Video Screencast Help
Search Video Help Close Back
to help

Security Community Blog

Showing posts tagged with 11.x
Showing posts in English
How to determine number of client logs per hour coming in to the Endpoint Protection Manager
OCCK | 09 Mar 2010 | 1 comment

We are trying to feed the client log entries from the Endpoint Protection to a Security and Information event Management (SIEM) system.   In order for us to size the SIEM, it is necessary to determine number of client logs per hour coming in to the SEP manager.   Does everyone know to figure out this number?  Thanks.

Read more
XP Internet Security 2010 rogue
v16 | 06 Mar 2010 | 18 comments

While searching the web for iPhones, a fake security malware infected my laptop. Although I use Firefox and Symantec Endpoint, the trojan slipped through my XP SP3 system. When I ran a full scan, the March 5 r of Symantec did not identify the problem.  After researching the web, I found a blog at "Bleepingcomputer.com," which fully described the problem and the solution. I used MalwareBytes' AntiMalware to remove the infected registries and files. Note that the rogue has other names, such as Vista Internet Security 2010, Win 7 Internet Security 2010, and several others.  This rogue must be disabled before it allows other executable files to run. I used FixExe.reg.

Variants of the files infected are as follows.

%UserProfile%\Local Settings\Application Data\av.exe

%UserProfile%\Local Settings\Application Data\WRblt8464P...

Read more
Client install package shows wrong Server details
Warrior6945 | 23 Feb 2010 | 0 comments

 Client install package shows wrong Server details

You have a Primary SEPM and a secondary SEPM installed.
When you create an install package from the secondary SEPM, the sylink file will show the details of the Primary SEPM
After installing the SEP Client with the created install package, the clients reports to the Primary SEPM
Client shows up in the secondary SEPM however with a red arrow
Solution:
Open the SEP Manager Console
Go to Clients tab and select the group.
Click on the Policies tab of the selected group
Go to Communication Settings
Change the MSL which has the details of the Secondary SEPM
Create the install package again.
Now the sylink file of the package should have the details of the Secondary Server
Read more
SEP 11.0.X Unable to apply the SEP server patch on this computer
sezam | 02 Feb 2010 | 2 comments

If during applying the "31 December" patch you get an error "Unable to apply the SEP server patch on this computer".

To solve this issue You need.

1. Stop Symantec Endpoint Protection Manager servcie.
2. Go to "%PROGRAMFILES%\Symantec\Symantec Endpoint Protection Manager\tomcat\webapps\scm\WEB-INF\lib".
3. Delete scm-server.jar
4. Rename scm-server.jar.disabled into scm-server.jar.
5. Start Symantec Endpoint Protection Manager service.
6. Run SEPServerPatch-v6.01.exe again

Now patch schould apply without problems.

Read more
Defrag your SEPM Server Regularly
snekul | 01 Feb 2010 | 0 comments

Just a quick blog post seems relevent after some problems were encountered with our SEPM server.  After finding preformance lacking a bit on our SEPM server, I fired up the disk defragmenter.  Despite having run it not that long ago, the drive was heavily fragmented.  Our server has 60 GB of space, was about 2/5ths full, and was well over 40% fragmented.  I setup a task to defrag the drive daily during the early morning hours.   Since then, we haven't had a problem with fragmentation on the SEPM server.

Just some background.  Our SEPM server is running Server 2003 x86 and SEPM RU5.  I suspect due to the database backups and the regular definition downloads, that SEPM, by its nature, has a tendency to fragment drives rapidly.

Read more
Asiasofts Sudden Attack Game and LogMeIn - A symbolic trojan story
crazeeeeeem | 26 Jan 2010 | 0 comments

Asissoft's release of Sudden Attack (http://suddenattack.asiasoftsea.net/) is a trojan and is collecting Windows passwords.

It works by preventing a user from logging into his/her PC, then providing an form to fill in a password and user name field, which if filled in correctly, will allow access to the user's machine. What its doing is of course well known subterfuge but the business world seems very unaware of the issues and costs, maybe rightly so.

A probably more overt proponent of this method of controlling and obtaining information from unsuspecting users is a company called LogMeIn (www.logmein.com). The simply ask for your passwords over the internet.

Since everyone is doing it, I guess they may as well.

Read more
Mark.W0rm.exe virus
mon_raralio | 09 Feb 2011 | 4 comments

We're currently seeing a lot of Mark.W0rm.exe files appearing in our network. At the moment, the only available information is that it is a "test" virus that copies itself to common Windows folders.
Removal is quite simple:

End the task Mark.W0rm.exe in task manager if present and delete the file copied into the following directories:

C:\Documents and Settings\[user]\Local Settings\
C:\Documents and Settings\[user]\My Documents\My Music\My Music.exe
C:\Documents and Settings\[user]r\My Documents\My Documents.exe
C:\Documents and Settings\[user]\My Documents\My Pictures\My Pictures.exe
C:\Windows\MarkWorm.exe

Note: It may also copy itself on shared folders so you might want to check for that too.

Read more
When trying to open SEPM on Windows 2008 server, error Could not find the main class com.sygate.scm.tools.DatabaseFrame. Program
sezam | 18 Jan 2010 | 9 comments

When SEPM console is tried to be open an ERROR: "Could not find the main class com.sygate.scm.tools.DatabaseFrame. Program will exit "  occurs.

untitled.JPG

The problem is UAC. To make SEPMconsole working properly You need to dissable UAC.

Read more
Windows Installer tries to install SEP continously
sezam | 14 Jan 2010 | 0 comments
Some time I face with customer which have a problem with continuous SEP installation.

This could be connected with 2 problems:

1. Domain or Local User privileges are to restricted[remember to much restrictions is also not good. You need to know how to balance with restrictions]
2. Installation is corrupted.

This problem is annoying because Windows Installer want to install SEP client continuously which can be very nervous.
 

Solution for this problem is to:




 

1. Find UninstalString value for Symantec Endpoint Protection which is situated in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

2. Paste this string to command line with changed option /I to /X (  ex.  MsiExec.exe /X{68B52EFD-86CC-486E-A8D0-A3A1554CB5BC}   ) 

Read more
How To Install SEP Client on Windows 7
sezam | 14 Jan 2010 | 5 comments

 REMEMBER THAT ONLY SUITABLE VERSION FOR WINDOWS 7 IS SEP 11.0.5 RU5

 
Sometimes SEP client is unable to install itself on Windows7 operating systems.

The problem is connected with 2 issues.
 

1. EXE file extractor[FreeExtractor] is not working correctly.

Sometimes on Windows 7 setup.exe file cannot automatically extract into %TEMP% folder.
To resolve this issue You need to Extract setup.exe file application like Winrar and install SEP using setup.exe or *.msi file in extracted folder.

2. Live Update application cannot be installed.


To resolve this problem You need to perform first step from point 1. but in hear firstly You need to install Live Update using LUSETUP.exe file after install it using setup.exe or *.msi file.
Second solution is to install SEP as unmanaged client.

Read more