Video Screencast Help

Security Community Blog

Showing posts tagged with 11.x
Showing posts in English
mon_raralio | 23 Sep 2010 | 1 comment

What is a sector?

Before we begin, we must first determine what is a sector. A sector is a subdivision of a drive. The term is derived from the mathematical term for a portion of a circle (an arc) that is enclosed by 2 radii or lines from the center to the edge of a circle. So in computer storage terms, a sector is an an arc where data is written. Note: Drawing is not by best work.
So, what and where is a boot sector?
In order for a PC to be useable, it need to powerup and boot.And the PC has 2 stages of booting up.The first stage boot loader is the BIOS. This is so that all the primary hardwares would come online and be able to communicate with one another. This also contains instructions on which hardware - usually a storage device - to access to get to the second stage of...
mrbuguz® | 20 Sep 2010 | 3 comments

 snmpapi.dll is a DLL relating to the Simple Network Management Protocol (SNMP), which is used to monitor important network equipment on your Local Area Network (LAN). snmpapi.dll should not be disabled/deleted, required for essential applications to work properly like symantec endpoint protection. At times, this file may get corrupted or tampered with by malwares or software installs.

This can resolved your problem error 1053:The service did not respond to the start or control request in timely fashion:

Go to any working SEP client and copy the dll file from C:\Windows\sytem32\snmpapi.dll


Go to client having a problem in SEP (can't start smc service) and paste the snmpapi.dll to C:\Windows\sytem32\snmpapi....

Netrunner | 17 Sep 2010 | 4 comments

Malware Analysis Step by Step Decision Tree

In my travels, it has come to my attention that some folks have not taken or had the time to document a checklist or bullet list of actions to perform during an infection or an outbreak. In response I’ve created a decision tree to help as a guide for following a step by step process for malware analysis. The site is .

The site basically contains a mindmap created using freeplane that steps the users through the process of analyzing a machine for malware. It provides links to both Symantec , 3rd party, fee and open source tools. The majority of the information has been mostly compiled from NIST SP800-83 , and public symantec KB articles.  I hope this is something that community members find useful and can provide feedback to improve.

Please provide any feedback and I'll be happy to update the decision tree.


Below is a sample of the...

Hear4U | 08 Sep 2010

Here's your chance to be "King for a Week" with our new Security Solutions Contest! 

What Is the Security Solutions Contest?
It's all about solving end user questions in the forums area.  We created this contest to help increase the total number of solutions on the Security Community.  We are going to select threads we'd like you to solve, and give you an opportunity to win a weekly prize. Yes, I said "weekly!"  Keep reading to find out more about the prize!

How Do I Participate?
First, if you want to play, pull out your dust-ridden, coffee stained endpoint protection & related security product manuals, re-read all the latest and greatest knowledge base articles, and put your thinking-caps on! 

Why?  Because to be the "King for a Week" in this contest, you need to be able to solve popular forum threads that will be hand...

Jimania | 01 Sep 2010 | 1 comment

We could use some advice.  We are an internet marketing company and we get our share of IT questions.  We're not IT people so . . . what would be the best product recommendation for protection against malicious files (trojans, virus, malware, etc.)?  We've probably had better luck with Norton Anti-Virus but would like to know the opinions of others.  Thanks!

P_K_ | 16 Aug 2010 | 5 comments

Release Update 6 Maintenance Patch 1 (RU6 MP1)

What's new in this version
Symantec Endpoint Protection RU6 MP1 (11.0.6100) provides fixes since the release of RU6 and RU6a. This maintenance patch cannot be installed over any versions of Symantec Endpoint Protection or Symantec Endpoint Protection Manager prior to RU6. It must be installed over RU6 or RU6a.

If you are using Symantec Endpoint Protection Manager 11.0 RU6 and plan to leverage the Auto-Upgrade feature in the console to upgrade to a new client build , read the following Knowledge Base article on importing client packages:

Behavior and user interface changes

    Quarantine shows date added to quarantine rather than date of the file
    Fix ID: 1810671
Aniket Amdekar | 11 Aug 2010 | 0 comments

MS10-049 – Vulnerabilities in SChannel Could Allow Remote Code Execution (980436)

  • Analysis
    This patch addresses 1 remote code execution vulnerability and 1 spoofing vulnerability within the SChannel security package in Windows. Attackers will attempt to lure victims to view an attacker-controlled site, which will execute remote arbitrary code on the victim’s machine.
  • Recommendations
    Administrators are urged to patch all affected systems as soon as possible. There is currently no workaround for the remote code execution vulnerability described in this bulletin. Until patches are complete, a workaround for the spoofing vulnerability can be made. Require mutual authentication on IIS servers.

MS10-051 – Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2079403)...

Aniket Amdekar | 29 Jul 2010 | 2 comments

Symantec has provided a lot of options of analyzing the virus definition distribution in the SEP clients. It has alerts, reports and notifications, sorting the clients according to the definitions date in the clients tab, etc.

One more way to find the clients without latest definitions would be to use the search clients funtion:

Please take a look at the screenshot below:

Please make a note that this screenshot was taken on RU5 version of the SEPM.

Khue | 02 Jul 2010 | 4 comments

So I was talking to GrahamA, the guy responsible for the SEP - Content Distribution Monitor, and I started asking some questions after looking at the tool. By the way, if you are using GUPs (Group Update Providers) in your SEP environment I would highly recommend looking into the tool found here. It fills in some holes that SEPM doesn't cover out of the box. After going through the IIS log files that get created, I realized that there is a goldmine of information available. I talked to GrahamA and expressed some wants out of the little app and even took some time to bang out a little vb script that I thought would be a nice to have. 

One of the questions I had was, how much traffic exactly are my GUPs consuming? This is important for me to know because of my network structure. My GUPs sit at the far side of a slow WAN link. Having the GUPs saves me bandwidth,...

dschrader | 24 Jun 2010 | 0 comments

Cisco recently announced end of-sales and the coming end-of-life the Cisco Security Agent (CSA) with support ending in a few years.  CSA users shouldn’t wait until then to switch to a full featured security solution from a vendor that is committed to security.
When Cisco first acquired Okena (the creators of CSA), it represented a bold but flawed vision of the future of endpoint security.  The promise behind CSA was proactive, zero-day protection against malicious code and intrusions through rules-based host intrusion prevention system (HIPS).  The implied promise was that behavioral protection would replace signature scanning and eliminate the need for virus protection.  Later, Cisco relented and started recommending that CSA be used in conjunction with an open source antivirus engine called ClamAV.  However, ClamAV has never offered state-of-the-art detection and even combined, CSA and ClamAV lack key layers of protection needed...