Video Screencast Help

Security Community Blog

Showing posts tagged with Endpoint Protection (AntiVirus)
Showing posts in English
Kedar Mohile | 20 Jun 2009 | 3 comments

Disk full message erroneously appears when downloading LiveUpdate updates

If your network environment already supports the proxy servers that are compliant with the HTTP 1.1 protocol or later, you can disregard this entry.

After you have tried to download LiveUpdate for the first time, the following message might appear:

"LU1863: Insufficient free disk space
There is not enough free disk space for LiveUpdate to operate properly. Please free up disk space on your computer and run LiveUpdate again."

You might have insufficient disk space. However, it is much more probable that this message appears in error because the proxy server is unable to send the correct Contents-Length header field.

This error message might appear on Symantec Endpoint Protection Manager, a Symantec Endpoint Protection client, or a Symantec Network Access Control client.

You should verify that the disk...

Kedar Mohile | 16 Jun 2009 | 1 comment

Takes a long time for Firewall Policy Overview page to appear when running with more than 500 groups in SEP Manager...

For more than 500 groups, it takes 1.5 minutes to display the Firewall Policy Overview page

If you click the Add a Firewall Policy command, it can take up to 1.5 minutes for the Firewall Policy Overview page to appear. This occurs if the management server contains 500 or more groups. The problem occurs because it takes time for the Overview page displays all the groups and locations that the existing firewall policies are assigned to.

This happens due to the "locationCounting" settings enabled which is used to count and display the same for the user every time the page is attempted to open. When you have a higher number lets say more then 500 it takes ~1.5 mins to count and display the same.

To work around this issue, perform the following steps:

Close all instances of the Symantec Endpoint Protection Manager Console....

khaley | 09 Jun 2009 | 0 comments

 If you get the right kind of satellite dish you can grab signals that float through the air and see live network broadcast feeds. Cell phones send data through the air and with the right equipment you can snag it as well. Our voices travel through the air on their own and you can buy a device in the back of an airline magazine to capture the sound and ease drop on conversations. Now a group has released an open source kit to allow someone to capture the keystrokes from a wireless keyboard. See here: gizmodo.com/5279087/keykeriki-open-source-wireless-keyboard-sniffer

It’s promoted as a tool to verify security and to demonstrate sniffing attacks. Fun at parties too, I have no doubt. But what is getting people upset is that it could be used by bad guys to capture what you type into your computer.

It should be pointed out that there are quite a...

Hear4U | 09 Jun 2009 | 2 comments

This entry is all about YOU.

As you may know by know, we have two Connect users who were recently awarded 25,000 Connect points for their content.  Content is King on a community - it stirs discussion, resolves issues, brings to light enhancements to products, and allows the sharing of knowledge and product expertise.

In the coming weeks we'll be announcing another contest with some cool give-aways, including flip cameras/phones.  Part of this contest will be driven by videos you create, along with helping us "get the word out" about Connect through your other social media channels - twitter, Facebook, etc.,  

I look forward to another successful contest, where once again, Content will be King.

If you are interested in participating, shoot me a PM!

We are Hear4U!

Eric

MattBarber | 08 Jun 2009 | 0 comments

If you ever have a question of whether or not your data is actually getting into the SEPM, a good first place to check would be in the following location:  Depending on your install directory (mine is D:\) navigate to \Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\agentinfo.  This is where information enters the SEPM from the clients.  You should be able to watch data come in and out of this folder.  There should only be a handful of files (at most) in this location.  This is a very helpful troubleshooting step when there is concern about getting data from the clients into the SEPM.  Believe it or not, a repair on the SEPM can get data flowing again if you are having this issue.  Remember never install a Maintenance pack without installing the cooresponding Maintenance Release first, even if Symantec Support tells you to.  ie, install MR .4000 before installing MP .4014.  Seems very basic,...

