Video Screencast Help
Security Community Blog
Showing posts tagged with Best Practice
Showing posts in English
Kedar Mohile | 20 Jun 2009 | 3 comments

Disk full message erroneously appears when downloading LiveUpdate updates

If your network environment already supports the proxy servers that are compliant with the HTTP 1.1 protocol or later, you can disregard this entry.

After you have tried to download LiveUpdate for the first time, the following message might appear:

"LU1863: Insufficient free disk space
There is not enough free disk space for LiveUpdate to operate properly. Please free up disk space on your computer and run LiveUpdate again."

You might have insufficient disk space. However, it is much more probable that this message appears in error because the proxy server is unable to send the correct Contents-Length header field.

This error message might appear on Symantec Endpoint Protection Manager, a Symantec Endpoint Protection client, or a Symantec Network Access Control client.

You should verify that the disk...

Kedar Mohile | 16 Jun 2009 | 1 comment

Takes a long time for Firewall Policy Overview page to appear when running with more than 500 groups in SEP Manager...

For more than 500 groups, it takes 1.5 minutes to display the Firewall Policy Overview page

If you click the Add a Firewall Policy command, it can take up to 1.5 minutes for the Firewall Policy Overview page to appear. This occurs if the management server contains 500 or more groups. The problem occurs because it takes time for the Overview page displays all the groups and locations that the existing firewall policies are assigned to.

This happens due to the "locationCounting" settings enabled which is used to count and display the same for the user every time the page is attempted to open. When you have a higher number lets say more then 500 it takes ~1.5 mins to count and display the same.

To work around this issue, perform the following steps:

Close all instances of the Symantec Endpoint Protection Manager Console....

MattBarber | 08 Jun 2009 | 0 comments

If you ever have a question of whether or not your data is actually getting into the SEPM, a good first place to check would be in the following location:  Depending on your install directory (mine is D:\) navigate to \Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\agentinfo.  This is where information enters the SEPM from the clients.  You should be able to watch data come in and out of this folder.  There should only be a handful of files (at most) in this location.  This is a very helpful troubleshooting step when there is concern about getting data from the clients into the SEPM.  Believe it or not, a repair on the SEPM can get data flowing again if you are having this issue.  Remember never install a Maintenance pack without installing the cooresponding Maintenance Release first, even if Symantec Support tells you to.  ie, install MR .4000 before installing MP .4014.  Seems very basic,...

Kedar Mohile | 05 Jun 2009 | 5 comments

After you configure database maintenance options, the new options are applied at midnight, and not immediately.

To configure the database options:

  1. In the console, click Admin > Servers, and then select a site.
  2. Under Tasks, click Edit Site Properties, and then click the Database tab.

To configure the management server to apply the database maintenance options immediately, you can configure the conf.properties file.

To configure the config.properties file:

  1. Open the conf.properties file, located in the C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\etc directory by default.
  2. Change the following parameters:
  • Change scm.object.idletime=3600000 (in milliseconds) to a smaller number. The default setting is 1 month.
  • Change scm.timer.objectsweep=900 (in seconds) to a smaller number.The default setting...
MattBarber | 04 Jun 2009 | 0 comments

This is a basic but helpful approach to environments with one SEPM and many locations with small numbers of clients.

We have deployed SEP to our retail locations (approx. 160) where each store is it's own group of clients and each store falls into one of eight retail regions.  The way to get SEP clients to report to a specific group after install is to export the install package from the SEPM and associate it with a particular group.  We have had much success with creating a "Deployment" group within the console and exporting an install package from this group.  This way we install all of our retail locations to this group, and we can manually assign clients to their appropriate group via the Symantec Console.  Each store uses all the same policies (shared) except for their LiveUpdate policy, which is a non-shared policy used to identify a GUP for each store.  So far this has gone very well, and rollout went from being a "...

