Security Community Blog

The Security Community Blog is the perfect place to share short, timely insights including product tips, news and other information relevant to the Security community. Any authenticated Connect member can contribute to this blog.

  • 3
    Updated: Mithun Sanghavi 01 Nov 2012

    LiveUpdate Administrator (LUA) version 2.3.2 is now available

      The Latest version of LiveUpdate Administrator (LUA) version 2.3.2 is now available. Contact Symantec Technical Support to grab the Latest Copy of LiveUpdate Administrator (LUA) version 2.3.2 The installation file (147.35 MB) and will later be included on the SEP 12.1 RU2 DVD’s (SEP 12.1 RU2 is yet to be released) Some of the features included in this release Packaged with Apache Tomcat version 7.0.26 and PostgreSQL version 9.1.3. Packaged with JRE 1.7 (private JRE, automatically bundled, installed and configured by the LUA installer). Enhanced security with advanced features to protect the User Interface from certain attacks. Added the ability to modify the LUA download directory path at any time (not just at install time). Product Catalog will now automatically update to ensure catalog changes become available without any user...
  • 0
    Updated: Brandon Noble 28 Aug 2012

    New Trojan.Shylock wave

    We have been seeing a recent wave of Trojan.Shylock variants with a lot of additional functionality than the older versions we have been used to. Initially, many of these variants are detected generically as Backdoor.Trojan or Trojan Horse, but our new Shylock heuristic signatures (Trojan.Shylock!gen6 and Trojan.Shylock!gen7) should be changing this to a more accurate naming convention, and should be picking up a much wider spread of these threats. Additionally we are hearing about some behavior that we have not been able to reproduce. Reports are saying that legitimate documents are getting hidden and then shortcuts with the same name of the document are being added in their place. These shortcuts actually launch a thumbs.db(x) file which is the Shylock Trojan, and they are meant to trick the user into running the threat. This is common behavior of for threats, as noted in this blog article from May 2012,...
  • 1
    Created: Wally 14 May 2013

    Running SERT on older Pentium 4 systems

    Hello all - I just want to share this information with you.  It worked for me, but no guarantees... We have a couple of older P4 systems (XP SP3 32-bit) with the Intel 865PE chipset and ICH5 controller.   We couldn't boot from the SERT CD on these systems - got a boot error 5 - probably has something to do with the older chipset and WinPE. So, here's what we did to boot from a USB memory stick First follow the instructions in TECH131578 - http://www.symantec.com/business/support/index?page=content&id=TECH131578&profileURL=https%3A%2F%2Fsymaccount-profile.symantec.com%2FSSO%2Findex.jsp%3FssoID%3D1367256265628krhzFurGC64N88iGa5T5a6LD1sSGJF28647W0 with the following exception in Step 6....
  • 2
    Created: Brandon Noble 25 Apr 2013

    W32.Inabot - Support Perspective and Battle Plan

    I. BACKGROUND: We have been receiving a few scattered cases of outbreaks from a file labeled snkb00ptz.exe or snkb0ptz.exe, but it seems to be on the rise. It's normally considered poor troubleshooting to use the file name for any type of identification of a threat, but recent examples have made this practical. Even though these files were detected as many different threat names and families (Trojan.gen, w32.IRCBot.NG, Downloader, etc), the cases all reported the same behavior and symptoms. After some additional investigation, Symantec Security Response has broken out detection for W32.Inabot. That's short for the Insomnia IRC bot. More information is available from the makers of this threat in their manual, here: http://pastebin.com/dvpu8Zwb For those of you familiar with W32.Changeup, much of this...
  • 23
    Updated: Mithun Sanghavi 09 Apr 2013

