Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog
Showing posts tagged with 10.x
Showing posts in English | 01 Jan 2010 | 5 comments

please tell me prefect idea how to rid off this problem | 29 Dec 2009 | 1 comment

I have used Norton products since the DOS days when I became an electronic engineering technician.  I have tried other products
and always ended-up returning to Norton when I got hit by undefined viruses.  The last time I tried other AVs was in 2002 when a
malicious worm hit the internet.  My PC was infected of course.  I wasn't using Norton's product because of personal financial
restraints then.  Eradicating the worm was a  long and difficult process.  I learned a very important lesson, again!  Do not EVER,
for any reason, move away from what you know works.  I worked for a major international office supply corporation in the Technology
Department from 2000 to 2007.  I have shared my experience using Norton products to many customers.  Not one came back to
express any difficulties after purchasing the AV.  However, the ones who do, would leave my department having purchased a Norton...

DominikG | 08 Dec 2009 | 4 comments
I am receiving many support requests related to scan errors of the scan engine, which are caused by a suboptimal usage of the system resources, or because someone simply did not configure the parameters in the right way.
The scan engine is not software that can be set up and is good to go. In each environment, there has to be done some tuning to avoid errors and/or performance issues.
For that reason I talked to Symantec’s tech support to get a little help on how to configure the resource parameters correctly.
So if you are experiencing scan errors in a large amount or get reports of bad performance, please check the following steps:
1. Open the scan engine interface and go to “reports” -> “resources”
2. Note the value of “thread pool size”
3. Note the value of “Load statistics” -> “queued...
Acretian | 28 Oct 2009 | 1 comment
Registry Location


HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV
On the Key you can find two Values  
PatternFileDate  : Current Definition date
PatternFileRevision : Revision
These are Hexadecimal values
PatternFileDate  : 27090e - 2009 Oct 14 
27090e - YYMMDD Format
27 - 2009
27 Hex is 39 Decimal, this value is since 1970. So 1970+39 = 2009

is October (00- Jan, 0B - Dec)

0e Hex
 - 14 in decimal
PatternFileRevision : 16Hex - 22
16 HEX is 22 in Decimal 
Satyam Pujari | 17 Sep 2009 | 7 comments

It has always been observed that autoplay/autorun feature of MS windows OS is one of the most preffered selection of malware propagation.We've witnessed some devastating examples of malware which used this feature effectively to replicate and converting a single machine infection to a malware outbreak with in first few hours.Conficker a.k.a W32.downadup is the most recent example of such malware.But this is not at all a new method of infection,rather this method of infection is there since decades.Some more popular examples are Trojan.Brisv.A!inf,W32.Gammima and many more in the long list.

Many other AV vendors detect autorun.inf but Symantec does not.Many people take it in a wrong way but there's a valid reason behind this decision that why Symantec does not detect autorun.inf.
Aniket Amdekar | 14 Sep 2009 | 0 comments

The Symantec ThreatCon rating is a measurement of the global threat exposure, delivered as part of Symantec DeepSight Threat Management System.

We always see the Threatcon level indicator on the website as well as the Endpoint Protection Manager.

Following is the description for each one of the levels:

Threatcon Level 1

ThreatCon Level 1

Low : Basic network posture
This condition applies when there is no discernible network incident activity and no malicious code activity with a moderate or severe risk rating. Under these conditions, only a routine security posture, designed to defeat normal network threats, is warranted. Automated systems and alerting mechanisms should be used.
Hinata Uzumaki | 09 Sep 2009 | 4 comments

Customers who have Symantec Endpoint Protection 11.0 have the following downgrade options to Symantec Antivirus 10.x:

1. If customer has Symantec Endpoint Protection 11.0 BUSINESS PACK, customer can have a downgrade license file for Symantec Antivirus 10.x.

For renewals, this can be obtained by registering the serial number  (for recent orders, Symantec has now started sending out certificates with the license files attached to it so you can skip the registration part)  in the License Portal.

For new purchases and if no license file was generated after registration, Customer Care can provide downgrade license files.

2. If customer has Symantec Endpoint Protection 11.0 (volume license), customer's downgrade option is to download Symantec Antivirus Corporate Edition 10.x, this version of Symantec Antivirus is the one that doesn't need a license file but it has the same features as the one which has the license file.

If customer doesn't...

Satyam Pujari | 21 Aug 2009 | 5 comments

Symantec’s Web site ratings service Norton Safe Web presents the Dirtiest Web Sites of Summer 2009 – the top 100 infected sites based on number of threats. Norton Safe Web is a new reputation service from Symantec. 

What makes these sites so dirty?
Symantec explained it by pointing out the fact that the average number of threats per malicious site rated by Norton Safe Web is 23. With that said, the average number of threats on the Dirtiest Web Sites list is a staggering 18,000 per site. Forty of the top 100 have more than 20,000 threats per site. Moreover, 75-percent of sites on the list have distributed Malware for more than six months.

“This list underscores what our research shows. There has been exponential growth in the number of online threats that are constantly evolving as cybercriminals look for new ways to target your money, identity, or assets. In 2008, most new infections occurred while people were...

Vikram Kumar-SAV to SEP | 06 Aug 2009 | 5 comments
Sometimes when a file is not detected as threat and you think it is a Malware and still it is not getting detected.
In order to scan it from a different antivirus you actually un-install the current antivirus to install a 3rd party antivirus you update the definitions and then scan a file.
Just to know that even that is not detecting it.
There is a easier way of scanning a file with 39 well known antivirus software with their updated definitions.
Simply submit your file to
VirusTotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, Trojans, and all kinds of Malware detected by antivirus engines. | 30 Jul 2009 | 1 comment

Televisa is the larger Television Broadcaster in Mexico and his digital content production workflow is critical to time to broadcast, even more on the News online one’s… where errors should not happen. Cost of downtime is absurd, if you know what I mean…
We were invited to provide a service in order to assure a security level, where the goal was to secure all systems on postproduction workflow; we realize that a service like that should mean not to only manage an antivirus/antimalware platform with ID and keep it updated, but to think of the customer perspective, considering all now common security risks and the best ways to handle all those under current scenarios.
Confiker worm was fast spreading all around, and a service as needed should consider supporting a thread like that and how to avoid it... What we learn from our experience was: Confiker will attack even in environments where an antivirus was correctly managed (I mean, updated, etc.)...