Video Screencast Help
Search Video Help Close Back
to help

Security Community Blog

Showing posts tagged with Tip/How to
Showing posts in English
Vontu Data Loss Prevention: Upgrade
Twixxica_09 | 23 Sep 2009 | 1 comment

Vontu Data Loss Prevention: Upgrade

Customers upgrading to Vontu 8.0 to 9.0 will not recieve any upgrade key. They will continue to use the vontu 8.0 keys.

If you already have the Vontu Data loss prevention 8 license key, you can use the license key of Vontu DLp 8.0 to Vontu DLP 9. If you would like to purchase additional products, or if your renewing the product, that is the time you will recieve a license key for Vontu DLP 9.0.

Read more
SEP Quarantine Part 2
snekul | 28 Sep 2009 | 0 comments

Sometimes besides just having a large quarantine as far as MB is concerned, sometimes you also end up with a large quarantine as far as the number of files is concerned.  I found this on a computer where the user was complaining of slow speeds.  In this case, they were repeatedly visiting a website that was infected with malware and the quarantine grew huge as a result.  57,996 objects in the Quarantine folder! I simply deleted everything in this folder and all was well again.  I'm not sure if the slow speeds were a result of the Symantec's handling of the large quarantine or because it kept finding this stuff on the system.

SEP_Crazy_Quarantine.png

As a side tip, on machines that have been running for a while and may be filled with junk,...

Read more
List your Computers in SEPM
snekul | 22 Sep 2009 | 1 comment

As the "go to" guy for SEP on campus an interesting question came up, "How can I get a list of my machines that are actually running on SEP?" The SEP Manager (SEPM) has quite a few options, but the reports section seemed to be missing an option to export a list of all your machines. After searching around, I did find a solution. The trick is to go to the log section, not the reports section.

So in SEPM go to "Monitors" and choose the "Logs" tab. Then choose the log type of "Computer Status." Hit the button to get advanced settings. Then in the "Domain" field you'll want to enter your SEPM domain name so you only get your machines, otherwise you'll get all of them from all SEPM domains (unless that's what you want). You'll also want to expand the time range when searching. The default of last 24 hours will only show machines that have checked-in in the last 24 hours, so you'll want to expand that appropriately...

Read more
SEP 11.0 Student/Home Use License
Hinata Uzumaki | 11 Sep 2009 | 1 comment

Symantec Endpoint Protection offers Home/Student Use licenses that are intended to allow customers to deploy a limited number of copies of the client onto the home machines of employees (or faculty and staff) at a significant discount over a normal new license purchase (SEP 11.0 standard license). The installation, configuration, and management method for these agents is at the discretion of the customer (the company or the school).

Support is not sold for Home/Student Use licenses. Support is shared with the Support agreement covering the associated standard license. The customer is responsible for providing support to the home-user; issues requiring escalation are submitted normally via the customer's registered technical contacts and maintenance agreement.

In short: Home or student users must contact their company or school to get downloads or technical assistance.

 

Read more
The Importance of Registering Symantec Products Bought from Retail Stores (Box Products)
Hinata Uzumaki | 11 Sep 2009 | 4 comments

If you have purchased a Symantec product from a retail store (we call this as Box product), it is very important that you register this in the License Portal (https://licensing.symantec.com). Symantec will never know to whom or to what company it has been sold to unless you register it. It will be a big problem if you didn't register and you lost your certificate. It will be very difficult for us to track the record for that Box product that you bought.

If, for example, you lost your CD for SEP 11.0 and you need to get a copy of that, since we can't find a record that you own the product, Customer Care will not provide you the download (especially for products like SEP because this doesn't have activation). The same goes if you need a license key/file or if you want to get an upgrade. Getting technical support will also be twice as difficult.

The info regarding that product will only flow on our database once this has...

Read more
How Do I Renew My Old Sym Endpoint Protection 11.0 with the new serial number
edp@gurunanakhospital.in | 09 Sep 2009 | 5 comments

I paid for renewal and recieved the certificate pdf file for endpoint 11.0. I used that serial# to registar and it said no license file needed  how do i renw my old symc endpoint protection 11.0 with the new serial number

Read more
Missed Trojan
thaller | 24 Aug 2009 | 0 comments 
Hello Everyone,

So like I said in my last blog post, whenever something interesting or useful happens to me with regards to my dealing with SEP, I'll post about it, so here is the latest.

Last week we had an interesting "incident" with one of our clients.

The Client:

The client is a Windows XP SP2 Machine, that was on our Guest Network (Removed from the Corporate Network by Firewalling).
It was running SEP MR4 MP1 as an unmanaged client.

The client was set to auto-update from symantec every 4 hrs, and do a daily full scan.

The Problem:

We first noticed a problem when an end-user was complaining about "spyware" like symptoms, browser hijacking, popups, etc...

upon inspection SEP had not found anything, and the logs showed it was behaving as normal.

Upon furth investigation (using "other" tools) we found out that the machine was infected with Win32.XiaJian.bk Trojan.

As part of our incident response (Which I suggest every business create one...
Read more
A peek @ Malware Analysis
Abhishek Pradhan | 24 Aug 2009 | 1 comment
 
When it comes to fighting malware, you may be asking as a security professional, “Why would I need to perform malware analysis? I don’t work for an anti-virus vendor.” If you are responsible for the security of a network, at some point in your career you will most likely have to perform malware analysis.
 
The goal of malware analysis is to gain an understanding of how a specific piece of malware functions so that defenses can be built to protect an organization’s network. There are two key questions that must be answered. The first: how did this machine become infected with this piece of malware? The second: what exactly does this malware do? After determining the specific type of malware, you will have to determine which question is more critical to your situation.
 
Types of Malware Analysis
 
There are two types of malware...
Read more
Clients move to the Default Group Automatically
Warrior6945 | 21 Aug 2009 | 0 comments

Clients move to the Default Group Automatically

Even after replacing the sylink.xml the clients move to the Default group automatically.
This happens as a lot of tmp and dat files are generated in the AgentInfo Folder

PERFORM THE FOLLOWING STEPS TO RESOLVE THE ISSUE:

1. Stop the Symantec Endpoint Protection Manager service
2. Browse to the following location
    C:\Prog Files\Symantec\ Symantec Endpoint Protection Manager\data\inbox\AgentInfo
3. Delete all the files in the above folder.
4. Start the Symantec Endpoint Protection Manager service
5. Update the policy on the client.

Read more
Automate the Windows Components installation process using I386
binayak | 19 Aug 2009 | 0 comments

If you need to install Active Directory or any Windows Components using Add/Remove Windows Components feature such as IIS in Windows Server 2003, there are certain files that need to be copied from the Windows Server Setup Disk and these files are stored inside the i386 folder. So everytime you install Windows Components you have to carry the Windows Installation Disk with you and define the path of that folder.

Here is the solution:

1.  Copy the i386 folder in the System Driver (generally C: drive).

2.  Open Registy Editor.

3.  After you open the Registry Editor, navigate to :

 
HKEY_Local_Machine\SYSTEM\ CurrentControlSet\Services\HealthService\Parameters\ConnectorManager

4. Doubleclick the EnableADIntegration key. Change the Value to 1 and click OK.

Now you don't have to define the path everytime,...

Read more