Video Screencast Help
Security Community Blog
Showing posts tagged with 11.x
Showing posts in English
Aniket Amdekar | 29 Jul 2010 | 2 comments

Symantec has provided a lot of options of analyzing the virus definition distribution in the SEP clients. It has alerts, reports and notifications, sorting the clients according to the definitions date in the clients tab, etc.

One more way to find the clients without latest definitions would be to use the search clients funtion:

Please take a look at the screenshot below:

Please make a note that this screenshot was taken on RU5 version of the SEPM.

Khue | 02 Jul 2010 | 4 comments

So I was talking to GrahamA, the guy responsible for the SEP - Content Distribution Monitor, and I started asking some questions after looking at the tool. By the way, if you are using GUPs (Group Update Providers) in your SEP environment I would highly recommend looking into the tool found here. It fills in some holes that SEPM doesn't cover out of the box. After going through the IIS log files that get created, I realized that there is a goldmine of information available. I talked to GrahamA and expressed some wants out of the little app and even took some time to bang out a little vb script that I thought would be a nice to have. 

One of the questions I had was, how much traffic exactly are my GUPs consuming? This is important for me to know because of my network structure. My GUPs sit at the far side of a slow WAN link. Having the GUPs saves me bandwidth,...

dschrader | 24 Jun 2010 | 0 comments

Cisco recently announced end of-sales and the coming end-of-life the Cisco Security Agent (CSA) with support ending in a few years.  CSA users shouldn’t wait until then to switch to a full featured security solution from a vendor that is committed to security.
 
When Cisco first acquired Okena (the creators of CSA), it represented a bold but flawed vision of the future of endpoint security.  The promise behind CSA was proactive, zero-day protection against malicious code and intrusions through rules-based host intrusion prevention system (HIPS).  The implied promise was that behavioral protection would replace signature scanning and eliminate the need for virus protection.  Later, Cisco relented and started recommending that CSA be used in conjunction with an open source antivirus engine called ClamAV.  However, ClamAV has never offered state-of-the-art detection and even combined, CSA and ClamAV lack key layers of protection needed...

Raunak_Vaghela | 25 May 2010 | 1 comment


Symantec Endpoint Protection 11.0 Top Articles
http://service1.symantec.com/SUPPORT/ent-security....

Top 10 Symantec Best Practices - Deploying Symantec Endpoint Protection Architecture
 http://service1.symantec.com/support/ent-security.nsf/docid/2009012721190648?Open&seg=ent

Best Practices with Symantec Endpoint Protection (SEP) Group Update Providers (GUP)
http://service1.symantec.com/support/ent-security....

Symantec Endpoint Protection: LiveUpdate Troubleshooting Flowchart
...

Michel Ramirez | 25 May 2010 | 0 comments

Hi Everyone,
Attached are the slides from our last meeting. We had a great turn out and we hope to see you all at future meetings.

oxo-oxo | 17 May 2010 | 0 comments

There are methods to import computers into SEPM via table manipulation
- I am going for creating an ADAM instance, sync it with SEPM and Powershell some scripts ...

https://www-secure.symantec.com/connect/articles/adam-and-eve

vemundocrusher | 12 May 2010 | 0 comments

I have been a sysadmin for two years for an auto group.  The decision was made to move to managed clients after noticing that many users were not updating there av.  During the time we did have a few virus's/trojans hit our network, but not many or so it seemed....
  After rolling out the managed client we were noticing regular infections mostly from upper managment who were less filtered than most user. What supprised me was not getting any phone calls or email letting me know they had been infected.  I just have to wonder how many infections had gone unreported, and now wonder how i could function without the ability to manage the av.

oxo-oxo | 08 May 2010 | 0 comments

My Blog on SEP and SEPM
Here, I collect what I am doing

PCI Compliance:
At the present time, I have some work to be done in connection with PCI compliance https://www.pcisecuritystandards.org/ .
One of the areas in PCI compliance is anti-virus: Symantec is "PCI compliant". (Search Symantec)

However ...
There are some problems with Audit.
Well let us define "at risk" devices: windows, and where: the production domain.
So, I import all the AD and have all the computers in the domain defined and synced.
Then I make a report, and here is the problem, I have defined my computers and some have contacted the SEPM but others have not.
As yet, I have not been able to find a...

dfnkt_ | 27 Apr 2010 | 0 comments

The following code will create a stored procedure on your SQL server for the SEPM database. This stored procedure excepts a single value in the form of a computer name. The ComputerName parameter is currently set to varchar(25) even though, as you probably already know, windows limits computer names to 15 characters.

Make sure you are set to use the SEPM DB and execute the following code:

CREATE PROCEDURE GetScanTime

--//* Create a parameter for user to enter computer name *\\
@ComputerName varchar(25)
AS
--//* Do not return row count * \\
SET NOCOUNT ON;
BEGIN
SELECT
--//* t1=dbo.scans, t2=dbo.sem_computer *\\
    t1.startdatetime AS 'Date',
    t2.computer_name AS 'Computer Name',
    t1.duration AS 'Scan Duration (in seconds)'...
MattBarber | 09 Apr 2010 | 0 comments

We have an inventory report (via Altiris) that runs every night to show the equipment that gets moved to a location where they are no longer managed on the network, ie; surplus, offsite, etc.  Since these systems no longer needed to be managed, we can remove them from our SEP console.  There is a report for this on the reports tab.  This schedule report shows all systems that haven't checked into the server for 2 or more weeks.  This has been very helpful for us.  This report can also be run for a specific time period on the Quick Reports tab as well.