Video Screencast Help
Security Community Blog
Showing posts tagged with Endpoint Protection (AntiVirus)
Showing posts in English
Hear4U | 09 Jun 2009 | 2 comments

This entry is all about YOU.

As you may know by know, we have two Connect users who were recently awarded 25,000 Connect points for their content.  Content is King on a community - it stirs discussion, resolves issues, brings to light enhancements to products, and allows the sharing of knowledge and product expertise.

In the coming weeks we'll be announcing another contest with some cool give-aways, including flip cameras/phones.  Part of this contest will be driven by videos you create, along with helping us "get the word out" about Connect through your other social media channels - twitter, Facebook, etc.,  

I look forward to another successful contest, where once again, Content will be King.

If you are interested in participating, shoot me a PM!

We are Hear4U!

Eric

MattBarber | 08 Jun 2009 | 0 comments

If you ever have a question of whether or not your data is actually getting into the SEPM, a good first place to check would be in the following location:  Depending on your install directory (mine is D:\) navigate to \Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\agentinfo.  This is where information enters the SEPM from the clients.  You should be able to watch data come in and out of this folder.  There should only be a handful of files (at most) in this location.  This is a very helpful troubleshooting step when there is concern about getting data from the clients into the SEPM.  Believe it or not, a repair on the SEPM can get data flowing again if you are having this issue.  Remember never install a Maintenance pack without installing the cooresponding Maintenance Release first, even if Symantec Support tells you to.  ie, install MR .4000 before installing MP .4014.  Seems very basic,...

Kedar Mohile | 05 Jun 2009 | 5 comments

After you configure database maintenance options, the new options are applied at midnight, and not immediately.

To configure the database options:

  1. In the console, click Admin > Servers, and then select a site.
  2. Under Tasks, click Edit Site Properties, and then click the Database tab.

To configure the management server to apply the database maintenance options immediately, you can configure the conf.properties file.

To configure the config.properties file:

  1. Open the conf.properties file, located in the C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\etc directory by default.
  2. Change the following parameters:
  • Change scm.object.idletime=3600000 (in milliseconds) to a smaller number. The default setting is 1 month.
  • Change scm.timer.objectsweep=900 (in seconds) to a smaller number.The default setting...
thaller | 03 Jun 2009 | 1 comment

Hello all,

This is my first blog post, but I hope to continue these in the future as situations arise, to help others with their SEP Deployments.

At my Organization we currently have 2 SEP Managers (MR4 MP1), that are replicating between each other. Our primary site is running on a Windows 2003 R2 SP2 Machine and has its DB on a separate server running SQL 2005 SP2 on a Windows 2003 R2 SP2 machine. Our Secondary Site is on a Windows 2003 R2 SP2 Machine running SQL 2005 SP2 on the same machine. These Sites are connected over a DS3 WAN Link approx. 200 Mi apart.

This past weekend the blade that is running the primary sites SQL DB failed, and the SEP Manager informed all of our administrators approx. 5-10 min prior to our other monitoring solution. I know that this looks bad for our primary server monitoring system, however SEP alerted us to a Database Down incident first, which got the ball rolling, and it also pointed out that we need to fine tune our primary...

Bored Silly | 28 May 2009 | 7 comments

A Zero-Day virus is defined as, "a previously-unknown computer virus or other malware for which specific antivirus software signatures are not yet available."    Everybody has their different tricks and techniques when it comes to dealing with Zero-Day remediation.  This is what I do when someone calls me suspecting they are infected on my network.

1. You’ll need a copy of the PSLIST tool from the Sysinternals or PSTools Suite. From a command prompt launch: PSLIST -s \\computer-name or PSLIST \\computer-name

  • Note: Drop the -s to see a static view of the processes but keep in mind that some malware only stays visible for seconds or will constantly change it's port numbers.
  • Note #2: You hit ESC to exit the -s mode

2. Examine the list of running processes to see...

Grant_Hall | 26 May 2009 | 1 comment

Don't know if this has been brought to peoples attention yet, but as of May 22, 2009 Symantec has released a new site devoted to Symantec's podcasts. These podcasts cover a wide variety of products and ideas. Customers and employees alike will be able to subscribe to these podcasts and receive RSS updates whenever new podcasts are available. The website for the podcasts is at http://www.symantec.com/podcasts .  In general these podcast are broken down into eight different categories. These categories include:

Security Response—Learn how to avoid phishing attacks, how Norton AntiVirus products help protect your environment, how to safeguard your smartphones and PDAs, how to protect against business disruptions, and more.

Home Users—Topics cover online family safety, how to prevent cyberbullying, protection against identity...

stebro | 26 May 2009 | 2 comments

The Symantec Endpoint Protection Integration Component 7.0 provides integration between the Symantec Management Platform 7 and Symantec Endpoint Protection 11.

Features include:

Antivirus Inventory

Identifies installed endpoint security products from Symantec, McAfee, Trend, Sophos, CA, F-Secure, Kaspersky, and ESET
Details on Symantec Endpoint Protection client
Symantec Endpoint Protection Client Migration Job

Task based uninstall, restart, and Symantec Endpoint Protection Installation
Tasks can be customized for and blended with any Task Server task
Symantec Endpoint Protection Client Tasks

Full and Quick Virus Scans
Update virus definition and other security content
Repair Symantec Endpoint Protection client
Reporting

Antivirus summary
Computers with Tamper Protection enabled
Migration details including installation failure feedback
Benefits include:

...

Rishi Bhaskar | 26 May 2009 | 3 comments

The following activities were performed:-
1.I observed that backdoor.trojan was infecting the files win.exe and dod.exe and Symantec was protecting them in this time of protection Symantec gave a popup of autoprotect . Also observed that this virus was causing the volume drives not to be opened by double clicking instead by rightclick >explore.
2.Now I tried to folder options and tried to unhide but folder options was not working so now by command prompt run >c:autorun.inf to check for exe file so it came as e:winfile.jpg
3.Now in run >cmd>I typed attrib -r –s –h autorun.inf to unhide it and attrib -r –s –h winfile.jpg .The file would appear and disappear so to solve this follow steps below.
a)DOWNLOAD LATEST RAPID RELEASE and deploy it on the client pc or if rapid release does not deploy download .xdb file and rename it from .zip to .xdb and paste it at c:documnetsandsettings/all users/ .Then turn off system restore and...

Bijay.Swain | 21 May 2009 | 21 comments

Now a days there are so many choice in Antivirus market, not like earlier days when Norton and Mcafee were the only ones .So How many of you still think that  Symantec  Antivirus are the best of the rest. How many have tried other Antivirus product and found not so good  and which are those antivirus products.

Gina Sheibley | 18 May 2009 | 1 comment

One of the keys to keeping a small business up and running is protecting critical information safe from potential spyware, malware and spam threats. Small businesses need an easy, reliable, cost-effective way to make sure their important data is secure and available. In today’s environment of exponential data growth and more sophisticated threats, protection requires more than just antivirus.

Security threats are increasing in complexity and number, and many are now designed to target specific information while also evading detection by a single security mechanism such as antivirus. And many of today’s attacks do not discriminate based on the size of the company. In addition to this the volume of information small businesses must protect continues to expand.

A multi-faceted suite that provides protection and backup and recovery capabilities will allow small businesses to protect the information that drives their businesses.

Current malware...