Video Screencast Help
Security Community Blog
Showing posts tagged with Critical System Protection
Showing posts in English
Brandon Noble | 01 Sep 2011 | 0 comments

Over the weekend, Microsoft and F-secure issued warnings about a new global threat called “Morto”, and The Internet Storm Center has been seeing a large spike in traffic on Port 3389.

The spike looks to have been caused by the RDP (Remote Desktop) portion of the worm calling around looking for RDP connections. Once it finds one, it uses a small list of weak passwords and  ..pwnage ensues.

Symantec detects this threat as W32.Morto and Security Response and will continue to perform deeper analysis throughout the next several days. So far, they have uncovered several dozen different MD5s that are all part of this same threat family.


Signs of Morto in your environment

As we learned with W32.Downadup:
Brute force attacks + Small list of passwords = Account lockouts.


SecuredThatToo | 17 Feb 2011 | 1 comment

Symantec just announced a pretty cool, interactive, free tool to help stay abreast of security trends and activities.  It even has historical data!  There’s an online version, a installable Windows gadget and you can access it via your mobile phone!  It's pretty slick!

Online Web Portal:

Windows Gadget Download:


Check it out!!!

Min Ju

Hear4U | 08 Sep 2010

Here's your chance to be "King for a Week" with our new Security Solutions Contest! 

What Is the Security Solutions Contest?
It's all about solving end user questions in the forums area.  We created this contest to help increase the total number of solutions on the Security Community.  We are going to select threads we'd like you to solve, and give you an opportunity to win a weekly prize. Yes, I said "weekly!"  Keep reading to find out more about the prize!

How Do I Participate?
First, if you want to play, pull out your dust-ridden, coffee stained endpoint protection & related security product manuals, re-read all the latest and greatest knowledge base articles, and put your thinking-caps on! 

Why?  Because to be the "King for a Week" in this contest, you need to be able to solve popular forum threads that will be hand...

Hear4U | 30 Aug 2010 | 0 comments

Threat of cybercrime grows across the globe

Cybercrime is a growing concern for SMBs and individuals around the world. As part of National Cyber Security Awareness Week, an initiative of the Australian Government, a Symantec survey revealed that 56 percent of SMBs in Australia were affected by cybercrime in 2009, up 10 percent from 2008. While increases in both the amount and complexity of attacks are to blame, the change can also be attributed to the decline in IT budgets over the past year.

To fight this growing international trend, governments have gotten involved. The Mexican Senate recently passed the Federal Data Protection Act, a new law on data protection that will levy penalties up to $1.5 million for violators of the law. Jurisdiction for the country’s Federal Institute of Access to Information and Data Protection will expand to cover the protection of personal information of private individuals and entities, helping to guarantee data...

Hear4U | 30 Aug 2010 | 4 comments

Hello All,

IT Analytics (ITA) will now be offered to SEP, Altiris and Protection Suite customers for free via FileConnnect.

There will be no changes from how ITA is currently supported.  GDSS will continue to route all ITA calls to the Altiris support team to be resolved.

Below is some general information and links concerning ITA.


Thank you,

-Sean Downs


Symantec IT Analytics FAQ


Q1. What is IT Analytics?

IT Analytics enables users to maximize the value of the data that resides within the Altiris and Symantec Endpoint Protection by incorporating multidimensional analysis and robust graphical reporting features. This allows users to explore the databases without advanced knowledge of databases or third-party reporting tools, empowering them to ask and answer their own questions quickly, easily, and effectively. Features include powerful on-the-fly ad-hoc...

Aniket Amdekar | 11 Aug 2010 | 0 comments

MS10-049 – Vulnerabilities in SChannel Could Allow Remote Code Execution (980436)

  • Analysis
    This patch addresses 1 remote code execution vulnerability and 1 spoofing vulnerability within the SChannel security package in Windows. Attackers will attempt to lure victims to view an attacker-controlled site, which will execute remote arbitrary code on the victim’s machine.
  • Recommendations
    Administrators are urged to patch all affected systems as soon as possible. There is currently no workaround for the remote code execution vulnerability described in this bulletin. Until patches are complete, a workaround for the spoofing vulnerability can be made. Require mutual authentication on IIS servers.

MS10-051 – Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2079403)...

Hear4U | 20 Jul 2010

If you are considering a Symantec product for your business, this is a great place to start!  Let us help you understand how to utilize the power of Symantec's solutions.  Information discussed includes key challenges, environment, applications, services provided, among others.  This new series of Customer Success Stories will focus on both small/mid-size businesses, and enterprise success stories.  Links are generally PDF files.

Small and Mid-Size Business

Apprise Software (U.S.)
For Apprise Software, Symantec Hosted Endpoint Protection provides improved protection, is simple to deploy and easy to use, and will cut its monthly security review time in half.  View story

John Septimus Roe Anglican Community School (Australia)

Sagar Desai | 02 Jul 2010 | 0 comments

Cisco recently announced the end-of-life of its Cisco Security Agent (CSA).  Support ends in December 2013, giving CSA users time to thoroughly review their options and implement a full-featured security solution from a vendor that is committed to security.  There are several questions CSA users must ask before partnering with a new vendor, and Symantec Corp. will provide the answers during a webcast on Thursday, July 8, 2010 at 11 a.m. Pacific.

The real power of CSA was policy enforcement, not detection.  Therefore CSA users will need solutions that not only match CSA’s strengths, but also provide state-of-the-art protection.  Symantec offers policy-based solutions that don’t compromise on detection or remediation.  These start with Symantec Endpoint Protection and extend to our enterprise protection suites:...

dschrader | 24 Jun 2010 | 0 comments

Cisco recently announced end of-sales and the coming end-of-life the Cisco Security Agent (CSA) with support ending in a few years.  CSA users shouldn’t wait until then to switch to a full featured security solution from a vendor that is committed to security.
When Cisco first acquired Okena (the creators of CSA), it represented a bold but flawed vision of the future of endpoint security.  The promise behind CSA was proactive, zero-day protection against malicious code and intrusions through rules-based host intrusion prevention system (HIPS).  The implied promise was that behavioral protection would replace signature scanning and eliminate the need for virus protection.  Later, Cisco relented and started recommending that CSA be used in conjunction with an open source antivirus engine called ClamAV.  However, ClamAV has never offered state-of-the-art detection and even combined, CSA and ClamAV lack key layers of protection needed...

jlconrod | 13 Mar 2010 | 0 comments

Feedback on Robert Keith's Blog Microsoft Patch Tuesday March 2010


2. MS10-017 Vulnerability in Microsoft Movie Maker Could Allow Remote Code Execution (975561)

CVE-2010-0265 (BID 38515) Microsoft Windows Movie Maker and Producer '.mswmm' Buffer Overflow Vulnerability (MS Rating: Important / Symantec Urgency Rating 7.1/10)

A remote code-execution vulnerability affects Movie Maker and Microsoft Producer when processing specially crafted Movie Maker project files (‘.mswmm’). An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious Movie Maker project file with the affected application. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.