Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog
Showing posts tagged with Best Practice
Showing posts in English
khaley | 27 Apr 2009 | 6 comments

 It’s happened to all of us, hasn’t it? You’re being driven to an important meeting. You prepare for the meeting by reading a top secret document, something related to national security. The chauffeur pulls up to the building and in a hurry to get to the meeting your grab your papers and portfolio and jump out of the car. Exiting the car you are greeted by the press. They take your picture. You give a brief wave and head into your meeting. Happens all the time. Unfortunately the top secret document you were carrying was sitting on top of your portfolio, in just the right position that most of the contents of the document can easily be read in the all photographs that were taken. Don’t you just hate when that happens to you?

Okay, maybe you can’t relate. You don’t have a chauffeur, top secret documents or even people other than your mom wanting to take your picture. Someone who can relate is Bob Quick, the former assistant...

Symantec World | 23 Apr 2009 | 0 comments

Hi All,

You want your network secure so have to folow the following points.

• File system protection
Consider how your network resources should be protected. All file servers should have an antivirus solution that actively scans the file system in real time so that, as files are modified or added, the antivirus application can quarantine or repair the affected files before they spread to client systems or other servers. The server should also be protected at the file system level in other ways. For example, all Windows servers should use NTFS, since FAT offers essentially no security. You should also eliminate unnecessary shares, require share permissions for all shares, and use hidden shares where possible to further protect the server from worms that propagate through unprotected shares.

• Don't open an attached file if you do not know what it is, who sent it to you, or you were not expecting it (even if it is from somebody that you know.)...

SAM_SHAIKH | 23 Apr 2009 | 3 comments


W32.Sality is a parasitic virus which infects shared drives and Windows executable files by putting its code to host files. It contains downloader functionality to further install Trojan or key logger components. Sality opens a backdoor that allow the remote attacker to get the full control over the infected computer and in turn the confidential information, representing a serious security risk.

Microsoft - Virus: Win32/
Kaspersky - Virus.Win32.Sality.aa

W32.Sality has the following symptoms:

• Modifies System.ini files (Check for the modified date)
• Services listening on the network port(s).
• Unexpected network trafic to one or more of the domain(s).
• No access to File Monitor.
• Disables Safe mode boot
• Disables regedit and taskmanager
• Disables Antivirus

Upon execution, it starts...

Nimesh Vakharia | 21 Apr 2009 | 4 comments

SEP Small Business Edition 12.0 has a number of optimizations to ensure it “simply” works in a Small Business environment. One of the those features is the Intelligent live Update capability which I will discuss in this blog.

One of the key things that administrators struggle with is ensuring that all the endpoints within their company have the latest virus definitions, IPS signatures, and other updates. This becomes more challenging with users that don’t connect to the corporate network often enough to download the latest updates from the management server.

Some solutions that we have seen small business customers implement is to install “Unmanaged clients” on computers that are always on the road. Unmanaged clients get their updates directly from Symantec servers but these systems don’t report back to the customer’s management server. The challenge with this approach is that the administrator does not get a status nor can he...

ShadowsPapa | 20 Apr 2009 | 0 comments

I was facing another issue - being a gov't agency, we run at short staff all the time. The boss wants central management of everything, but that still takes people to manage it.
One of the things deemed most critical is the antivirus protection on our clients. Yes, there are audits one can perform, be it by SMS (but it has to know what to look for) or by Symantec's own products, but that takes people to RUN the audit, then filter through and understand what one is seeing. And if you have 45 different subnets, then searching computers via subnet is painstaking. There's the old "get a list from xxx and search from that list" trick, but computers constantly change, they must be turned on to successfully audit, and what if they are off at that very moment of your audit? Some were always falling through the cracks.
There is only one constant - any time a person here logs in, they run our login script. Period. I've found not exceptions (hope not, I set it up that...

erikw | 20 Apr 2009 | 0 comments

Symantec issues latest Internet Security Threat Report. Read more on:

sebastiaan | 16 Apr 2009 | 15 comments

A few weeks ago, a couple of my co-workers visited a workshop about a new course: ethical hacking. In short, it teaches system administrators how to try and hack your own system, to check it's vulnerabilities and find out whether your security needs working on. The course is also available for pretty much everyone else, but that on a side note.

When i heard about it, the only thing that sprung to my mind was "WTF??". Are we really going to TEACH people to hack, how to do it and what to do with it? Why not just build a program for it then? That would make things a lot easier: Microsoft Hacking 2007 or something, ofcourse licensed, but that would not be a problem, since - well it is a hacking tool, right?

As i remember in the good ol' days, hacking was staring at black screens, learning, adapting to what you found and working with that information. It was almost completely auto-didacted by people that wanted to know. That made hackers good system admins,...

erikw | 10 Apr 2009 | 0 comments

VirtualStorm with Symantec Endpoint Virtualisation and Symantec Endpoint Protection is now also available in the US.
Click on the link to see the official pressrelease or visit

riva11 | 08 Apr 2009 | 6 comments

Another tool to add in your USB memory key to use in case of emergency. The KillProcess tool is a perfect killer for your applications.

A short description from the author :
It can terminate almost any process on a Windows machine, including any service and process running in the system. Even protected Microsoft system processes can be terminated.

This tool can be helpful to terminate certain unknown processes that can be impossible shut down in other normal ways.

Also it has a great feature , the ability to create “kill lists” where you create a list of processes you want to kill.
As other tools already posted here the KillProcess is released with freeware licence and is available in a portable version.

For further details refers to the...

carubin | 02 Apr 2009 | 2 comments

Thank goodness this has turned out to be a dud so far.  It did prove to us, once again, how valuable and forward looking our investment in Altiris products has turned out to be  For our part we prepared for this is several ways:

1.  With patch management we ensured that the relevant Microsoft patch was pushed out to all clients and moniroed the compliance throughout.

2.  We put a host integrity check on our Sygate clients to put users who did not have the patch in a locked down mode.

3.  We prepared jobs in NS to disable autorun features on USB devices.

4.  Monitored and remediated virus signature levels.

I'm not foolish enough to believe that we aren't immune to attack but at least, perhaps, we made it a little harder for the bad guys.

Of course, our workstation services team insisted that I put all this stuff on CDs, just in case machines needed to be yanked off the network.