Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog
Showing posts tagged with Best Practice
Showing posts in English
Bijay.Swain | 06 Oct 2009 | 1 comment
We are using 1000 license of SCS 3.1 . And all of the Pcs are spread over 20 Km area .  Now we are upgrading those clients to Symantec Endpoint Protection.
Now the problem is we are in a workgroup model network (No active directory domain) so we can’t use group policy/Login script/domain admin account to use push deployment feature of SEP. And Sep doesn’t have any web deployment feature like SCS had earlier. I searched for any option for remote deployment in a workgroup model network but unable to get any solution.
So decided to try something which will work in my environment and I came up with an idea, which I have recorded (procedure) as a .swf  file and putting it in the website .It may help others to deply client in workgroup.
Best feature of this is it also removes the old version of Symantec antivirus if present on the client system. You just have to call the user and ask him to open the website...
Kedar Mohile | 28 Sep 2009 | 2 comments

Migrating SEPM DB to SQL 2008

The procedure would remain same as before. You might want to check the following

  1. Remove the SEPM from any replication setup with other SEPMs
  2. Backup the SEPM server certificate
  3. Backup the existing SQL database using SEPM backup and Restore wizard
  4. Install an instance of Microsoft SQL Server 2008
  5. Uninstall the Symantec Endpoint Protection Manager
  6. Reinstall the Symantec Endpoint Protection Manager configured to use a new Microsoft SQL Server 2008 database
  7. Restore the SEPM server certificate
  8. Restore the backup copy of the database
  9. Reconfigure the Symantec Endpoint Protection Manager database to recognize Microsoft SQL Server 2008 by running Management Server Configuration Wizard

Reference: Symantec Endpoint...

Aniket Amdekar | 22 Sep 2009 | 1 comment





upgrade process2.jpg

Step 1: Back up the database

 Back up the database used by the Symantec Endpoint Protection Manager to ensure the integrity of your client information.

Step 2: Turn off replication

Turn off replication on all sites that are configured as replication partners. This avoids any attempts to update the database during the installation.

Step 3: Stop the Symantec Endpoint Protection Manager service

The Symantec Endpoint Protection Manager service must be stopped during the installation.

Step 4: Upgrade the Symantec Endpoint Protection Manager software

Install the new version of the Symantec Endpoint Protection Manager  on all sites in your network. The...

snekul | 21 Sep 2009 | 0 comments

I helped an admin out yesterday who was running out of disk space on a system. It turns out a very large email folder in Thunderbird was triggering a virus alert and an attempt to clean it up, but the cleaning failed. As such, the file was left in quarantine and left on the file system. Each time a scan ran, this happened again and the hard drive slowly filled up. By default, SEP clears items out of quarantine that are over 30 days old. I suggest adding the second option to your systems that also sets a file-size limit. Probably aim high, like 5120 MB or so, since it isn't permanent. This should be enough to prevent systems that had ample hard disk space from running out for some reason caused by SEP and misbehaving software, yet still allow for file recovery in most circumstances.

Mudit Kumar | 18 Sep 2009 | 16 comments

It’s important to know which kind of DSN you are suppose to check when you are Troubleshooting ODBC Connection.

If you want to check ODBC Connection on x64 system, you can check or create an ODBC Connection(DSN) for 32 Bit application and also use it for 64 Bit application.

32-bit applications will only look for ODBC connections created in the 32-bit, and 64-bits applications will look for ODBC connections from the 64-bit. 

So if you want to configure DSN for 32-bit application on 64-Bit OS you will have to use:

1. C:\Windows\SysWOW64\odbcad32.exe(Used to check ODBC for Symantec Endpoint Protection Manager)

You want to do the same on 64-bit application on 64-Bit OS you can use:

2. C:\Windows\System32\odbcad32.exe

Note: In case of Symantec Endpoint Protection...

jjesse | 06 Sep 2009 | 0 comments

Information Week has been running a "Rolling Review" of different DLP products in the marketplace.  Of the 6 products they reviewed only two of them stood out.  RSA's DLP Suite and Symantec's DLP Suite were the best of the products they reviewed.

Here is the summary of the review:

Also here is the specific review of Symantec DLP:

Enjoy and drop me a note if you have any questions in regards to Symantec DLP

Fatih Teke | 04 Aug 2009 | 4 comments

Hello Everyone,

I am the IT Specialist & Security Admin for the largest textile company in Turkey.  We have over 6000 employees, 33 servers, and 550 clients.

We originally installed another vendors AV solution, and found that when the downadup virus hit in April, it infecrted all of our computers worldwide!  I was at home when my IT manager sent a message and said, “we need you, there is a virus problem. Can you come in?”
When I arrived,  I saw Downadup was everywhere. We had originally decided to use another AV product,  as everyone in the IT department trusted the product.  However, this product couldn't identify and delete downadup.  Because of this, every computer on our network was infected!  Our DC (Domain Controller) was down and the addional controller was also down. All servers were down.Terminal servers,file servers etc. We didn't have disaster recovery. We were in...

IanZ | 20 Jul 2009 | 1 comment

Last year, we started looking at SEP11. As we're still running on SAV8 for majority of the servers and clients, with a few SAV9 and SAV10, I believe it's about time to start upgrading to the latest version. I checked the features, documentations, forums, blogs, articles and everything about SEP and I'm getting a negative feedback, a lot of people are complaining. Some even call it a nightmare! Very discouraging. I kept on thinking, as the Server Technology Analyst and only 1 year with the company, I don't want to risk my new job as well as mess around with the servers. Is SEP11 ready for primetime, or is it a disaster? SEP11 is September 11, hmmm, a 9/11 disaster! So we didn't rushed to deploy this. Instead, I started working on test servers and clients. At the same time, as I'm the only one who's going to deploy and implement this, I need to have a plan, a very safe one.

I created a project plan, first looking at the existing SSC setup and...

Abhishek Pradhan | 14 Jul 2009 | 0 comments

1 To prevent an automatic sweep of the database until after a backup occurs, increase the Site Properties Log Settings to their maximum permissible value.

2 Perform the backup, as you may feel appropriate.

3 On the computer where the manager is installed, open a Web browser and type the following URL:


After you have performed this task, the log entries for all types of logs are saved in the alternate database table. The original table is kept until the next sweep is initiated.

4 To empty all but the most current entries, perform a second sweep. The original table is cleared and entries then start to be stored there again.

5 Reconfigure the Site Properties Log Settings to the initial preferred values.

RolandAY | 30 Jun 2009 | 1 comment

 Keeping system folder to a minimum comes very handy in term of backup still to small might result in System running out of disk space which causes SEP and the whole system performance to lag
How to proceed?

1. On safe mode cut past the Symantec Endpoint folder content on a different location
2. create a clean partition
3. Windows + R type diskmgmt.msc
4. Right click on the new partition and select New Partition
5. Follow the instructions until you reach Assign Drive Letter or Path section
6. Select Mount in the following empty NTFS folder radio button and select Browse…
7. Highlight the C: drive and click on Symantec empty Folder
8. Complete the wizard
9. Copy back the Symantec Endpoint folder content
10. Reboot the system

Just remember to keep this action documented in the server history

in case you realise SEP content folder keeps growing follow...