    Latest Symantec Endpoint Protection Released - SEP 12.1 RU2 MP1

      Hello, Symantec Endpoint Protection 12.1. RU2 MP1 is Released Today as on 8th April 2013. You may find the Latest Release of Symantec Endpoint Protection 12.1.RU2 from: https://fileconnect.symantec.com/   This build's version is: 12.1.2100.2093. Migration paths Symantec Endpoint Protection 12.1.2100.2093 (RU2 MP1) can migrate seamlessly over the following: Symantec Endpoint Protection 12.1.2015.2015 (RU2) This Symantec Release build contains: 18 top impacting fixes. 25 internal defect fixes Security updates for JRE   KnowledgeBase Articles: Release Notes and...
  • 2
    Updated: Kari Ann 31 Mar 2013

    Survey Closed: Win $100 Amazon gift card for a 90 second survey!

    Survey Closed. Thank you to all those that participated. We'll be drawing the Amazon gift card winner next week.  The Symantec Endpoint Protection Team is conducting customer research through a simple survey. In less than 2 minutes, share your thoughts on SEP 11 verses SEP 12, hepful resources, and provide the product team perspective on your IT security challenges.  To thank you for your time, we'll award you 25 Symconnect points and enter you for a drawing for a $100 Amazon gift card, awarded in April 2013.
  • 0
    Created: Seyad 25 Feb 2013

    SEP 12.1 Client Installation issues - What to look for in SIS_INST.log

    If the 12.1 client istallation fails, look for the keyword "startrollback.sis" in the SIS_INST.LOG. The reason for the failure of the installation would be last action performed before the rollback started and it would be found in the lines just above the result found for the keyword searched. Example: In this example the installation failed as the start menu shortcut couldn't be created. --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 2013-02-18T00:54:32.074Z INFO  I SIS    Executing action ( 294 ) - CreateService  currentPosition: 138348 2013-02-18T00:54:32.074Z DEBUG I SIS      [CreateServiceBase] Validated service name. 2013-02-18T00:54:32.074Z DEBUG I SIS      [CreateServiceBase]...
  • 0
    Updated: Vikram Kumar-SAV to SEP 05 Feb 2013

    Evolving Endpoint Security

      Symantec keeps tab on the changing Threat Landscape and incorporates relevant security on its products.Same is the story with SAV to SEP to now SEP 12.. When we had SAV in the market what our customer needed was just a Antivirus to protect their system from downtime..here antivirus was looked more as a Availability facilitator than a core security product..till early 2000. Even though we had SCS (firewall and IPS) seclected people used the other features. Starting from 2006-2007 that was a high rise in malware being created and vulnerabilities being exploited..slowly the trend changed and it all came down to money making malwares.. FakeAntivirus, Downadup, Various Blackmailing Trojans etc..here the audience was not high profile..and SEP 11 very well detect and blocks and does whatever it can..Slowly people started using IPS, ADC and found much more can be done with SEP and they are doing it.. However in last few years there has been...
  • 0
    Created: SebastianZ 02 Feb 2013

    Symantec Security Products Data Sheets

    A small compilation from the Symantec Portfolio including Data Sheets of several Symantec Security Products.   - Symantec™ Endpoint Protection 12.1.2 (10/12) http://www.symantec.com/endpoint-protection/data-s... - Symantec Endpoint Protection Small Business Edition 2013 (11/12) http://www.symantec.com/endpoint-protection-small-... - Symantec™ Protection Suite Enterprise Edition - Comprehensive, powerful endpoint, messaging, and Web protection, for less money (06/11)...
  • 12
    Updated: Brandon Noble 17 May 2013

    W32.Changeup keeps on giving

    I. BACKGROUND: In mid-2009, W32.Changeup, was first discovered on systems around the world. Over the last few years, Symantec Security Response has profiled this threat, explained why it spreads, and shown how it was created.  Since November 2012 we have seen weekly spikes the number of W32.Changeup detections and infections. The increase in detections is a result of a renewed W32.Changeup campaign now active and in-the-wild.   II. THREAT DETAILS: When a system is compromised, W32.Changeup may install additional malware. These secondary threats have the ability to download even...