Video Screencast Help
Security Community Blog
Showing posts tagged with 11.x
Showing posts in English
thaller | 03 Jun 2009 | 1 comment

Hello all,

This is my first blog post, but I hope to continue these in the future as situations arise, to help others with their SEP Deployments.

At my Organization we currently have 2 SEP Managers (MR4 MP1), that are replicating between each other. Our primary site is running on a Windows 2003 R2 SP2 Machine and has its DB on a separate server running SQL 2005 SP2 on a Windows 2003 R2 SP2 machine. Our Secondary Site is on a Windows 2003 R2 SP2 Machine running SQL 2005 SP2 on the same machine. These Sites are connected over a DS3 WAN Link approx. 200 Mi apart.

This past weekend the blade that is running the primary sites SQL DB failed, and the SEP Manager informed all of our administrators approx. 5-10 min prior to our other monitoring solution. I know that this looks bad for our primary server monitoring system, however SEP alerted us to a Database Down incident first, which got the ball rolling, and it also pointed out that we need to fine tune our primary...

Bored Silly | 28 May 2009 | 7 comments

A Zero-Day virus is defined as, "a previously-unknown computer virus or other malware for which specific antivirus software signatures are not yet available."    Everybody has their different tricks and techniques when it comes to dealing with Zero-Day remediation.  This is what I do when someone calls me suspecting they are infected on my network.

1. You’ll need a copy of the PSLIST tool from the Sysinternals or PSTools Suite. From a command prompt launch: PSLIST -s \\computer-name or PSLIST \\computer-name

  • Note: Drop the -s to see a static view of the processes but keep in mind that some malware only stays visible for seconds or will constantly change it's port numbers.
  • Note #2: You hit ESC to exit the -s mode

2. Examine the list of running processes to see...

stebro | 26 May 2009 | 2 comments

The Symantec Endpoint Protection Integration Component 7.0 provides integration between the Symantec Management Platform 7 and Symantec Endpoint Protection 11.

Features include:

Antivirus Inventory

Identifies installed endpoint security products from Symantec, McAfee, Trend, Sophos, CA, F-Secure, Kaspersky, and ESET
Details on Symantec Endpoint Protection client
Symantec Endpoint Protection Client Migration Job

Task based uninstall, restart, and Symantec Endpoint Protection Installation
Tasks can be customized for and blended with any Task Server task
Symantec Endpoint Protection Client Tasks

Full and Quick Virus Scans
Update virus definition and other security content
Repair Symantec Endpoint Protection client

Antivirus summary
Computers with Tamper Protection enabled
Migration details including installation failure feedback
Benefits include:


Gina Sheibley | 18 May 2009 | 1 comment

One of the keys to keeping a small business up and running is protecting critical information safe from potential spyware, malware and spam threats. Small businesses need an easy, reliable, cost-effective way to make sure their important data is secure and available. In today’s environment of exponential data growth and more sophisticated threats, protection requires more than just antivirus.

Security threats are increasing in complexity and number, and many are now designed to target specific information while also evading detection by a single security mechanism such as antivirus. And many of today’s attacks do not discriminate based on the size of the company. In addition to this the volume of information small businesses must protect continues to expand.

A multi-faceted suite that provides protection and backup and recovery capabilities will allow small businesses to protect the information that drives their businesses.

Current malware...

Nirav Mistry | 14 May 2009 | 2 comments

When ever there is problem with the liveudpate not downloading the defnintions and you come across the error codes (e.g LU1835) which might not mean any thing to you, well below is the information which will help you to determine what exactly those numbers means.

1800 The operation was successful or the patch installed successful
1801 The user pressed the Cancel button or some other process (callback) told LiveUpdate to Cancel.
1802 COM Initialization failed (CoInitialize() function comes back as failed.) - We display a Windows Message Box at the start of LiveUpdate processing, before we create LuComServer.exe and before we create the normal UI.
1803 Our generic error code that we use when we don't know what happened or we don't try to get any extended error information.
1804 We didn't have enough system memory available to declare some object.
1805 There are no registered products in the Product Catalog.
1806 All downloaded patches...

Gina Sheibley | 12 May 2009 | 1 comment

Direct Agents, a New York city-based advertising agency with 40 employees, is in a small majority of SMBs that have implemented an effective security system. An April 2009 Symantec survey on the storage and security in small and mid-sized businesses found that while SMBs are familiar with cyber risks and have clearly defined goals for security and storage, a surprisingly high number (33%) have yet to take even the most basic steps towards protecting their businesses, such as implementing antivirus or backing up their data.

As an advertising agency focused on interactive, online media, Direct Agents employees spend their workdays visiting websites and reading email that other companies might consider suspect. For that reason, protection at Direct Agents needs to occur at each individual computer. Because the company...

Nirav Mistry | 12 May 2009 | 2 comments

• Clients not communicating with Symantec endpoint protection manager.
• Server offline under help & support troubleshooting.
• The traffic on IIS port is been blocked by windows firewall.
• Check the IIS port for Symantec Web Server.
• Create a firewall rule to allow traffic on port used by Symantec web server.
• Usually in windows 2008 server the traffic on port 80 would be allowed.
• If Symantec endpoint protection manager is installed on custom web site with some different port the communication will be blocked.

Kedar Mohile | 11 May 2009 | 3 comments

100 Series Informational - These status codes indicate a provisional response. The client should be prepared to receive one or more 1xx responses before receiving a regular response.
100 Continue.
101 Switching protocols.
200 Series Success - This class of status codes indicates that the server successfully accepted the client request.
200 Okay - The client request has succeeded This status code indicates that the Web server has successfully processed the request
201 Created.
202 Accepted.
203 Non-authoritative information.
204 No content.
205 Reset content.
206 Partial content.

300 Series Redirection - The client browser must take more action to fulfill the request. For example, the browser may have to request a different page on the server or repeat the request by using a proxy server.
302 Object moved.
304 Not modified. The client requests a document that is already in its cache and...

Nel Ramos | 07 May 2009 | 25 comments

Hi Team,

Although we are fortunate to have generous gurus in the field of Symantec AV, still many of us here in this forum needs additional support to master our trade, IT Security.
We need additional information and data that would satisfy our constant thirst for knowledge.
I felt that a blog where we could put all Symantec videos, wether trainings or interviews from the masters could help us to accomplish this feat.

Let's use this blog to help others gain more thru learning.
Being a new member in this forum, This helped me to gain a third of what I know about Symantec through the generous thoughs of our fellow members and advisers.
I also notice that many members in Symantec Connect requests for learning videos.
Why not have a blog that links to them.
Let me start by including this link in the blog.


mon_raralio | 06 May 2009 | 13 comments

Monitoring for virus coming from the Internet would really help in preventing infections, at least on the entry-point where a client accesses a malicious website.
My first step would be to get the reports from the SAV or SEP reporter. The file would contain information on the infection particularly the path where the infection was detected.
Internet files would be stored in C:\Documents and Settings\username\Local Settings\Temporary Internet Files

Take note of the computer name, the username, and the time of infection.

I'm using Internet Explorer History Viewer and checking the remote PCs visited sites (assuming that the user hasn't yet deleted the history) and cross checking the sites visited at the time of infection.
The application shows the history in html table format so it's easy to see the sites visited.

I also use Norton Safe Web to get additional details on the website that was visited....