Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.
Security Community Blog
Showing posts tagged with 11.x
Showing posts in English
Christopher Johnson | 16 Sep 2014 | 0 comments

On September 15, 2014, Symantec issued a SONAR release via Live Update definitions, which erroneously detected some low prevalence files as malicious. The false positive was reported as a SONAR.SuspLaunch detection.

Symantec discovered the issue and had a roll back release available to the field within forty five minutes.  But unfortunately some customers were affected by the issue.  All customers with current SONAR definitions  will not be affected by the issue. The problem has been corrected.

Symantec is currently addressing the internal factors that caused the problem and will make the proper changes to ensure we do not repeat this issue.

Chetan Savade | 27 Aug 2014 | 12 comments

#Updated: 22nd September'2014

This blog contains all the versions of SEP and SEPM (Symantec Endpoint Protection Manager) which were released since the first version of SEP in Sep 2007.

It contains the Enterprise Editions (EE) and Small Business Editions (SBE)

RTM - Release To Manufacturing

MR - Maintenance Release (replaced by RU)

RU - Release Update

MP - Maintenance Pack

PP - Point Pack

 

                            SEP Enterprise Edition/Small Business Edtion 12.1.x

Note: SEP 12.1 Enterprise Edition & Small Business Edition have the same version code and product name.

 Name

 Version

  Release date (English)

Release Notes

 RTM

 12.1.671.4971   

...
Kari Ann | 21 Aug 2014 | 1 comment

Demand for cyber-security professionals is growing twice as fast as other IT jobs, according to the report by Burning Glass, and the availability of necessary skills appears to be “outstripping supply.” Given the complex and competitive environment, how do cyber-security professionals keep up with the expertise required to move endpoints “beyond antivirus” in today’s digital age? 

Complex threats and internal challenges require focus on building an architecture with efficiency and effectiveness. A solid endpoint security architecture under-pins every foundation from the small-business to even the most complex enterprise. 

With constrained resources, is it possible to improve your security architecture without spending another cent? 

The simplest place to start is with Symantec’s...

Kari Ann | 07 Aug 2014 | 4 comments

The prevalence of zero-day vulnerabilities hit close to home this week when a North American penetration tester published a report claiming they had found a vulnerability in Symantec Endpoint Protection. The reality of Symantec’s ISTR vo. 19 seeing a 64%* increase in zero-day discoveries last year came alive as the Endpoint Protection product team reacted quickly to confirm and respond to the risk with a patch (available on FileConnect).

To date, no known compromise has been reported due to this medium severity vulnerability. The issue affects the Application and Device Control component of Symantec Endpoint Protection. If exploited, it could result in a client crash, denial of service or, if successful, escalate to admin privileges and gain control of the system.

It’s important to note that the vulnerability is not...

Brandon Noble | 01 Aug 2014 | 0 comments

Security Response is aware of an alert from US-CERT regarding a threat they are calling Backoff. This threat family is reported to target Point of Sale machines with the purpose of logging key strokes and scraping memory for data (like credit card info) and then exfiltrating the data to the attacker.

Symantec Security Response is currently investigating this threat family and is working to obtain samples that were mentioned in the IOC section of the CERT alert. All detections for threat files have been, or will, be mapped to: Trojan.Backoff

Detection information:
AV:      Trojan.Backoff – available in RR def 20140731.025 (156267)
IPS:   ...

SebastianZ | 17 Jul 2014 | 0 comments

Following Security Bulletins have been released in July 2014:

 

Microsoft

Microsoft Security Bulletin Summary for July 2014

https://technet.microsoft.com/library/security/ms14-jul

Symantec product detections for Microsoft monthly Security Advisories - July 2014

http://www.symantec.com/docs/TECH146537

 

MS14-037

Cumulative Security Update for Internet Explorer (2975687)

Critical 

Remote Code Execution

MS14-038

Vulnerability in Windows Journal Could Allow Remote Code Execution (2975689)

...
ryanschoenherr | 08 Jul 2014 | 0 comments

Need complete visibility into your environment?  Do you find yourself reactive to breaches or always behind intrusions?  MetriX dashboards can provide complete visibility into your security environment and give you the power to be proactive!

 

Check out MetriXdashboards for more information and ways to utilize MetriX to increase your efficiency.

 

EP dashboard.png

DLP dashboard.png

 

For more information or to schedule a demo please contact:

Ryan Schoenherr

810-877-1743

...

Chetan Savade | 21 May 2014 | 1 comment

Hi,

PowerShell script to validate that all machines in your OU have Symantec Endpoint Protection (SEP) anti-virus client installed and started. Generates a color-coded Excel report highlighting problematic nodes.

Refer this link and download the script from here: http://gallery.technet.microsoft.com/scriptcenter/Symantec-Endpoint-8e47c450

Reference link: http://www.reddit.com/r/sysadmin/comments/25mtye/finding_symantec_endpoint_clients_on_network/

Note: This method is not supported by Symantec. Symantec recommends to use unmanaged detector.

Chetan Savade | 17 Apr 2014 | 26 comments

Hello Everyone,

Symantec Endpoint Protection 12.1 Release Update 4 Maintenance Patch 1A (12.1.4104.4130 - 12.1 RU4 MP1a) English has been released and is now available for customers to download on FlexNet. This new SEPM release addresses the OpenSSL “Heart Bleed” vulnerability. Additional language versions will become available throughout the week.

Please refer to the following KB article for additional detail:

Is Symantec Endpoint Protection affected by the Heartbleed OpenSSL vulnerability (CVE-2014-0160)

  • The new SEPM build is labeled RU4 MP1a with a version number of 12.1.4104.4130.
  • This version of the SEPM is supported for migrations over any version of the SEPM (Customer does not need to update to RU4 prior to applying the MP1a)
  • The only...
SebastianZ | 13 Mar 2014 | 0 comments

Symantec Help (SymHelp) is a diagnostic utility used to help automate support for multiple Symantec products.  SymHelp features a new utility, the Threat Analysis Scan, that can help to identify suspicious files on a system.  This new feature replaces the previously known Load Point Analysis and Power Eraser tools.

Use the Threat Analysis Scan when you believe there might be malware on a system but security software is either unable to detect it or to remediate it. The Threat Analysis Scan can help to identify the following types of malware

  • New variants of existing threats that are not detected by the current definition sets
  • Fake antivirus applications and other rogueware
  • Rootkits
  • System settings that have been tampered with maliciously

Because the Threat Analysis Scan uses aggressive heuristics to detect these threats, there is a risk that...