Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog
Showing posts tagged with Endpoint Protection (AntiVirus)
Showing posts in English
Brandon Noble | 29 May 2013 | 0 comments

Over the past several months we have had inquiries from concerned customers claiming Symantec was scanning their forward facing IPs for vulnerabilities. After some research and some extremely tense meetings it was determined that this was actually part of a service the customer had purchased and opt'ed in for and that perhaps the Web team had forgotten to let the SOC know what was going on. Sound familiar?

The service is part of Trusted Services and allows the customer to add the Norton Secured seal to their website.

Vulnerability Assessment Service can create multiple entries in the customer’s website's logs and could cause alerts from their perimeter IDS/IPS. Its recommended to create rules or filters for these entries to avoid an false positives.
Vulnerability Assessment Service uses the following...

pete_4u2002 | 17 May 2013 | 0 comments


Symantec will post update to the AV Engine in Multiple Daily Virus Definitions on Tuesday May 21st 2013.

Beginning with the Virus Definitions that include the update AV Engine version 20131.1, additional files will be added. That update is expected to post in MDD1 on Wednesday May 21st.

Symantec Endpoint Protection 12.1+ and Norton AntiVirus/Norton Internet Security 2011+ customers will see 4 new index files.  Symantec Endpoint Protection 11+ and Norton AntiVirus/Norton Internet Security 2007+ products will see 8 additional index files.

As a result of the additional files, the size of each dated definition folder will increase. Note the size increase noted below will be the size that is added to the dated definition folders as they exist...

Wally | 14 May 2013 | 2 comments

Hello all - I just want to share this information with you.  It worked for me, but no guarantees...

We have a couple of older P4 systems (XP SP3 32-bit) with the Intel 865PE chipset and ICH5 controller.   We couldn't boot from the SERT CD on these systems - got a boot error 5 - probably has something to do with the older chipset and WinPE.

So, here's what we did to boot from a USB memory stick

First follow the instructions in TECH131578 -

with the following exception in Step 6....

bartolomeu | 29 Apr 2013 | 0 comments

When you have installed both Symantec Endpoint Protection Manager and DLO Server 7.5 you can meet a port conflict. Both application use tomcat with default https port 8443.

i.e. if you have installed SEPM 12.1 and upgrade DLO to 7.5 you may encounter problems with logging to SEPM console like:

- Server Certificate is not present in your trusted store

- Unexpected server Error

Problem disappears after service Mindtree StoreSmart Dedupe Server (tomcat7.exe) is stopped.

DLO 7.5 have new feature: Dedupe Server, which uses tomcat on https port 8443, the same port that uses tomcat in SEPM.

I solved the problem by change DLO dedupe server port to 8443. I've edited "C:\Program Files\Symantec\Symantec DLO\Dedupe\Tomcat\conf\server.xml" file in notepad. I've updated all entries of "8443" to i.e. "8449".

Other possible solution is change the SEPM port. You can do it by "Management Server...

Brandon Noble | 25 Apr 2013 | 2 comments

We have been receiving a few scattered cases of outbreaks from a file labeled snkb00ptz.exe or snkb0ptz.exe, but it seems to be on the rise.

It's normally considered poor troubleshooting to use the file name for any type of identification of a threat, but recent examples have made this practical. Even though these files were detected as many different threat names and families (Trojan.gen, w32.IRCBot.NG, Downloader, etc), the cases all reported the same behavior and symptoms.

After some additional investigation, Symantec Security Response has broken out detection for W32.Inabot. That's short for the Insomnia IRC bot. More information is available from the makers of this threat in their manual, here:

For those of you familiar with W32.Changeup,...

Mithun Sanghavi | 23 Apr 2013 | 0 comments


The following general best practices document for configuring and managing SEP 11.0 was prepared by the Symantec product team.

It is always recommended to have the Latest version of SEP 11.x on your Client machines. Check this Article:

About Maintaining Consistency of Software Versions throughout a SEP 11 Organization

See the attached files for additional documents.

Here is a general outline for configuring SEP to maximize protection from today's emerging threats:

(This outline is in order of easiest to implement first)

  1. Implement recommendations from Symantec Security Response:
  2. Validate...
riva11 | 09 Apr 2013 | 0 comments

SMARegisTry Backup is a simple open source tool for backing up and restoring only selected Registry keys. The program has a basic interface that allows you to browse the registry and create, load, save lists of registry keys you'd like to backup.
Helpful when you have to export a specific key or keys all at once and restore later in a new installation or to repair keys in a existing computer infected by a virus.

OS supported : Windows XP, Windows XP x64, Windows Vista x86 / x64, Windows 7 x86 / x64, Windows Server 2003, and all versions of Windows Server 2008

Requirements : .NET Framework 2.0 or higher

License : Free

Reference : SMARegisTry Backup   
Author:  Eric Arnol-Martin


riva11 | 09 Apr 2013 | 0 comments

Anvi Browser Repair Tool is a free and portable tool for Windows created to repair browser settings and networking settings changed by rogueware or malwares.

This is not an antivirus but help you to restore some important configurations and settings ( for example , homepage, safe startup items, DNS settings, Title Bar, BHO plug-in, etc ) after an virus attack.
System Requirements

Operating Systems :

  • Microsoft Windows XP (32-bit and 64-bit) with SP2/SP3 or Home/Professional/Media Center
  • Microsoft Windows Vista (32-bit and 64-bit) Starter/Home Basic/Home Premium/Business /Ultimate
  • Microsoft Windows (32-bit and 64-bit) Starter/ Home Basic/Home Premium/Professional/Ultimate

Hardware Requirements :

  • 300 MHz processor or faster processor
  • 128 MB of RAM
  • 50 MB of free hard disk space

License : Free

Reference :...

Mithun Sanghavi | 09 Apr 2013 | 24 comments


Symantec Endpoint Protection 12.1. RU2 MP1 is Released Today as on 8th April 2013.

You may find the Latest Release of Symantec Endpoint Protection 12.1.RU2 from:

SEP 12.1.2_MP1.JPG

This build's version is: 12.1.2100.2093.

Migration paths

Symantec Endpoint Protection 12.1.2100.2093 (RU2 MP1) can migrate seamlessly over the following:

  • Symantec Endpoint Protection 12.1.2015.2015 (RU2)

This Symantec Release build contains:

  • 18 top impacting fixes.
  • 25 internal defect fixes
  • Security updates for JRE

KnowledgeBase Articles:

Release Notes and System Requirements for all...

W007 | 04 Apr 2013 | 1 comment

How to enable Windows firewall setting in Windows 7 machine.


SEP Client disabled Windows 7 firewall setting and showing error (This Setting are being managed by vendor application Symantec endpoint protection).



How to restore windows firewall setting without uninstall NTP feature and Withdraw FW policy.

1) Open SEPM console.

2) SEPM Clients Group->Policies->Tasks->Edit Policy.



3) Create Non-Shared Policy From Copy -> Windows...