Kedar Mohile | 05 Jun 2009 | 5 comments

After you configure database maintenance options, the new options are applied at midnight, and not immediately.

To configure the database options:

  1. In the console, click Admin > Servers, and then select a site.
  2. Under Tasks, click Edit Site Properties, and then click the Database tab.

To configure the management server to apply the database maintenance options immediately, you can configure the conf.properties file.

To configure the config.properties file:

  1. Open the conf.properties file, located in the C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\etc directory by default.
  2. Change the following parameters:
  • Change scm.object.idletime=3600000 (in milliseconds) to a smaller number. The default setting is 1 month.
  • Change scm.timer.objectsweep=900 (in seconds) to a smaller number.The default setting...
thaller | 03 Jun 2009 | 1 comment

Hello all,

This is my first blog post, but I hope to continue these in the future as situations arise, to help others with their SEP Deployments.

At my Organization we currently have 2 SEP Managers (MR4 MP1), that are replicating between each other. Our primary site is running on a Windows 2003 R2 SP2 Machine and has its DB on a separate server running SQL 2005 SP2 on a Windows 2003 R2 SP2 machine. Our Secondary Site is on a Windows 2003 R2 SP2 Machine running SQL 2005 SP2 on the same machine. These Sites are connected over a DS3 WAN Link approx. 200 Mi apart.

This past weekend the blade that is running the primary sites SQL DB failed, and the SEP Manager informed all of our administrators approx. 5-10 min prior to our other monitoring solution. I know that this looks bad for our primary server monitoring system, however SEP alerted us to a Database Down incident first, which got the ball rolling, and it also pointed out that we need to fine tune our primary...

Bored Silly | 28 May 2009 | 7 comments

A Zero-Day virus is defined as, "a previously-unknown computer virus or other malware for which specific antivirus software signatures are not yet available."    Everybody has their different tricks and techniques when it comes to dealing with Zero-Day remediation.  This is what I do when someone calls me suspecting they are infected on my network.

1. You’ll need a copy of the PSLIST tool from the Sysinternals or PSTools Suite. From a command prompt launch: PSLIST -s \\computer-name or PSLIST \\computer-name

  • Note: Drop the -s to see a static view of the processes but keep in mind that some malware only stays visible for seconds or will constantly change it's port numbers.
  • Note #2: You hit ESC to exit the -s mode

2. Examine the list of running processes to see...

Grant_Hall | 26 May 2009 | 1 comment

Don't know if this has been brought to peoples attention yet, but as of May 22, 2009 Symantec has released a new site devoted to Symantec's podcasts. These podcasts cover a wide variety of products and ideas. Customers and employees alike will be able to subscribe to these podcasts and receive RSS updates whenever new podcasts are available. The website for the podcasts is at http://www.symantec.com/podcasts .  In general these podcast are broken down into eight different categories. These categories include:

Security Response—Learn how to avoid phishing attacks, how Norton AntiVirus products help protect your environment, how to safeguard your smartphones and PDAs, how to protect against business disruptions, and more.

Home Users—Topics cover online family safety, how to prevent cyberbullying, protection against identity...

stebro | 26 May 2009 | 2 comments

The Symantec Endpoint Protection Integration Component 7.0 provides integration between the Symantec Management Platform 7 and Symantec Endpoint Protection 11.

Features include:

Antivirus Inventory

Identifies installed endpoint security products from Symantec, McAfee, Trend, Sophos, CA, F-Secure, Kaspersky, and ESET
Details on Symantec Endpoint Protection client
Symantec Endpoint Protection Client Migration Job

Task based uninstall, restart, and Symantec Endpoint Protection Installation
Tasks can be customized for and blended with any Task Server task
Symantec Endpoint Protection Client Tasks

Full and Quick Virus Scans
Update virus definition and other security content
Repair Symantec Endpoint Protection client
Reporting

Antivirus summary
Computers with Tamper Protection enabled
Migration details including installation failure feedback
Benefits include:

...