Video Screencast Help
Search Video Help Close Back
to help

Security Community Blog

Showing posts tagged with 10.x
Showing posts in English
KB 971029 - A good step towards malware propagation prevention.
Satyam Pujari | 17 Sep 2009 | 7 comments

It has always been observed that autoplay/autorun feature of MS windows OS is one of the most preffered selection of malware propagation.We've witnessed some devastating examples of malware which used this feature effectively to replicate and converting a single machine infection to a malware outbreak with in first few hours.Conficker a.k.a W32.downadup is the most recent example of such malware.But this is not at all a new method of infection,rather this method of infection is there since decades.Some more popular examples are Trojan.Brisv.A!inf,W32.Gammima and many more in the long list.

Many other AV vendors detect autorun.inf but Symantec does not.Many people take it in a wrong way but there's a valid reason behind this decision that why Symantec does not detect autorun.inf.
 
Read more
Meaning of the ThreatCon levels
Aniket Amdekar | 14 Sep 2009 | 0 comments

The Symantec ThreatCon rating is a measurement of the global threat exposure, delivered as part of Symantec DeepSight Threat Management System.

We always see the Threatcon level indicator on the Symantec.com website as well as the Endpoint Protection Manager.

Following is the description for each one of the levels:

Threatcon Level 1

ThreatCon Level 1

Low : Basic network posture
This condition applies when there is no discernible network incident activity and no malicious code activity with a moderate or severe risk rating. Under these conditions, only a routine security posture, designed to defeat normal network threats, is warranted. Automated systems and alerting mechanisms...
Read more
Downgrade License File for SAV 10.x
Hinata Uzumaki | 10 Sep 2009 | 4 comments

Customers who have Symantec Endpoint Protection 11.0 have the following downgrade options to Symantec Antivirus 10.x:

1. If customer has Symantec Endpoint Protection 11.0 BUSINESS PACK, customer can have a downgrade license file for Symantec Antivirus 10.x.

For renewals, this can be obtained by registering the serial number  (for recent orders, Symantec has now started sending out certificates with the license files attached to it so you can skip the registration part)  in the License Portal.

For new purchases and if no license file was generated after registration, Customer Care can provide downgrade license files.

2. If customer has Symantec Endpoint Protection 11.0 (volume license), customer's downgrade option is to download Symantec Antivirus Corporate Edition 10.x, this version of Symantec Antivirus is the one that doesn't need a license file but it has the same features as the one which has the license file.

If customer doesn't...

Read more
Dirtiest Web Sites of Summer 2009
Satyam Pujari | 21 Aug 2009 | 5 comments

Symantec’s Web site ratings service Norton Safe Web presents the Dirtiest Web Sites of Summer 2009 – the top 100 infected sites based on number of threats. Norton Safe Web is a new reputation service from Symantec. 

What makes these sites so dirty?
Symantec explained it by pointing out the fact that the average number of threats per malicious site rated by Norton Safe Web is 23. With that said, the average number of threats on the Dirtiest Web Sites list is a staggering 18,000 per site. Forty of the top 100 have more than 20,000 threats per site. Moreover, 75-percent of sites on the list have distributed Malware for more than six months.

“This list underscores what our research shows. There has been exponential growth in the number of online threats that are constantly evolving as cybercriminals look for new ways to target your money, identity, or assets. In 2008, most new infections occurred while people were...

Read more
Looks suspicious check in Virustotal.com
Vikram Kumar-SAV to SEP | 14 Jul 2010 | 5 comments
Sometimes when a file is not detected as threat and you think it is a Malware and still it is not getting detected.
In order to scan it from a different antivirus you actually un-install the current antivirus to install a 3rd party antivirus you update the definitions and then scan a file.
Just to know that even that is not detecting it.
There is a easier way of scanning a file with 39 well known antivirus software with their updated definitions.
Simply submit your file to
VirusTotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, Trojans, and all kinds of Malware detected by antivirus engines.
Read more
Connect and Protect:Securing critical digital environments through implementation of Symantec EndPoint Protection and Services.
vfernandez@juvaca.com.mx | 09 Feb 2011 | 1 comment

Televisa is the larger Television Broadcaster in Mexico and his digital content production workflow is critical to time to broadcast, even more on the News online one’s… where errors should not happen. Cost of downtime is absurd, if you know what I mean…
We were invited to provide a service in order to assure a security level, where the goal was to secure all systems on postproduction workflow; we realize that a service like that should mean not to only manage an antivirus/antimalware platform with ID and keep it updated, but to think of the customer perspective, considering all now common security risks and the best ways to handle all those under current scenarios.
Confiker worm was fast spreading all around, and a service as needed should consider supporting a thread like that and how to avoid it... What we learn from our experience was: Confiker will attack even in environments where an antivirus was correctly managed (I mean, updated, etc.)...

Read more
Connect And Protect - The North West Company
IanZ | 28 Sep 2012 | 1 comment

Last year, we started looking at SEP11. As we're still running on SAV8 for majority of the servers and clients, with a few SAV9 and SAV10, I believe it's about time to start upgrading to the latest version. I checked the features, documentations, forums, blogs, articles and everything about SEP and I'm getting a negative feedback, a lot of people are complaining. Some even call it a nightmare! Very discouraging. I kept on thinking, as the Server Technology Analyst and only 1 year with the company, I don't want to risk my new job as well as mess around with the servers. Is SEP11 ready for primetime, or is it a disaster? SEP11 is September 11, hmmm, a 9/11 disaster! So we didn't rush to deploy this. Instead, I started working on test servers and clients. At the same time, as I'm the only one who's going to deploy and implement this, I need to have a plan, a very safe one.

I created a project plan, first looking at the existing SSC setup and client...

Read more
Scan engine problem
Subhi Pattiam | 09 Jul 2009 | 1 comment

 Hi,

 i am using symantec 10.1.6.6000,recently i got an error saying that " scan engine retuned an error 0*20000058".I have followed the basic steps.Upgraded the version & also tried to complete reinstallation & installation.Still facing the same issue.

Read more
Misleading applications: How they fool the endusers.
mon_raralio | 29 Jun 2009 | 4 comments

Misleading applications are applications that pretend to do one thing while doing another. A good example are rogue security softwares that decieves or misleads the user into thinking that there are security issues with the computer he or she is currently using and requires the installation of software to remove the “threat”.

They usually use the web browser pop-up and make the user think that this is their Explorer and then shows that it is being scanned. Previous versions just show a small pop-up (similar to when you do something with files, except this one pretends to scan)

I've come upon this at home while surfing the internet. The current websites open are Facebook, Youtube, and Google (3 of the most visited sites in the world). Everybody I know visit this page every now and then and I'm pretty sure there are no malwares in their sites. So there I was, looking into my profile and noticed that one of my friends became a fan of someone. So I moved over...

Read more
How to do Zero-Day malware remediation remotely
Bored Silly | 28 May 2009 | 7 comments

A Zero-Day virus is defined as, "a previously-unknown computer virus or other malware for which specific antivirus software signatures are not yet available."    Everybody has their different tricks and techniques when it comes to dealing with Zero-Day remediation.  This is what I do when someone calls me suspecting they are infected on my network.

1. You’ll need a copy of the PSLIST tool from the Sysinternals or PSTools Suite. From a command prompt launch: PSLIST -s \\computer-name or PSLIST \\computer-name

  • Note: Drop the -s to see a static view of the processes but keep in mind that some malware only stays visible for seconds or will constantly change it's port numbers.
  • Note #2: You hit ESC to exit the -s mode

2. Examine the list of running processes to see if any unusual...

Read more