Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog
Showing posts tagged with 11.x
Showing posts in English
Hear4U | 08 Sep 2010

Here's your chance to be "King for a Week" with our new Security Solutions Contest! 

What Is the Security Solutions Contest?
It's all about solving end user questions in the forums area.  We created this contest to help increase the total number of solutions on the Security Community.  We are going to select threads we'd like you to solve, and give you an opportunity to win a weekly prize. Yes, I said "weekly!"  Keep reading to find out more about the prize!

How Do I Participate?
First, if you want to play, pull out your dust-ridden, coffee stained endpoint protection & related security product manuals, re-read all the latest and greatest knowledge base articles, and put your thinking-caps on! 

Why?  Because to be the "King for a Week" in this contest, you need to be able to solve popular forum threads that will be hand...

Jimania | 01 Sep 2010 | 1 comment

We could use some advice.  We are an internet marketing company and we get our share of IT questions.  We're not IT people so . . . what would be the best product recommendation for protection against malicious files (trojans, virus, malware, etc.)?  We've probably had better luck with Norton Anti-Virus but would like to know the opinions of others.  Thanks!

P_K_ | 16 Aug 2010 | 5 comments

Release Update 6 Maintenance Patch 1 (RU6 MP1)

What's new in this version
Symantec Endpoint Protection RU6 MP1 (11.0.6100) provides fixes since the release of RU6 and RU6a. This maintenance patch cannot be installed over any versions of Symantec Endpoint Protection or Symantec Endpoint Protection Manager prior to RU6. It must be installed over RU6 or RU6a.

Note
If you are using Symantec Endpoint Protection Manager 11.0 RU6 and plan to leverage the Auto-Upgrade feature in the console to upgrade to a new client build , read the following Knowledge Base article on importing client packages: http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010081217202548

Behavior and user interface changes


    Quarantine shows date added to quarantine rather than date of the file
    Fix ID: 1810671
    Symptom:...
Aniket Amdekar | 11 Aug 2010 | 0 comments

MS10-049 – Vulnerabilities in SChannel Could Allow Remote Code Execution (980436)

  • Analysis
    This patch addresses 1 remote code execution vulnerability and 1 spoofing vulnerability within the SChannel security package in Windows. Attackers will attempt to lure victims to view an attacker-controlled site, which will execute remote arbitrary code on the victim’s machine.
  • Recommendations
    Administrators are urged to patch all affected systems as soon as possible. There is currently no workaround for the remote code execution vulnerability described in this bulletin. Until patches are complete, a workaround for the spoofing vulnerability can be made. Require mutual authentication on IIS servers.

MS10-051 – Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2079403)...

Aniket Amdekar | 29 Jul 2010 | 2 comments

Symantec has provided a lot of options of analyzing the virus definition distribution in the SEP clients. It has alerts, reports and notifications, sorting the clients according to the definitions date in the clients tab, etc.

One more way to find the clients without latest definitions would be to use the search clients funtion:

Please take a look at the screenshot below:

Please make a note that this screenshot was taken on RU5 version of the SEPM.

Khue | 02 Jul 2010 | 4 comments

So I was talking to GrahamA, the guy responsible for the SEP - Content Distribution Monitor, and I started asking some questions after looking at the tool. By the way, if you are using GUPs (Group Update Providers) in your SEP environment I would highly recommend looking into the tool found here. It fills in some holes that SEPM doesn't cover out of the box. After going through the IIS log files that get created, I realized that there is a goldmine of information available. I talked to GrahamA and expressed some wants out of the little app and even took some time to bang out a little vb script that I thought would be a nice to have. 

One of the questions I had was, how much traffic exactly are my GUPs consuming? This is important for me to know because of my network structure. My GUPs sit at the far side of a slow WAN link. Having the GUPs saves me bandwidth,...

dschrader | 24 Jun 2010 | 0 comments

Cisco recently announced end of-sales and the coming end-of-life the Cisco Security Agent (CSA) with support ending in a few years.  CSA users shouldn’t wait until then to switch to a full featured security solution from a vendor that is committed to security.
 
When Cisco first acquired Okena (the creators of CSA), it represented a bold but flawed vision of the future of endpoint security.  The promise behind CSA was proactive, zero-day protection against malicious code and intrusions through rules-based host intrusion prevention system (HIPS).  The implied promise was that behavioral protection would replace signature scanning and eliminate the need for virus protection.  Later, Cisco relented and started recommending that CSA be used in conjunction with an open source antivirus engine called ClamAV.  However, ClamAV has never offered state-of-the-art detection and even combined, CSA and ClamAV lack key layers of protection needed...

Raunak_Vaghela | 25 May 2010 | 1 comment


Symantec Endpoint Protection 11.0 Top Articles
http://service1.symantec.com/SUPPORT/ent-security....

Top 10 Symantec Best Practices - Deploying Symantec Endpoint Protection Architecture
 http://service1.symantec.com/support/ent-security.nsf/docid/2009012721190648?Open&seg=ent

Best Practices with Symantec Endpoint Protection (SEP) Group Update Providers (GUP)
http://service1.symantec.com/support/ent-security....

Symantec Endpoint Protection: LiveUpdate Troubleshooting Flowchart
...

Michel Ramirez | 25 May 2010 | 0 comments

Hi Everyone,
Attached are the slides from our last meeting. We had a great turn out and we hope to see you all at future meetings.

oxo-oxo | 17 May 2010 | 0 comments

There are methods to import computers into SEPM via table manipulation
- I am going for creating an ADAM instance, sync it with SEPM and Powershell some scripts ...

https://www-secure.symantec.com/connect/articles/adam-and-eve