Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog
Showing posts tagged with 11.x
Showing posts in English
Sumit G | 03 Feb 2012 | 2 comments


Need to set the password to disable Smc service


For the Security Purpose required to Set the password


Go to SEPM.

Login Console with Admin Id.

Go client Tab and then choose the Group where you want to set the password.

Under that Group choose the policy TAB.

Click on General Setting then tab on Security Setting.

There four option avail

Check the "Require a password to stop the client service"

Enter the passwor that have mention on right hand side of the security tab.

Then ok and then right click on that Group and update the content.

It will set the password to stop the SEP.(command smc...

AR Sharma | 21 Jan 2012 | 4 comments

What actually happens in a war? We tend to destroy airports, bridges, refineries, power plants, nuclear plants etc. These are basics for the economy of any country. How much do we spend in war? billions of dollars!

Stuxnet- a Malware, exploited many vulnerabilities of SCADA system, and destroyed Iran's nuclear power plant. It sent Iran's nuclear power plant 6-7 years behind. All this was done without any socio-economic disturbance. No war fought. No loss of lives. SCADA systems are used in nuclear power plants, refineries and other industries where PLCs (programmable Logic Controllers) are used. Manufacturer of this kind of system are Siemens, Honeywell, ABB etc.

Such a huge impact of Stuxnet is not a matter of chance. Stuxnet must be made carefully for this purpose. Huge investment might have gone in Stuxnet too.

Looking at the impact and cost of Stuxnet, it would be it's insult if we call Stuxnet a Malware- It's actually the first CYBER WEAPON...

GrahamA | 11 Jan 2012 | 1 comment

Happy new year to you all!

The Symantec LUA team released version 2.3.1 in Dec. Just a quick status update for you in relation to how things have been going since then.

We've seen over 200 successful customer installs/upgrades of LUA 2.3.1 so far and feedback has been very positive.

As a recap, 2.3.1 introduced the following enhancements:

  • The LUA web server service will now automatically restart if it crashes or terminates unexpectedly.
  • LUA will now automatically install and utilise an optimised private Java Runtime Environment (version 1.6 update 27). This also means it is no longer necessary to separately install a public JRE for use by LUA.
  • It is now possible for LUA to automatically run multiple specified distribution tasks after a download task completes.
  • New quick link added to the user interface which allows customers to quickly and easily capture all LUA-related troubleshooting...
Seyad | 14 Sep 2011 | 0 comments


Installing NTP on the cluster blocks the communication between Windows Server 2008 Failover cluster nodes
Following the article TECH91154 doesn't resolve the issue.


By default, the "Microsoft Failover Cluster Virtual Adapter" (NetFT.sys) uses IPv6 to communicate with other nodes in the cluster. If you have an IPv4 configuration, then IPv6 is tunneled over IPv4 to establish sessions with remote nodes. If IPv6 is completely unavailable in your environment, the nodes will then communicate by IPv4. It is possible to disable IPv6 and still have the cluster function correctly but it is recommended to enable IPv6 with Windows 2008, 2008 R2 Failover clustering.

Reference: For more information about IPv6 on cluster please refer to the below article from "Windows Failover Cluster Team":

pannawich pornwattana | 01 Sep 2011 | 0 comments

ปัญหานี้จะเกิดเมื่อ ลงตัว sep12.1 แล้วต้องการจะ activate license ครับ

วิธีแก้ไข ให้่เชคดังนี้ครับ เข้าไปที่ control panel > regional and laguage > เปลีย่นทุกอันที่เป็นภาษาไทย ให้เป็น english ครับ (ได้หมดไม่ว่าจะเป็น USA,England)

> แล้ว restart 1รอบ ครับ > ลอง activate อีกรอบครับ 

ถ้าต้องการที่จะใช้เป้นภาษาไทยให้เปลีย่นหลังจากที่ activate เสร็จแล้วครับ

pannawich pornwattana | 01 Sep 2011 | 0 comments

ปัญหาที่มักจะพบใน sepm คือ "ทำไม Client บางเครื่องอัพเดท แล้วทำไมบางเครื่องไม่อัพเดท"

