Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog
Showing posts tagged with Tip/How to
Showing posts in English
skc skc | 09 May 2009 | 3 comments

Hi all,

Need solution badly!!!!!!!!!

 When i open my drives semantic anti virus detects and deletes Klif.sys virus and opens in new window. This happens every time when i open drive. Is there any why yo remove virus.

any solution.?

mon_raralio | 06 May 2009 | 13 comments

Monitoring for virus coming from the Internet would really help in preventing infections, at least on the entry-point where a client accesses a malicious website.
My first step would be to get the reports from the SAV or SEP reporter. The file would contain information on the infection particularly the path where the infection was detected.
Internet files would be stored in C:\Documents and Settings\username\Local Settings\Temporary Internet Files

Take note of the computer name, the username, and the time of infection.

I'm using Internet Explorer History Viewer and checking the remote PCs visited sites (assuming that the user hasn't yet deleted the history) and cross checking the sites visited at the time of infection.
The application shows the history in html table format so it's easy to see the sites visited.

I also use Norton Safe Web to get additional details on the website that was visited....

rick_maddox-123 | 04 May 2009 | 4 comments

When was the last time you considered your handheld or mobile device as a real threat?

There is a lot going on in the mobile security arena these days, and I'll try to explain a few of the considerations we review at Symantec, and what you can do about these new threats. Let's start off with a few basic premises for sake of discussion.

1. Smartphones play an increasingly vital role in today’s business and they frequently contain a wealth of sensitive information.
2. Smartphones represent the new computing platform paradigm for both business and leisure; however, these devices have become the new vulnerability.

So, what does this mean? As you know, many smartphones are more of a mini-computer than a phone.  As such, these devices are "endpoints."  These devices house sensitive information that is typically a blend of both professional and personal content. Lost smartphones are a serious threat for...

riva11 | 30 Apr 2009 | 9 comments

I'd like to share an interesting application that allows to uninstall dozens of different antivirus programs from a computer system.
It can help for example in case you have to remove an antivirus applications in case of errors during removal or when you need to replace a security application with another .

The AppRemover program is a portable software , free for your personal, non-commercial, use.

Supported Operating Systems :
Windows 2000, 2003, XP (32 / 64 bit), Vista (32 / 64 bit), 2008, Windows 7 beta

Antivirus & Antispyware Applications removed : Support Charts 

Link : AppRemover

rheadley | 28 Apr 2009 | 1 comment

This zip file contains sample reports provided by Jeff Van Gundy on February 26th at the San Diego User's Group meeting. I have also included a message from Jeff on how to instruct customers to deal with the issue with MR4 MP1.

San Diego Altiris User Group.

Thank you for your time yesterday. I was glad to share the capabilities of Symantec Endpoint Protection with you. As I mentioned before, you can always expect to get straight information from me. I and Symantec value you as customers. We understand that you have invested time and money in our solution. Therefore, it is imperative that we make sure we are direct and honest with you in regards to our security portfolio and how it can impact you. It's easy to stand up and tell you how great we are. It's not so easy when we have an issue. But if I and Symantec are to have integrity, then we need to give you all information both good and bad.

Yesterday I told you that we have an issue with Symantec Endpoint...

jjesse | 23 Apr 2009 | 0 comments

In his first keynote as CEO of Symantec, Enrique Salem presented a new idea entitled "Operationalizng your Security" and talked about one of the tools in the Symantec Product set that can do this for you.

I learned a lot as I read through this speech. First I did not know he was the eighth software developer for Peter Norton Computing. After his first acquisition by Symantec, Mr. Salem left to go work at Brightmail and was once again acquired by Symantec.

As a side note it is great seeing a CEO of a tech company as large as Symantec also being someone who understands and uses technology.

But back to Operationalizing your security

Mr. Salem argues the current way of doing security is not working and backs it up with some interesting stats:

In 2008, we created more than 1.6 million new malicious code signatures. That’s more than
we’ve created in the last 17 years combined...
In the 30 minutes that I’m...

BNH | 21 Apr 2009 | 1 comment

In the past, we see threats modify Windows host file to redirect AV vendor websites to 127.0.0.1 loopback address.
Some security software also injects known bad URLs into the same host file with 127.0.0.1 loopback address.

Well nowadays the bad guys are getting smart and does more advanced stuff than host file modification.

In few recent malwares [ie. Conficker aka Downadup], we see that infected machines are unable to access AV vendor sites although the host file is empty.
And ping to av website yield a 127.0.0.1 address resolution.

Well now there are a few tricks we can do to evade this issue.

Its an old trick by removing DNS cache on our machine and check it everytime required to the DNS server.
Microsoft has a KB for this as written in support.microsoft.com/kb/318803 .
It is as simple as typing : 'net stop dnscache' or 'sc servername stop...

binayak | 20 Apr 2009 | 6 comments

Copy the contents of the following folder

C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\<your own group id here>\full

to a network share ex. \\someserver\sep that every user has read/execute access to

Then create a Group Policy Object to run the following script (.bat file) at login/startup (this can also be used with landesk and psexec):

  1. IF EXIST "c:\Program Files\Symantec\Symantec Endpoint Protection" GOTO END
  2. NET USE Z: \\someserver\sep /PERSISTENT:NO
  3. z:\setup.exe /s /v"/qn"
  4. NET USE Z: /DELETE
  5. :END
     
ShadowsPapa | 20 Apr 2009 | 0 comments

I was facing another issue - being a gov't agency, we run at short staff all the time. The boss wants central management of everything, but that still takes people to manage it.
One of the things deemed most critical is the antivirus protection on our clients. Yes, there are audits one can perform, be it by SMS (but it has to know what to look for) or by Symantec's own products, but that takes people to RUN the audit, then filter through and understand what one is seeing. And if you have 45 different subnets, then searching computers via subnet is painstaking. There's the old "get a list from xxx and search from that list" trick, but computers constantly change, they must be turned on to successfully audit, and what if they are off at that very moment of your audit? Some were always falling through the cracks.
There is only one constant - any time a person here logs in, they run our login script. Period. I've found not exceptions (hope not, I set it up that...

Peter_007 | 19 Apr 2009 | 7 comments

My computer is suffered by virus which goes on creating .exe files of folder name inside the folder
It also cuurpted my antivirus
It slowed down my pc
regsvr proces is consuming more cpu memory

Please help me out