Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog
Showing posts tagged with Reporting
Showing posts in English
Wayne Humphrey | 08 Dec 2009 | 1 comment

This SQL Script will get all List of all Archives and dispaly the following:

  • Mailbox Name
  • Exchange Server
  • Number of Items (Mailbox) 
  • Number of (Archive)
  • Mailbox Size (MB) 
  • Archive Size (MB)
  • Total Size (MB) 
  • Archive Created
  • Archive Updated
LEFT(MbxDisplayName,20) AS 'Mailbox', 
ExchangeComputer AS 'Exchange Server',
MbxItemCount AS '#Items (Mailbox)', 
VS1.ArchivedItems AS '#Items (Archive)',
MbxSize/1024 AS 'Mbx Size (MB)', 
VS1.ArchivedItemsSize/1024 AS  'Archive Size(MB)',
(mbxsize+VS1.ArchivedItemsSize)/1024 AS 'Total Size(MB)', 
VS1.CreatedDate AS 'Archive Created',
VS1.ModifiedDate AS 'Archive Updated', 
MbxExchangeState AS 'Exchange State'
EnterpriseVaultDirectory.dbo.ExchangeMailboxEntry AS EME,
EnterpriseVaultDirectory.dbo.ExchangeServerEntry AS ESE,
EVVaultStore01..ArchivePoint AS VS1
EME.DefaultVaultID  =...
mon_raralio | 13 Oct 2009 | 0 comments

I've been getting this problem just recently:
SBG Error 10142009.JPG

I've tried searching and this is one of the promising solutions I've found:
"No data is available for the report type and time range specified" shows when running a report for Symantec software or Symantec appliances with software 5.0.0-14 or newer

Situation: When running reports in Symantec software or Symantec appliances with software 5.0.0-14 or newer, an error message shows. The text reads: "No data is available for the report type and time...

snekul | 21 Sep 2009 | 1 comment

As the "go to" guy for SEP on campus an interesting question came up, "How can I get a list of my machines that are actually running on SEP?" The SEP Manager (SEPM) has quite a few options, but the reports section seemed to be missing an option to export a list of all your machines. After searching around, I did find a solution. The trick is to go to the log section, not the reports section.

So in SEPM go to "Monitors" and choose the "Logs" tab. Then choose the log type of "Computer Status." Hit the button to get advanced settings. Then in the "Domain" field you'll want to enter your SEPM domain name so you only get your machines, otherwise you'll get all of them from all SEPM domains (unless that's what you want). You'll also want to expand the time range when searching. The default of last 24 hours will only show machines that have checked-in in the last 24 hours, so you'll want to expand that appropriately...

Mudit Kumar | 18 Sep 2009 | 16 comments

It’s important to know which kind of DSN you are suppose to check when you are Troubleshooting ODBC Connection.

If you want to check ODBC Connection on x64 system, you can check or create an ODBC Connection(DSN) for 32 Bit application and also use it for 64 Bit application.

32-bit applications will only look for ODBC connections created in the 32-bit, and 64-bits applications will look for ODBC connections from the 64-bit. 

So if you want to configure DSN for 32-bit application on 64-Bit OS you will have to use:

1. C:\Windows\SysWOW64\odbcad32.exe(Used to check ODBC for Symantec Endpoint Protection Manager)

You want to do the same on 64-bit application on 64-Bit OS you can use:

2. C:\Windows\System32\odbcad32.exe

Note: In case of Symantec Endpoint Protection...

hemu | 25 Aug 2009 | 1 comment

Dear Friends please find attached SQL query for DB report.....

use sem5
select pat.version as vd_version,i.MAC_addr1, i.CURRENT_LOGIN_USER, i.computer_name, i.ip_addr1_text,OPERATION_SYSTEM,
dateadd(s,convert(bigint,i.TIME_STAMP)/1000,'01-01-1970 00:00:00'),
dateadd(s,convert(bigint,CREATION_TIME)/1000,'01-01-1970 00:00:00'),i.DELETED,
dateadd(s,convert(bigint,LAST_UPDATE_TIME)/1000,'01-01-1970 00:00:00') lastupdatetime,agent_version, as group_name from
sem_agent as sa with (nolock) left outer join pattern pat on sa.pattern_idx=pat.pattern_idx
inner join v_sem_computer i on i.computer_id=sa.computer_id
inner join identity_map g on
inner join identity_map p on
inner join identity_map s on
inner join identity_map q on where
(sa.agent_type='105' or sa.agent_type='151') and sa.deleted='0'
and (sa.major_version >...

