Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog
Showing posts tagged with Tip/How to
Showing posts in English
Michel Ramirez | 11 Jun 2009 | 0 comments

Hello Everyone!
The user group board of directors would like to thank everyone who attended the meeting. I have gone ahead and attached the slides from the two presentations that took place. If anyone would like to present or host a future meeting please let us know. Also please spread the word about our group! The experience and knowledge of our group grows with each new member.

MattBarber | 08 Jun 2009 | 0 comments

If you ever have a question of whether or not your data is actually getting into the SEPM, a good first place to check would be in the following location:  Depending on your install directory (mine is D:\) navigate to \Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\agentinfo.  This is where information enters the SEPM from the clients.  You should be able to watch data come in and out of this folder.  There should only be a handful of files (at most) in this location.  This is a very helpful troubleshooting step when there is concern about getting data from the clients into the SEPM.  Believe it or not, a repair on the SEPM can get data flowing again if you are having this issue.  Remember never install a Maintenance pack without installing the cooresponding Maintenance Release first, even if Symantec Support tells you to.  ie, install MR .4000 before installing MP .4014.  Seems very basic,...

Kedar Mohile | 05 Jun 2009 | 5 comments

After you configure database maintenance options, the new options are applied at midnight, and not immediately.

To configure the database options:

  1. In the console, click Admin > Servers, and then select a site.
  2. Under Tasks, click Edit Site Properties, and then click the Database tab.

To configure the management server to apply the database maintenance options immediately, you can configure the file.

To configure the file:

  1. Open the file, located in the C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\etc directory by default.
  2. Change the following parameters:
  • Change scm.object.idletime=3600000 (in milliseconds) to a smaller number. The default setting is 1 month.
  • Change scm.timer.objectsweep=900 (in seconds) to a smaller number.The default setting...
MattBarber | 04 Jun 2009 | 0 comments

This is a basic but helpful approach to environments with one SEPM and many locations with small numbers of clients.

We have deployed SEP to our retail locations (approx. 160) where each store is it's own group of clients and each store falls into one of eight retail regions.  The way to get SEP clients to report to a specific group after install is to export the install package from the SEPM and associate it with a particular group.  We have had much success with creating a "Deployment" group within the console and exporting an install package from this group.  This way we install all of our retail locations to this group, and we can manually assign clients to their appropriate group via the Symantec Console.  Each store uses all the same policies (shared) except for their LiveUpdate policy, which is a non-shared policy used to identify a GUP for each store.  So far this has gone very well, and rollout went from being a "...

Marie Coon | 01 Jun 2009 | 2 comments

As a Symantec Data Loss Prevention (DLP) customer, you have access to thousands of DLP technical solutions contained within the Symantec DLP Knowledgebase.

To get to the Knowledgebase, go to: or select a specific Vontu/Symantec product from our support page at:

and click the Knowledgebase button located on the upper right-hand side of the page.

If you do not have an account click on the “New User? Request Access Link”

Note: You must be a DLP customer to gain access to the knowledgebase.

An added benefit to the Knowledgebase is the ability to sign up for alerts regarding New Hotfixes/New Release Notifications, and other...

Bored Silly | 28 May 2009 | 7 comments

A Zero-Day virus is defined as, "a previously-unknown computer virus or other malware for which specific antivirus software signatures are not yet available."    Everybody has their different tricks and techniques when it comes to dealing with Zero-Day remediation.  This is what I do when someone calls me suspecting they are infected on my network.

1. You’ll need a copy of the PSLIST tool from the Sysinternals or PSTools Suite. From a command prompt launch: PSLIST -s \\computer-name or PSLIST \\computer-name

  • Note: Drop the -s to see a static view of the processes but keep in mind that some malware only stays visible for seconds or will constantly change it's port numbers.
  • Note #2: You hit ESC to exit the -s mode

2. Examine the list of running processes to see...

stebro | 26 May 2009 | 2 comments

The Symantec Endpoint Protection Integration Component 7.0 provides integration between the Symantec Management Platform 7 and Symantec Endpoint Protection 11.

Features include:

Antivirus Inventory

Identifies installed endpoint security products from Symantec, McAfee, Trend, Sophos, CA, F-Secure, Kaspersky, and ESET
Details on Symantec Endpoint Protection client
Symantec Endpoint Protection Client Migration Job

Task based uninstall, restart, and Symantec Endpoint Protection Installation
Tasks can be customized for and blended with any Task Server task
Symantec Endpoint Protection Client Tasks

Full and Quick Virus Scans
Update virus definition and other security content
Repair Symantec Endpoint Protection client

Antivirus summary
Computers with Tamper Protection enabled
Migration details including installation failure feedback
Benefits include:


riva11 | 25 May 2009 | 0 comments

Do you need to know open ports on your servers ? Try CurrPorts by Nirsoft , this helpful tool allows to Monitor TCP/IP Network connection on your Windows computers.
No installation needed, just download the exe file from the dowload link and start to scan your target system.

CurrPorts displays the list of all currently opened TCP/IP and UDP ports on your local computer. For each port in the list, information about the process that opened the port is also displayed, including the process name, full path of the process, version information of the process (product name, file description, and so on), the time that the process was created, and the user that created it.
In addition, CurrPorts allows you to close unwanted TCP connections, kill the process that opened the ports, and save the TCP/UDP ports information to HTML file , XML file, or to tab-delimited text file.
CurrPorts also automatically mark with pink color...

EtsukoK | 19 May 2009 | 5 comments

Today, Symantec will participate in the 2009 Phoenix Awards at the National Small Business Week event in Washington D.C. Since 1998, the Small Business Association has given the Phoenix Award to business owners, public officials and volunteers who displayed selflessness, ingenuity and tenacity in the aftermath of a disaster, while contributing to the rebuilding of their communities.

Losing critical information in the wake of a disaster can be crippling for a small business and it is critical for small businesses to establish a disaster recovery plan. By putting basic best practices to action companies can protect against data loss and system downtime, establish business continuity and ensure rapid recovery from a disaster.

We’ve put together a list of simple tips that can help small business easily develop a disaster recovery strategy:
1. Know what needs to be secure and protected – This data includes customer information, human...

Gina Sheibley | 12 May 2009 | 1 comment

Direct Agents, a New York city-based advertising agency with 40 employees, is in a small majority of SMBs that have implemented an effective security system. An April 2009 Symantec survey on the storage and security in small and mid-sized businesses found that while SMBs are familiar with cyber risks and have clearly defined goals for security and storage, a surprisingly high number (33%) have yet to take even the most basic steps towards protecting their businesses, such as implementing antivirus or backing up their data.

As an advertising agency focused on interactive, online media, Direct Agents employees spend their workdays visiting websites and reading email that other companies might consider suspect. For that reason, protection at Direct Agents needs to occur at each individual computer. Because the company...