Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog
Showing posts tagged with 9.x and Earlier
Showing posts in English
P_K_ | 25 Jan 2011 | 0 comments

How is the content downloaded via LU secure?

The Live update TRI files are downloaded in an archive format

These minitri’s and livetri.zip files consists of 3 files

  • liveupdt.sig
  • liveupdt.grd
  • liveupdt.tri

GRD and SIG files are used to verify security and integrity of patches

The Mini-tri Zip is Validated by GRD file and also Authenticated by SIG file

The  Guard file use  SHA-1 hash values

For Live update the protocols that are used is  HTTP/FTP server. These live update is hosted by Akamai.

Published using Java Triage and they are Signed by Symantec Digital Signing Servers.

UCD4me | 05 Jan 2011 | 0 comments

The User Centered Design (UCD) team here at Symantec exists to help make customer experiences easier, more efficient and more useful for you.  Right now, we're ramping up several research projects where we are looking for those in security and compliance with a manger, director or CISO role to give us feedback in the form of short user stories.  This should require only a 30-45 minute commitment on the phone to share experiences and points of pain, and this effort is "product agnostic" so as long as you are involved with security, regardless of products used, we'd like to hear from you!

If you are interested, please email Kellie Mecham at kellie_mecham@symantec.com to arrange a date and time for the phone interview. 

We look forward to hearing from you!

Best wishes,

Kellie

mon_raralio | 23 Sep 2010 | 1 comment

What is a sector?

Before we begin, we must first determine what is a sector. A sector is a subdivision of a drive. The term is derived from the mathematical term for a portion of a circle (an arc) that is enclosed by 2 radii or lines from the center to the edge of a circle. So in computer storage terms, a sector is an an arc where data is written. Note: Drawing is not by best work.
 
So, what and where is a boot sector?
 
In order for a PC to be useable, it need to powerup and boot.And the PC has 2 stages of booting up.The first stage boot loader is the BIOS. This is so that all the primary hardwares would come online and be able to communicate with one another. This also contains instructions on which hardware - usually a storage device - to access to get to the second stage of...
Hear4U | 08 Sep 2010

Here's your chance to be "King for a Week" with our new Security Solutions Contest! 

What Is the Security Solutions Contest?
It's all about solving end user questions in the forums area.  We created this contest to help increase the total number of solutions on the Security Community.  We are going to select threads we'd like you to solve, and give you an opportunity to win a weekly prize. Yes, I said "weekly!"  Keep reading to find out more about the prize!

How Do I Participate?
First, if you want to play, pull out your dust-ridden, coffee stained endpoint protection & related security product manuals, re-read all the latest and greatest knowledge base articles, and put your thinking-caps on! 

Why?  Because to be the "King for a Week" in this contest, you need to be able to solve popular forum threads that will be hand...

khaley | 25 Mar 2010 | 2 comments

I recently ran a survey on password management.  You can see my original blog and even take the survey yourself here.   At best, I thought 20 or so of you would take the time to fill out the survey…and that would include most of my close relatives.  However, instead we got more than 400 responses in a few short days (not even including my relatives).  So, thank you to all who took the time to complete the survey.  I’ve posted the results below. 
 
I want to comment on some of the results.  It may be a stretch to draw too many definitive conclusions from the data, but it will be fun nonetheless.  If anyone wants to comment, correct or vehemently disagree with any of my conclusions please feel free to do so.

Let’s get started!

1. On how many different...
crazeeeeeem | 26 Jan 2010 | 0 comments

Asissoft's release of Sudden Attack (http://suddenattack.asiasoftsea.net/) is a trojan and is collecting Windows passwords.

It works by preventing a user from logging into his/her PC, then providing an form to fill in a password and user name field, which if filled in correctly, will allow access to the user's machine. What its doing is of course well known subterfuge but the business world seems very unaware of the issues and costs, maybe rightly so.

A probably more overt proponent of this method of controlling and obtaining information from unsuspecting users is a company called LogMeIn (www.logmein.com). The simply ask for your passwords over the internet.

Since everyone is doing it, I guess they may as well.

jumbosafari | 22 Jan 2010 | 2 comments

A question.
does norton antivirus 2008 stop autoruns viruses on external media before they actually run?
i get the notification from norton in the taskbar but my fear is the virus has already executed then norton notifies me.
i can be wrong, maybe norton stops the autorun virus from executing and then notifies me.
any help would be great. thanks.

mon_raralio | 21 Jan 2010 | 4 comments

We're currently seeing a lot of Mark.W0rm.exe files appearing in our network. At the moment, the only available information is that it is a "test" virus that copies itself to common Windows folders.
Removal is quite simple:

End the task Mark.W0rm.exe in task manager if present and delete the file copied into the following directories:

C:\Documents and Settings\[user]\Local Settings\
C:\Documents and Settings\[user]\My Documents\My Music\My Music.exe
C:\Documents and Settings\[user]r\My Documents\My Documents.exe
C:\Documents and Settings\[user]\My Documents\My Pictures\My Pictures.exe
C:\Windows\MarkWorm.exe

Note: It may also copy itself on shared folders so you might want to check for that too.

Acretian | 28 Oct 2009 | 1 comment
Registry Location

For SEP

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV
 
For SAV
HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion
On the Key you can find two Values  
PatternFileDate  : Current Definition date
PatternFileRevision : Revision
These are Hexadecimal values
Example:
PatternFileDate  : 27090e - 2009 Oct 14 
27090e - YYMMDD Format
27 - 2009
27 Hex is 39 Decimal, this value is since 1970. So 1970+39 = 2009

09
is October (00- Jan, 0B - Dec)

0e Hex
 - 14 in decimal
PatternFileRevision : 16Hex - 22
16 HEX is 22 in Decimal 
Hope...
Aniket Amdekar | 14 Sep 2009 | 0 comments

The Symantec ThreatCon rating is a measurement of the global threat exposure, delivered as part of Symantec DeepSight Threat Management System.

We always see the Threatcon level indicator on the Symantec.com website as well as the Endpoint Protection Manager.

Following is the description for each one of the levels:

Threatcon Level 1

ThreatCon Level 1

Low : Basic network posture
This condition applies when there is no discernible network incident activity and no malicious code activity with a moderate or severe risk rating. Under these conditions, only a routine security posture, designed to defeat normal network threats, is warranted. Automated systems and alerting mechanisms should be used.
...