Paul Mapacpac | 20 Aug 2009 | 4 comments

1. Your role in the organization/company (CTO, CIO, CEO, SysAdmin, etc)?

To give you a background, the company that I have been working for deals with Resarch, Media/Public Relations, Crisis Issue Management and everything with regards to relations communications. I worked here before as a technical support/network engineer and we have been using Symantec Antivirus 10.x.x for 5 years. We also act as an IT consultant for this company serving all kinds of their IT needs in all categories (cellphones, desktops, servers, etc)

Due to an unpleasant events, we were replaced by a group of IT which replaced the anti-virus system. I am not sure why they replaced the virus system since the SAV Antivirus System was very reliable for the company. My guess is that this group wanted to get cut from the antivirus seller.

Now, I was re-hired and working as the MIS Manager/Officer for the company. Based from my techsupport group, they encounter numerous issues...

riva11 | 15 Aug 2009 | 1 comment

There are several discussions about phishing and socially engineered malware attacks, I found an article that help to understand how browsers are ready to detect these attacks.
Take a look on the report published on NSS Labs "Q3 2099 Phishing Test Report", This report examines the ability to protect users across the following browsers  :

  • Apple Safari v4
  • Google Chrome 2
  • Microsoft Internet Explorer v8
  • Mozilla Firefox v3
  • Opera 10 Beta

Extract from NSS Labs Blog :
Socially engineered malware is the most common and impactful threat on the Internet today, with browser protection averaging between 1% and 81%. Internet Explorer 8 caught 81% of the socially engineered...

J.Porter | 12 Aug 2009 | 2 comments

When I signed on to work in my current position as infosec specialist, I was required to attend the Symantec Endpoint Protection 11.0 MR4: Administration course. Little did I know how hard it would be to actually register and attend a course in my area. The course was cancelled 3 times due to lack of enrollment 3 times, before I finally attended. I began working with SEP11 MR2, and finally got into the MR4 course with 1 year of experience under my belt. The instructor stated "Wow, you've been working on the product for a year so you can probably teach the class"! 

The course was a good course, but the instructor was right. I didn't learn a significant amount of new information. My sole job is to manage Symantec Endpoint Protection Management servers, so naturally I learned a thing or two over the last year. On the otherhand, this class is great for those who are new to...

Vikram Kumar-SAV to SEP | 06 Aug 2009 | 5 comments
Sometimes when a file is not detected as threat and you think it is a Malware and still it is not getting detected.
In order to scan it from a different antivirus you actually un-install the current antivirus to install a 3rd party antivirus you update the definitions and then scan a file.
Just to know that even that is not detecting it.
There is a easier way of scanning a file with 39 well known antivirus software with their updated definitions.
Simply submit your file to
VirusTotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, Trojans, and all kinds of Malware detected by antivirus engines.
Kedar Mohile | 20 Jun 2009 | 3 comments

Disk full message erroneously appears when downloading LiveUpdate updates

If your network environment already supports the proxy servers that are compliant with the HTTP 1.1 protocol or later, you can disregard this entry.

After you have tried to download LiveUpdate for the first time, the following message might appear:

"LU1863: Insufficient free disk space
There is not enough free disk space for LiveUpdate to operate properly. Please free up disk space on your computer and run LiveUpdate again."

You might have insufficient disk space. However, it is much more probable that this message appears in error because the proxy server is unable to send the correct Contents-Length header field.

This error message might appear on Symantec Endpoint Protection Manager, a Symantec Endpoint Protection client, or a Symantec Network Access Control client.

You should verify that the disk drive to...