitor.
• Disables Safe mode boot
• Disables regedit and taskmanager
• Disables Antivirus

Characteristics
Upon execution, it starts...

Read more
Things You can Do to protect your Network
Bijay.Swain | 23 Apr 2009 | 4 comments

Now days it has become almost impossible to make your large network virus free. There are so many ways a threat can enter to your network as users now even using their cell phones to connect to public network which opens so many entry points for a threat to enter to our network. And most users doesn’t care what they are doing over internet as they think they have got the antivirus protection and that is too fully updated in the process if any message appears on the system asking for installation or free download they simply click yes and allow the virus/spy ware etc. to enter the system. And later they blame the antivirus for this.

Earlier there was no need for an Antivirus admin in a network but these days attacks to network has gone up so rapidly that companies are hiring professionals for Antivirus also. Based on my past experience I can say that no antivirus can provide 100% security to your network. You have to do so many tasks for keeping your network clean....

Read more
MCRC Blog - 2009
brav | 22 Apr 2009 | 1 comment

Interesting Read

http://www.finjan.com/MCRCblog.aspx?EntryId=2237

[quote = www.theregister.co.uk/2009/04/22/Superbotnet_server/]

Finjan security researchers discovered the control server of the botnet after tracing back an infection from a corporate client. Evidence on the cybercrime server, which was hosted in the Ukraine, showed it had been in use since February 2009, and controlled by a cybergang of six people.

Trojan downloader malware planted on insecure websites was used to distribute the malware that seeded the botnet, via drive-by download attacks. The core group of cybercrooks were assisted by a vast affiliate network.

[/quote]

What is especially interesting is the fact that it's been operating since February 2009 and only 4 out of 39 AV Vendors are detecting the threat ...

...

Read more
svchost process consuming a lot of space in Ram
Peter_007 | 21 Apr 2009 | 7 comments

svchost a windows process which used to take about 1200k of ram space now takes 7000k space .
I have not installed any third party software.
Kindly suggest any remedy.

Read more
When you can't access AV vendor websites
BNH | 21 Apr 2009 | 1 comment

In the past, we see threats modify Windows host file to redirect AV vendor websites to 127.0.0.1 loopback address.
Some security software also injects known bad URLs into the same host file with 127.0.0.1 loopback address.

Well nowadays the bad guys are getting smart and does more advanced stuff than host file modification.

In few recent malwares [ie. Conficker aka Downadup], we see that infected machines are unable to access AV vendor sites although the host file is empty.
And ping to av website yield a 127.0.0.1 address resolution.

Well now there are a few tricks we can do to evade this issue.

Its an old trick by removing DNS cache on our machine and check it everytime required to the DNS server.
Microsoft has a KB for this as written in support.microsoft.com/kb/318803 .
It is as simple as typing : 'net stop dnscache' or 'sc servername stop dnscache' [...

Read more
Installing Symantec through Active Directory Group Policy
binayak | 20 Apr 2009 | 5 comments

Copy the contents of the following folder

C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\<your own group id here>\full

to a network share ex. \\someserver\sep that every user has read/execute access to

Then create a Group Policy Object to run the following script (.bat file) at login/startup (this can also be used with landesk and psexec):

  1. IF EXIST "c:\Program Files\Symantec\Symantec Endpoint Protection" GOTO END
  2. NET USE Z: \\someserver\sep /PERSISTENT:NO
  3. z:\setup.exe /s /v"/qn"
  4. NET USE Z: /DELETE
  5. :END
     
Read more
How to ensure you have AV protection on every computer
ShadowsPapa | 20 Apr 2009 | 0 comments

I was facing another issue - being a gov't agency, we run at short staff all the time. The boss wants central management of everything, but that still takes people to manage it.
One of the things deemed most critical is the antivirus protection on our clients. Yes, there are audits one can perform, be it by SMS (but it has to know what to look for) or by Symantec's own products, but that takes people to RUN the audit, then filter through and understand what one is seeing. And if you have 45 different subnets, then searching computers via subnet is painstaking. There's the old "get a list from xxx and search from that list" trick, but computers constantly change, they must be turned on to successfully audit, and what if they are off at that very moment of your audit? Some were always falling through the cracks.
There is only one constant - any time a person here logs in, they run our login script. Period. I've found not exceptions (hope not, I set it up that...

Read more