Video Screencast Help
Security Community Blog
Showing posts tagged with Tip/How to
Showing posts in English
Kedar Mohile | 28 Sep 2009 | 2 comments

Migrating SEPM DB to SQL 2008

The procedure would remain same as before. You might want to check the following

  1. Remove the SEPM from any replication setup with other SEPMs
  2. Backup the SEPM server certificate
  3. Backup the existing SQL database using SEPM backup and Restore wizard
  4. Install an instance of Microsoft SQL Server 2008
  5. Uninstall the Symantec Endpoint Protection Manager
  6. Reinstall the Symantec Endpoint Protection Manager configured to use a new Microsoft SQL Server 2008 database
  7. Restore the SEPM server certificate
  8. Restore the backup copy of the database
  9. Reconfigure the Symantec Endpoint Protection Manager database to recognize Microsoft SQL Server 2008 by running Management Server Configuration Wizard

Reference: Symantec Endpoint...

Twixxica_09 | 23 Sep 2009 | 1 comment

Vontu Data Loss Prevention: Upgrade

Customers upgrading to Vontu 8.0 to 9.0 will not recieve any upgrade key. They will continue to use the vontu 8.0 keys.

If you already have the Vontu Data loss prevention 8 license key, you can use the license key of Vontu DLp 8.0 to Vontu DLP 9. If you would like to purchase additional products, or if your renewing the product, that is the time you will recieve a license key for Vontu DLP 9.0.

snekul | 22 Sep 2009 | 0 comments

Sometimes besides just having a large quarantine as far as MB is concerned, sometimes you also end up with a large quarantine as far as the number of files is concerned.  I found this on a computer where the user was complaining of slow speeds.  In this case, they were repeatedly visiting a website that was infected with malware and the quarantine grew huge as a result.  57,996 objects in the Quarantine folder! I simply deleted everything in this folder and all was well again.  I'm not sure if the slow speeds were a result of the Symantec's handling of the large quarantine or because it kept finding this stuff on the system.


As a side tip, on machines that have been running for a while and may be filled with junk,...

snekul | 21 Sep 2009 | 1 comment

As the "go to" guy for SEP on campus an interesting question came up, "How can I get a list of my machines that are actually running on SEP?" The SEP Manager (SEPM) has quite a few options, but the reports section seemed to be missing an option to export a list of all your machines. After searching around, I did find a solution. The trick is to go to the log section, not the reports section.

So in SEPM go to "Monitors" and choose the "Logs" tab. Then choose the log type of "Computer Status." Hit the button to get advanced settings. Then in the "Domain" field you'll want to enter your SEPM domain name so you only get your machines, otherwise you'll get all of them from all SEPM domains (unless that's what you want). You'll also want to expand the time range when searching. The default of last 24 hours will only show machines that have checked-in in the last 24 hours, so you'll want to expand that appropriately...

Hinata Uzumaki | 11 Sep 2009 | 1 comment

Symantec Endpoint Protection offers Home/Student Use licenses that are intended to allow customers to deploy a limited number of copies of the client onto the home machines of employees (or faculty and staff) at a significant discount over a normal new license purchase (SEP 11.0 standard license). The installation, configuration, and management method for these agents is at the discretion of the customer (the company or the school).

Support is not sold for Home/Student Use licenses. Support is shared with the Support agreement covering the associated standard license. The customer is responsible for providing support to the home-user; issues requiring escalation are submitted normally via the customer's registered technical contacts and maintenance agreement.

In short: Home or student users must contact their company or school to get downloads or technical assistance.

Hinata Uzumaki | 11 Sep 2009 | 4 comments

If you have purchased a Symantec product from a retail store (we call this as Box product), it is very important that you register this in the License Portal ( Symantec will never know to whom or to what company it has been sold to unless you register it. It will be a big problem if you didn't register and you lost your certificate. It will be very difficult for us to track the record for that Box product that you bought.

If, for example, you lost your CD for SEP 11.0 and you need to get a copy of that, since we can't find a record that you own the product, Customer Care will not provide you the download (especially for products like SEP because this doesn't have activation). The same goes if you need a license key/file or if you want to get an upgrade. Getting technical support will also be twice as difficult.

The info regarding that product will only flow on our database once this has... | 03 Sep 2009 | 5 comments

I paid for renewal and recieved the certificate pdf file for endpoint 11.0. I used that serial# to registar and it said no license file needed  how do i renw my old symc endpoint protection 11.0 with the new serial number

thaller | 24 Aug 2009 | 0 comments
Hello Everyone,

So like I said in my last blog post, whenever something interesting or useful happens to me with regards to my dealing with SEP, I'll post about it, so here is the latest.

Last week we had an interesting "incident" with one of our clients.

The Client:

The client is a Windows XP SP2 Machine, that was on our Guest Network (Removed from the Corporate Network by Firewalling).
It was running SEP MR4 MP1 as an unmanaged client.

The client was set to auto-update from symantec every 4 hrs, and do a daily full scan.

The Problem:

We first noticed a problem when an end-user was complaining about "spyware" like symptoms, browser hijacking, popups, etc...

upon inspection SEP had not found anything, and the logs showed it was behaving as normal.

Upon furth investigation (using "other" tools) we found out that the machine was infected with Win32.XiaJian.bk Trojan.

As part of our incident response (Which I suggest every business create one...
Abhishek Pradhan | 23 Aug 2009 | 1 comment
When it comes to fighting malware, you may be asking as a security professional, “Why would I need to perform malware analysis? I don’t work for an anti-virus vendor.” If you are responsible for the security of a network, at some point in your career you will most likely have to perform malware analysis.
The goal of malware analysis is to gain an understanding of how a specific piece of malware functions so that defenses can be built to protect an organization’s network. There are two key questions that must be answered. The first: how did this machine become infected with this piece of malware? The second: what exactly does this malware do? After determining the specific type of malware, you will have to determine which question is more critical to your situation.
Types of Malware Analysis
There are two types of malware...
Warrior6945 | 21 Aug 2009 | 0 comments

Clients move to the Default Group Automatically

Even after replacing the sylink.xml the clients move to the Default group automatically.
This happens as a lot of tmp and dat files are generated in the AgentInfo Folder


1. Stop the Symantec Endpoint Protection Manager service
2. Browse to the following location
    C:\Prog Files\Symantec\ Symantec Endpoint Protection Manager\data\inbox\AgentInfo
3. Delete all the files in the above folder.
4. Start the Symantec Endpoint Protection Manager service
5. Update the policy on the client.