Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog
Showing posts tagged with 10.x
Showing posts in English
IanZ | 20 Jul 2009 | 1 comment

Last year, we started looking at SEP11. As we're still running on SAV8 for majority of the servers and clients, with a few SAV9 and SAV10, I believe it's about time to start upgrading to the latest version. I checked the features, documentations, forums, blogs, articles and everything about SEP and I'm getting a negative feedback, a lot of people are complaining. Some even call it a nightmare! Very discouraging. I kept on thinking, as the Server Technology Analyst and only 1 year with the company, I don't want to risk my new job as well as mess around with the servers. Is SEP11 ready for primetime, or is it a disaster? SEP11 is September 11, hmmm, a 9/11 disaster! So we didn't rushed to deploy this. Instead, I started working on test servers and clients. At the same time, as I'm the only one who's going to deploy and implement this, I need to have a plan, a very safe one.

I created a project plan, first looking at the existing SSC setup and...

Subhi Pattiam | 09 Jul 2009 | 1 comment


 i am using symantec,recently i got an error saying that " scan engine retuned an error 0*20000058".I have followed the basic steps.Upgraded the version & also tried to complete reinstallation & installation.Still facing the same issue.

mon_raralio | 25 Jun 2009 | 4 comments

Misleading applications are applications that pretend to do one thing while doing another. A good example are rogue security softwares that decieves or misleads the user into thinking that there are security issues with the computer he or she is currently using and requires the installation of software to remove the “threat”.

They usually use the web browser pop-up and make the user think that this is their Explorer and then shows that it is being scanned. Previous versions just show a small pop-up (similar to when you do something with files, except this one pretends to scan)

I've come upon this at home while surfing the internet. The current websites open are Facebook, Youtube, and Google (3 of the most visited sites in the world). Everybody I know visit this page every now and then and I'm pretty sure there are no malwares in their sites. So there I was, looking into my profile and noticed that one of my friends became a fan of someone. So I moved over...

Bored Silly | 28 May 2009 | 7 comments

A Zero-Day virus is defined as, "a previously-unknown computer virus or other malware for which specific antivirus software signatures are not yet available."    Everybody has their different tricks and techniques when it comes to dealing with Zero-Day remediation.  This is what I do when someone calls me suspecting they are infected on my network.

1. You’ll need a copy of the PSLIST tool from the Sysinternals or PSTools Suite. From a command prompt launch: PSLIST -s \\computer-name or PSLIST \\computer-name

  • Note: Drop the -s to see a static view of the processes but keep in mind that some malware only stays visible for seconds or will constantly change it's port numbers.
  • Note #2: You hit ESC to exit the -s mode

2. Examine the list of running processes to see...

Rishi Bhaskar | 26 May 2009 | 3 comments

The following activities were performed:-
1.I observed that backdoor.trojan was infecting the files win.exe and dod.exe and Symantec was protecting them in this time of protection Symantec gave a popup of autoprotect . Also observed that this virus was causing the volume drives not to be opened by double clicking instead by rightclick >explore.
2.Now I tried to folder options and tried to unhide but folder options was not working so now by command prompt run >c:autorun.inf to check for exe file so it came as e:winfile.jpg
3.Now in run >cmd>I typed attrib -r –s –h autorun.inf to unhide it and attrib -r –s –h winfile.jpg .The file would appear and disappear so to solve this follow steps below.
a)DOWNLOAD LATEST RAPID RELEASE and deploy it on the client pc or if rapid release does not deploy download .xdb file and rename it from .zip to .xdb and paste it at c:documnetsandsettings/all users/ .Then turn off system restore and...

Nirav Mistry | 14 May 2009 | 2 comments

When ever there is problem with the liveudpate not downloading the defnintions and you come across the error codes (e.g LU1835) which might not mean any thing to you, well below is the information which will help you to determine what exactly those numbers means.

1800 The operation was successful or the patch installed successful
1801 The user pressed the Cancel button or some other process (callback) told LiveUpdate to Cancel.
1802 COM Initialization failed (CoInitialize() function comes back as failed.) - We display a Windows Message Box at the start of LiveUpdate processing, before we create LuComServer.exe and before we create the normal UI.
1803 Our generic error code that we use when we don't know what happened or we don't try to get any extended error information.
1804 We didn't have enough system memory available to declare some object.
1805 There are no registered products in the Product Catalog.
1806 All downloaded patches...

mon_raralio | 06 May 2009 | 13 comments

Monitoring for virus coming from the Internet would really help in preventing infections, at least on the entry-point where a client accesses a malicious website.
My first step would be to get the reports from the SAV or SEP reporter. The file would contain information on the infection particularly the path where the infection was detected.
Internet files would be stored in C:\Documents and Settings\username\Local Settings\Temporary Internet Files

Take note of the computer name, the username, and the time of infection.

I'm using Internet Explorer History Viewer and checking the remote PCs visited sites (assuming that the user hasn't yet deleted the history) and cross checking the sites visited at the time of infection.
The application shows the history in html table format so it's easy to see the sites visited.

I also use Norton Safe Web to get additional details on the website that was visited....

CharliePeek | 01 May 2009 | 2 comments

I have a 2003 domain controller and installed Symantec 10.1 antivirus. At this point everything seems to be fine. As soon as I do a live update on antivirus I can no longer access active directory because it cannot find the domain controller. I have an image of the box so I can get back to this point in a matter of minutes. Once I can no longer get into active directory I acn no longer get into the configuration of Symantec. I have even excluded all files on the hard drive from being scanned ie. active directory. This is driving me crazy. Any one have any ideas.

skjordansk | 30 Apr 2009 | 8 comments

I would believe that the first step to resolving a LiveUpdate issue is to upgrade it to the latest version using this link:

I would like to know people's thoughts on this. The idea is to not spend 15 minutes troubleshooting the issue, since the update may resolve it to being with. Besides, having the latest version of LiveUpdate will prevent any future errors from occuring.

PRUDENCE | 30 Apr 2009 | 10 comments

we have antivrus on our network and we are still experiencing infestation in our network can anyone help with any information on how to stop them from coming into the network.