Bored Silly | 28 May 2009 | 7 comments

A Zero-Day virus is defined as, "a previously-unknown computer virus or other malware for which specific antivirus software signatures are not yet available."    Everybody has their different tricks and techniques when it comes to dealing with Zero-Day remediation.  This is what I do when someone calls me suspecting they are infected on my network.

1. You’ll need a copy of the PSLIST tool from the Sysinternals or PSTools Suite. From a command prompt launch: PSLIST -s \\computer-name or PSLIST \\computer-name

  • Note: Drop the -s to see a static view of the processes but keep in mind that some malware only stays visible for seconds or will constantly change it's port numbers.
  • Note #2: You hit ESC to exit the -s mode

2. Examine the list of running processes to see...

stebro | 26 May 2009 | 2 comments

The Symantec Endpoint Protection Integration Component 7.0 provides integration between the Symantec Management Platform 7 and Symantec Endpoint Protection 11.

Features include:

Antivirus Inventory

Identifies installed endpoint security products from Symantec, McAfee, Trend, Sophos, CA, F-Secure, Kaspersky, and ESET
Details on Symantec Endpoint Protection client
Symantec Endpoint Protection Client Migration Job

Task based uninstall, restart, and Symantec Endpoint Protection Installation
Tasks can be customized for and blended with any Task Server task
Symantec Endpoint Protection Client Tasks

Full and Quick Virus Scans
Update virus definition and other security content
Repair Symantec Endpoint Protection client
Reporting

Antivirus summary
Computers with Tamper Protection enabled
Migration details including installation failure feedback
Benefits include:

...

shivji | 26 May 2009 | 2 comments

Spam Protection

Brightmiail security Gateway Protects messaging infrastructure protect the spam mail to 97 % and the accuracy is 1 in million false positive and the continuous update from Symantec server for the new spam related ip or domain and helps ensure business uptime and user productivity by reducing spam volume and keeping email secure.

Anti malware Threats

Brigtmail Security Gateway is protecting our messaging infrastructure from malware threat and ensure business uptime and user productivity by eliminating malware threats. and the security is getting update from the Symantec site continuously . And the zero day protection is the very helpful to protect our environment from any type of virus threat. As per the company record the company gets 35 consecutive VB award since November 1999.

Compliance policy and Data Loss

Data loss is very critical issue in our industry, the brightmail security appliance protest company reputation and manage...

riva11 | 25 May 2009 | 0 comments

Do you need to know open ports on your servers ? Try CurrPorts by Nirsoft , this helpful tool allows to Monitor TCP/IP Network connection on your Windows computers.
No installation needed, just download the exe file from the dowload link and start to scan your target system.

Description:
CurrPorts displays the list of all currently opened TCP/IP and UDP ports on your local computer. For each port in the list, information about the process that opened the port is also displayed, including the process name, full path of the process, version information of the process (product name, file description, and so on), the time that the process was created, and the user that created it.
In addition, CurrPorts allows you to close unwanted TCP connections, kill the process that opened the ports, and save the TCP/UDP ports information to HTML file , XML file, or to tab-delimited text file.
CurrPorts also automatically mark with pink color...

Katherine Cooper Symantec SMB Campaigns | 20 May 2009 | 2 comments

Symantec recently released the findings of its 2009 Storage and Security in SMBs survey, which indicate that some small business are neglecting important information safeguards due to tight budgets and lack of time and IT staff resources.

According to the survey, small and mid-sized businesses (SMBs) clearly understand the importance of security and report that protecting their information, network and servers are their top goals. But despite understanding the risks they face, a surprising number of companies are neglecting basic safeguards.

More than half have not implemented endpoint protection to safeguard laptops, desktops and servers against malware. Almost half do not backup their desktop PCs, leaving their important information at risk.

Finally, one-third of SMBs do not have the most basic protection of all -- antivirus protection. Small business owners are working with many fewer resources and any missteps could shut them down. Every dollar and every...