Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog
Showing posts tagged with 11.x
Showing posts in English
MattBarber | 08 Jun 2009 | 0 comments

If you ever have a question of whether or not your data is actually getting into the SEPM, a good first place to check would be in the following location:  Depending on your install directory (mine is D:\) navigate to \Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\agentinfo.  This is where information enters the SEPM from the clients.  You should be able to watch data come in and out of this folder.  There should only be a handful of files (at most) in this location.  This is a very helpful troubleshooting step when there is concern about getting data from the clients into the SEPM.  Believe it or not, a repair on the SEPM can get data flowing again if you are having this issue.  Remember never install a Maintenance pack without installing the cooresponding Maintenance Release first, even if Symantec Support tells you to.  ie, install MR .4000 before installing MP .4014.  Seems very basic,...

Kedar Mohile | 05 Jun 2009 | 5 comments

After you configure database maintenance options, the new options are applied at midnight, and not immediately.

To configure the database options:

  1. In the console, click Admin > Servers, and then select a site.
  2. Under Tasks, click Edit Site Properties, and then click the Database tab.

To configure the management server to apply the database maintenance options immediately, you can configure the conf.properties file.

To configure the config.properties file:

  1. Open the conf.properties file, located in the C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\etc directory by default.
  2. Change the following parameters:
  • Change scm.object.idletime=3600000 (in milliseconds) to a smaller number. The default setting is 1 month.
  • Change scm.timer.objectsweep=900 (in seconds) to a smaller number.The default setting...
thaller | 03 Jun 2009 | 1 comment

Hello all,

This is my first blog post, but I hope to continue these in the future as situations arise, to help others with their SEP Deployments.

At my Organization we currently have 2 SEP Managers (MR4 MP1), that are replicating between each other. Our primary site is running on a Windows 2003 R2 SP2 Machine and has its DB on a separate server running SQL 2005 SP2 on a Windows 2003 R2 SP2 machine. Our Secondary Site is on a Windows 2003 R2 SP2 Machine running SQL 2005 SP2 on the same machine. These Sites are connected over a DS3 WAN Link approx. 200 Mi apart.

This past weekend the blade that is running the primary sites SQL DB failed, and the SEP Manager informed all of our administrators approx. 5-10 min prior to our other monitoring solution. I know that this looks bad for our primary server monitoring system, however SEP alerted us to a Database Down incident first, which got the ball rolling, and it also pointed out that we need to fine tune our primary...

Bored Silly | 28 May 2009 | 7 comments

A Zero-Day virus is defined as, "a previously-unknown computer virus or other malware for which specific antivirus software signatures are not yet available."    Everybody has their different tricks and techniques when it comes to dealing with Zero-Day remediation.  This is what I do when someone calls me suspecting they are infected on my network.

1. You’ll need a copy of the PSLIST tool from the Sysinternals or PSTools Suite. From a command prompt launch: PSLIST -s \\computer-name or PSLIST \\computer-name

  • Note: Drop the -s to see a static view of the processes but keep in mind that some malware only stays visible for seconds or will constantly change it's port numbers.
  • Note #2: You hit ESC to exit the -s mode

2. Examine the list of running processes to see...

stebro | 26 May 2009 | 2 comments

The Symantec Endpoint Protection Integration Component 7.0 provides integration between the Symantec Management Platform 7 and Symantec Endpoint Protection 11.

Features include:

Antivirus Inventory

Identifies installed endpoint security products from Symantec, McAfee, Trend, Sophos, CA, F-Secure, Kaspersky, and ESET
Details on Symantec Endpoint Protection client
Symantec Endpoint Protection Client Migration Job

Task based uninstall, restart, and Symantec Endpoint Protection Installation
Tasks can be customized for and blended with any Task Server task
Symantec Endpoint Protection Client Tasks

Full and Quick Virus Scans
Update virus definition and other security content
Repair Symantec Endpoint Protection client
Reporting

Antivirus summary
Computers with Tamper Protection enabled
Migration details including installation failure feedback
Benefits include:

...

Gina Sheibley | 18 May 2009 | 1 comment

One of the keys to keeping a small business up and running is protecting critical information safe from potential spyware, malware and spam threats. Small businesses need an easy, reliable, cost-effective way to make sure their important data is secure and available. In today’s environment of exponential data growth and more sophisticated threats, protection requires more than just antivirus.

Security threats are increasing in complexity and number, and many are now designed to target specific information while also evading detection by a single security mechanism such as antivirus. And many of today’s attacks do not discriminate based on the size of the company. In addition to this the volume of information small businesses must protect continues to expand.

A multi-faceted suite that provides protection and backup and recovery capabilities will allow small businesses to protect the information that drives their businesses.

Current malware...

Nirav Mistry | 14 May 2009 | 2 comments

When ever there is problem with the liveudpate not downloading the defnintions and you come across the error codes (e.g LU1835) which might not mean any thing to you, well below is the information which will help you to determine what exactly those numbers means.

1800 The operation was successful or the patch installed successful
1801 The user pressed the Cancel button or some other process (callback) told LiveUpdate to Cancel.
1802 COM Initialization failed (CoInitialize() function comes back as failed.) - We display a Windows Message Box at the start of LiveUpdate processing, before we create LuComServer.exe and before we create the normal UI.
1803 Our generic error code that we use when we don't know what happened or we don't try to get any extended error information.
1804 We didn't have enough system memory available to declare some object.
1805 There are no registered products in the Product Catalog.
1806 All downloaded patches...

Gina Sheibley | 12 May 2009 | 1 comment

Direct Agents, a New York city-based advertising agency with 40 employees, is in a small majority of SMBs that have implemented an effective security system. An April 2009 Symantec survey on the storage and security in small and mid-sized businesses found that while SMBs are familiar with cyber risks and have clearly defined goals for security and storage, a surprisingly high number (33%) have yet to take even the most basic steps towards protecting their businesses, such as implementing antivirus or backing up their data.

As an advertising agency focused on interactive, online media, Direct Agents employees spend their workdays visiting websites and reading email that other companies might consider suspect. For that reason, protection at Direct Agents needs to occur at each individual computer. Because the company...

Nirav Mistry | 12 May 2009 | 2 comments

ISSUE
• Clients not communicating with Symantec endpoint protection manager.
• Server offline under help & support troubleshooting.
CAUSE
• The traffic on IIS port is been blocked by windows firewall.
SOLUTION
• Check the IIS port for Symantec Web Server.
• Create a firewall rule to allow traffic on port used by Symantec web server.
• Usually in windows 2008 server the traffic on port 80 would be allowed.
• If Symantec endpoint protection manager is installed on custom web site with some different port the communication will be blocked.
 

Kedar Mohile | 11 May 2009 | 3 comments

100 Series Informational - These status codes indicate a provisional response. The client should be prepared to receive one or more 1xx responses before receiving a regular response.
100 Continue.
101 Switching protocols.
Description
200 Series Success - This class of status codes indicates that the server successfully accepted the client request.
200 Okay - The client request has succeeded This status code indicates that the Web server has successfully processed the request
201 Created.
202 Accepted.
203 Non-authoritative information.
204 No content.
205 Reset content.
206 Partial content.

300 Series Redirection - The client browser must take more action to fulfill the request. For example, the browser may have to request a different page on the server or repeat the request by using a proxy server.
302 Object moved.
304 Not modified. The client requests a document that is already in its cache and...