ให้ทำดังนี้ครับ check ที่เครื่อง manager ก่อน ว่า definition ที่เครื่อง manager มีเป็นเวอร์ชั่นล่าสุดรึเปล่า  ถ้าไม่ ก็ไปที่ แถบ admin เลือก server > local server > live update

แล้วลองกด อัพเดท content ดูครับ

ถ้ากด live update ที่ตัว manager แล้วมี show ว่า error return code 4  ให้ check ก่อนว่าเครื่องเซิฟเวอร์ต่อกับ internet ได้ไหม ปกติเวลาขึ้น return code =4 คือไม่สามารถเชื่อมต่อ กับ internet ได้

ถ้าทำการอัพเดทเครื่อง manager เป็น definition ล่าสุดแล้ว กด update content ได้เลยครับ เพื่อกระจาย def ใหม่ ให้เครื่องที่ยังไม่ได้อัพเดท

ส่วนเครื่องที่อัพ เดทก่อน manager ถามว่าทำไมมันถึงอัพเดท ลองเข้าไปเชค policy ของ life update ก่อนครับว่า ติีก อนุญาติ ให้เครื่อง client อัพเดทผ่านเน็ตได้หรือป่าวครับเพราะว่าถ้า ติ๊กเอาไว้แล้วเซิฟเวอร์ไม่อัพเดท เครื่อง client จะไปเอา definition ที่เซิฟเวอร์ของ symantec ครับ

mon_raralio | 06 Jul 2011 | 0 comments

First of all, I'll admit that this is not my best blog so far. It looks like I'm rambling. But I hope that in the chance that you'll read this in its entirety that you'll learn somthing related to malware removal.

This was checked in for fixing. It's a laptop with wi-fi capabiliy. Used in one of the branch offices. And just by looking at the shortcut icons shows that it is being used for unrestricted broadband Internet connections. The laptop was obviously infected. SAV client was disabled and non of the softwares ran. The nature of the threat also disables the task manager, the folder options, and the command prompt. Other default MS softwares are also disabled and the main concern here is to be able to run the AV first.

To be able to check this further. I needed to 1.) Gain access to the programs, and 2.) Identify the malware.

The first one would be a challenge. I started with identifying the malware which is pretty much...

kochc | 28 Jun 2011 | 1 comment

In response to the Win32/Popureb.e threat being propogated on the internet, Symantec's response was:

The Popureb family is nothing new and we have seen variants of this family for months. Most are detected as Trojan.Fakeav, but it appears this variant that MS has dubbed as “E” might be a little more severe. Everythingthat we have read says it does nothing that Trojan.Tidserv doesn’t already do.

In order to provide specific info on this what MS is referring to in their “E” variant, Symantec need to get the code from them. To that end Symantec has already asked them for it and are awaiting it from them.

Joao Costa | 13 Jun 2011 | 0 comments

Some random bit of knowledge that I ran across today while troubleshooting a Symantec Endpoint Protection Manager 11.x issue with a customer: 

Sometimes you may need to specify the Php.ini path in IIS (Handler Mappings of the Reporting virtual directory > edit the PHP entry) by adding the 8.3 path (short DOS path) to php-cgi.exe followed by –c parameter and 8.3 path to Php.ini (for more information check Specifying which php.ini the Endpoint Protection Manager (SEPM) Reporting website uses). This is useful or maybe even required if you have more than one PHP version installed in your server.

In this case I tried to find the 8.3 Path of the SEPM folder to add it in IIS with the dir /X switch but it simply didn’t exist. This particular SEPM folder didn’t have a short path..


Chad Dupin | 01 Jun 2011 | 0 comments

ITS Partner is looking to hire a few Symantec Security Consultants / Engineers.



West Michigan / Grand Rapids, MI Area.

Job Summary

This position will be focused on the implementation of Symantec security products within various customer environments. Job responsibilities include assessing customer needs and expectations, designing solutions to meet those needs, and then implementing the design. In addition to these activities the consultant will participate in the sales process (proposal creation, presentations, sales calls, demos, etc.). This position has the opportunity to grow into a leadership role within ITS to help guide and direct the security team.

Preferred Technical Qualifications

  • Symantec Endpoint Protection
  • Symantec Endpoint Encryption
  • Symantec Data Loss Prevention
  • Control Compliance Suite
  • PGP

Technical Knowledge