Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog
Showing posts tagged with 11.x
Showing posts in English
w-d | 28 Apr 2011 | 0 comments

It happens many times that you try to install SEP or SEPM and at the end it rolls back.

To avoid losing time by guessing what could be the cause of such issue it is worth to find the installation log and look. It gives you much useful information and sometimes helps you to resolve the problem very quickly.

Installation log’s names for the above products are:

sep_inst.log for SEP

sepm_inst.log for SEPM

Usually they are stored in the temporary folders:



C:\Documents and Settings\User_Name\Local Settings\Temp (where User_Name is currently logged user. You can open this temp by typing %temp% in start -> run)

If the installation log will not be found in none of those locations, you can search for those names on your whole disk.

If still cannot be found, you might have to force the creation of the installation log. In...

jomargonzales | 06 Apr 2011 | 0 comments

I have discovered an online tool whihc is very useful in analyzing file if malicious or not.

Virustotal is a service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines.


mon_raralio | 05 Apr 2011 | 3 comments

I'd like to share the free tools I downloaded from the Internet. These are the tools that I use almost on a daily basis in deplyoment and troubleshooting SEP clients for the past few months. All of these are freeware so you can use it as long as management approves. So, here goes:

  • PingInfoView - Used to ping multiple clients by list. Either hostname or IP and you can select either ping once or continous and also set the maximum time to wait before timeout. This one doesn't get detected as a malware by Symantec. I use this with the reports of non-reporting clients to check if they're online before starting up the Sylink replacer. You can copy or export the results into a spreadsheet.
  • PSList - a DOS utility from SysInternals that I use to show the running processes. Although you can use the tasklist in DOS which is already available in XP by default. I follow this with:
  • PSKill - a DOS utility from SysInternals to terminate processes on...
Maciej_Jedrzejczyk | 16 Mar 2011 | 0 comments

De temps en temps nos clients nous contactent avec un souci de co-operation entre le client Symantec Endpoint Protection et les systemes d'exploitation Windows en version Vista/7/2008. Cela peut prendre plusieurs formes, par exemple l'installation est interrompue ou a la suite d'installation les services relatifs au SEP montrent des divers messages d'erreur. Le problème réapparait même après plusieurs redémarrages.

Quoi faire dans cette situation?

Premierement, verifions la version de produit.

Ce n'est qu'a partir de version RU5 que le support officiel est donne aux OS plus modernes comme Windows Vista, Windows 7 ou Windows Server 2008 / 2008 R2. Voici la liste des versions qui sont compatibles avec ces systemes:

11.0.5002             RU5

11.0.600.550     ...

Vera | 13 Mar 2011 | 0 comments
Sydney Symantec Endpoint Protection user group meeting on 15 March, 2011 has been cancelled.  Please return for updates on the next user group meeting.
Mark Maynard | 10 Mar 2011 | 1 comment

We had a great Chicago Security & Compliance User Group meeting on March 8.  A fantastic presentation by Rich Bagurdes was very valuable and shows some real world examples of how to leverage all of SEP's features.  There was also another great presentation by Min about SEP 12.1 Amber that highlighted the new virtualization features and generated lots of additional questions and interest around the upcoming SEP 12.1  product.

Here are the available slides and even some video of the presentation.  Thanks goes to everyone who participated to make this another great event.  I am looking forward to participating at the next one that is coming soon in August 2011.



mon_raralio | 16 Feb 2011 | 0 comments

Good news from Microsoft.

In Windows XP, Windows Vista, and Windows Server 2003, AutoRun entries were populated for all devices that had mass storage and had a validly formatted AutoRun.inf file in the root directory. This included CDs, DVDs, USB thumb drives, external hard disks, and any volume that exposed itself as mass storage. This update disables AutoRun entries in AutoPlay, and displays only entries that are populated from CD and DVD drives. Effectively, this prevents AutoPlay from working with USB media.

Affect on end users and end-user software

loadTOCNode(2, 'moreinformation');

  • Many existing devices in market, and many upcoming devices, use the AutoRun feature with the AutoPlay dialog box to present and install software when DVDs, CDs, and USB flash drives are inserted.
  • Users who install this update will no longer receive a setup message that prompts them to install programs that...
Spencer Parkinson | 16 Feb 2011 | 0 comments

After the dust settled at the 2011 SC Magazine Awards on Tuesday night at RSA 2011, Symantec emerged as one of the big winners. Of the 10 categories in which Symantec was named a finalist, we won in four of them, including the following:


Spencer Parkinson | 16 Feb 2011 | 0 comments

In his keynote speech at the 2011 RSA Conference, Enrique Salem, Symantec’s president and CEO, shared his perspective on what is happening in the security industry. Enrique took the crowd on a journey back in time to July 13, 2010, when the world first got word of Stuxnet and provided an analysis of the threat.  Enrique also talked about how IT is being pulled in conflicting directions as users demand more choice over their devices and applications while management demands more security and control. The mega trends of mobile, virtualization and cloud, along with the continuing information explosion and changing threat landscape, are fundamentally redefining the roles and responsibilities of security professionals. Listen as Enrique talks about how IT can resolve these conflicts and regain control.

P_K_ | 25 Jan 2011 | 0 comments

How is the content downloaded via LU secure?

The Live update TRI files are downloaded in an archive format

These minitri’s and files consists of 3 files

  • liveupdt.sig
  • liveupdt.grd
  • liveupdt.tri

GRD and SIG files are used to verify security and integrity of patches

The Mini-tri Zip is Validated by GRD file and also Authenticated by SIG file

The  Guard file use  SHA-1 hash values

For Live update the protocols that are used is  HTTP/FTP server. These live update is hosted by Akamai.

Published using Java Triage and they are Signed by Symantec Digital Signing Servers.