Security Community Blog

Security Solutions Contest - Be King For a Week!

Hear4U | 31 Mar 2011 | 0 comments

Here's your chance to be "King for a Week" with our new Security Solutions Contest!

What Is the Security Solutions Contest?
It's all about solving end user questions in the forums area. We created this contest to help increase the total number of solutions on the Security Community. We are going to select threads we'd like you to solve, and give you an opportunity to win a weekly prize. Yes, I said "weekly!" Keep reading to find out more about the prize!

How Do I Participate?
First, if you want to play, pull out your dust-ridden, coffee stained endpoint protection & related security product manuals, re-read all the latest and greatest knowledge base articles, and put your thinking-caps on!

Why? Because to be the "King for a Week" in this contest, you need to be able to solve popular forum threads that will be hand...

Living with Passwords

khaley | 25 Mar 2010 | 2 comments

I recently ran a survey on password management. You can see my original blog and even take the survey yourself here. At best, I thought 20 or so of you would take the time to fill out the survey…and that would include most of my close relatives. However, instead we got more than 400 responses in a few short days (not even including my relatives). So, thank you to all who took the time to complete the survey. I’ve posted the results below.

I want to comment on some of the results. It may be a stretch to draw too many definitive conclusions from the data, but it will be fun nonetheless. If anyone wants to comment, correct or vehemently disagree with any of my conclusions please feel free to do so.

Let’s get started!

...

Asiasofts Sudden Attack Game and LogMeIn - A symbolic trojan story

crazeeeeeem | 26 Jan 2010 | 0 comments

Asissoft's release of Sudden Attack (http://suddenattack.asiasoftsea.net/) is a trojan and is collecting Windows passwords.

It works by preventing a user from logging into his/her PC, then providing an form to fill in a password and user name field, which if filled in correctly, will allow access to the user's machine. What its doing is of course well known subterfuge but the business world seems very unaware of the issues and costs, maybe rightly so.

A probably more overt proponent of this method of controlling and obtaining information from unsuspecting users is a company called LogMeIn (www.logmein.com). The simply ask for your passwords over the internet.

Since everyone is doing it, I guess they may as well.

does norton anti 2008 stop autorun?

jumbosafari | 22 Jan 2010 | 2 comments

A question.
does norton antivirus 2008 stop autoruns viruses on external media before they actually run?
i get the notification from norton in the taskbar but my fear is the virus has already executed then norton notifies me.
i can be wrong, maybe norton stops the autorun virus from executing and then notifies me.
any help would be great. thanks.

Mark.W0rm.exe virus

mon_raralio | 09 Feb 2011 | 4 comments

We're currently seeing a lot of Mark.W0rm.exe files appearing in our network. At the moment, the only available information is that it is a "test" virus that copies itself to common Windows folders.
Removal is quite simple:

End the task Mark.W0rm.exe in task manager if present and delete the file copied into the following directories:

C:\Documents and Settings\[user]\Local Settings\
C:\Documents and Settings\[user]\My Documents\My Music\My Music.exe
C:\Documents and Settings\[user]r\My Documents\My Documents.exe
C:\Documents and Settings\[user]\My Documents\My Pictures\My Pictures.exe
C:\Windows\MarkWorm.exe

Note: It may also copy itself on shared folders so you might want to check for that too.

Know Current Definition date from Registry

Acretian | 28 Oct 2009 | 1 comment

Registry Location

For SEP
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV

For SAV
HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion

On the Key you can find two Values
PatternFileDate : Current Definition date
PatternFileRevision : Revision

These are Hexadecimal values

Example:
PatternFileDate : 27090e - 2009 Oct 14
27090e - YYMMDD Format
27 - 2009
27 Hex is 39 Decimal, this value is since 1970. So 1970+39 = 2009

09 is October (00- Jan, 0B - Dec)

0e Hex - 14 in decimal

PatternFileRevision : 16Hex - 22

16 HEX is 22 in Decimal

Hope...

Meaning of the ThreatCon levels

Aniket Amdekar | 14 Sep 2009 | 0 comments

The Symantec ThreatCon rating is a measurement of the global threat exposure, delivered as part of Symantec DeepSight Threat Management System.

We always see the Threatcon level indicator on the Symantec.com website as well as the Endpoint Protection Manager.

Following is the description for each one of the levels:

Threatcon Level 1

ThreatCon Level 1

Low : Basic network posture
This condition applies when there is no discernible network incident activity and no malicious code activity with a moderate or severe risk rating. Under these conditions, only a routine security posture, designed to defeat normal network threats, is warranted. Automated systems and alerting mechanisms...

Dirtiest Web Sites of Summer 2009

Satyam Pujari | 21 Aug 2009 | 5 comments

Symantec’s Web site ratings service Norton Safe Web presents the Dirtiest Web Sites of Summer 2009 – the top 100 infected sites based on number of threats. Norton Safe Web is a new reputation service from Symantec.

What makes these sites so dirty?
Symantec explained it by pointing out the fact that the average number of threats per malicious site rated by Norton Safe Web is 23. With that said, the average number of threats on the Dirtiest Web Sites list is a staggering 18,000 per site. Forty of the top 100 have more than 20,000 threats per site. Moreover, 75-percent of sites on the list have distributed Malware for more than six months.

“This list underscores what our research shows. There has been exponential growth in the number of online threats that are constantly evolving as cybercriminals look for new ways to target your money, identity, or assets. In 2008, most new infections occurred while people were...

Looks suspicious check in Virustotal.com

Vikram Kumar-SAV to SEP | 14 Jul 2010 | 5 comments

Sometimes when a file is not detected as threat and you think it is a Malware and still it is not getting detected.
In order to scan it from a different antivirus you actually un-install the current antivirus to install a 3rd party antivirus you update the definitions and then scan a file.
Just to know that even that is not detecting it.

There is a easier way of scanning a file with 39 well known antivirus software with their updated definitions.

Simply submit your file to

http://www.virustotal.com/

VirusTotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, Trojans, and all kinds of Malware detected by antivirus engines.

AhnLab (V3)
Antiy Labs (...

Connect And Protect - The North West Company

IanZ | 28 Sep 2012 | 1 comment

Last year, we started looking at SEP11. As we're still running on SAV8 for majority of the servers and clients, with a few SAV9 and SAV10, I believe it's about time to start upgrading to the latest version. I checked the features, documentations, forums, blogs, articles and everything about SEP and I'm getting a negative feedback, a lot of people are complaining. Some even call it a nightmare! Very discouraging. I kept on thinking, as the Server Technology Analyst and only 1 year with the company, I don't want to risk my new job as well as mess around with the servers. Is SEP11 ready for primetime, or is it a disaster? SEP11 is September 11, hmmm, a 9/11 disaster! So we didn't rush to deploy this. Instead, I started working on test servers and clients. At the same time, as I'm the only one who's going to deploy and implement this, I need to have a plan, a very safe one.

I created a project plan, first looking at the existing SSC setup and client...

Security Community Blog

ThreatCon Level 1

Links

About Security Community Blog

Filter by:

Blog Tags