Video Screencast Help
Security Community Blog
Showing posts tagged with 12.x
Showing posts in English
Mithun Sanghavi | 02 Oct 2012 | 4 comments

 

The Latest version of LiveUpdate Administrator (LUA) version 2.3.2 is now available.

Contact Symantec Technical Support to grab the Latest Copy of LiveUpdate Administrator (LUA) version 2.3.2

The installation file (147.35 MB) and will later be included on the SEP 12.1 RU2 DVD’s (SEP 12.1 RU2 is yet to be released)

Some of the features included in this release

  • Packaged with Apache Tomcat version 7.0.26 and PostgreSQL version 9.1.3.
  • Packaged with JRE 1.7 (private JRE, automatically bundled, installed and configured by the LUA installer).
  • Enhanced security with advanced features to protect the User Interface from certain attacks.
  • Added the ability to modify the LUA download directory path at any time (not just at install time).
  • Product Catalog will now automatically update to ensure catalog changes become available without any user...
Khi02 | 18 Aug 2014 | 0 comments

Security response team is doing their best towards identifying the Bots in our organization, whenever we submit the logs they will react in a very quick manner and update us with result. The botnet tracker tends to decrease down day by day and now it is very much controlled by following the best practises.

 

 

Kari Ann | 07 Aug 2014 | 4 comments

The prevalence of zero-day vulnerabilities hit close to home this week when a North American penetration tester published a report claiming they had found a vulnerability in Symantec Endpoint Protection. The reality of Symantec’s ISTR vo. 19 seeing a 64%* increase in zero-day discoveries last year came alive as the Endpoint Protection product team reacted quickly to confirm and respond to the risk with a patch (available on FileConnect).

To date, no known compromise has been reported due to this medium severity vulnerability. The issue affects the Application and Device Control component of Symantec Endpoint Protection. If exploited, it could result in a client crash, denial of service or, if successful, escalate to admin privileges and gain control of the system.

It’s important to note that the vulnerability is not...

Brandon Noble | 01 Aug 2014 | 0 comments

Security Response is aware of an alert from US-CERT regarding a threat they are calling Backoff. This threat family is reported to target Point of Sale machines with the purpose of logging key strokes and scraping memory for data (like credit card info) and then exfiltrating the data to the attacker.

Symantec Security Response is currently investigating this threat family and is working to obtain samples that were mentioned in the IOC section of the CERT alert. All detections for threat files have been, or will, be mapped to: Trojan.Backoff

Detection information:
AV:      Trojan.Backoff – available in RR def 20140731.025 (156267)
IPS:     Under investigation
XPE:    W32/Trojan3.JRS

...

SebastianZ | 17 Jul 2014 | 0 comments

Following Security Bulletins have been released in July 2014:

 

Microsoft

Microsoft Security Bulletin Summary for July 2014

https://technet.microsoft.com/library/security/ms14-jul

Symantec product detections for Microsoft monthly Security Advisories - July 2014

http://www.symantec.com/docs/TECH146537

 

MS14-037

Cumulative Security Update for Internet Explorer (2975687)

Critical 

Remote Code Execution

MS14-038

Vulnerability in Windows Journal Could Allow Remote Code Execution (2975689)

...
ryanschoenherr | 08 Jul 2014 | 0 comments

Need complete visibility into your environment?  Do you find yourself reactive to breaches or always behind intrusions?  MetriX dashboards can provide complete visibility into your security environment and give you the power to be proactive!

 

Check out MetriXdashboards for more information and ways to utilize MetriX to increase your efficiency.

 

EP dashboard.png

DLP dashboard.png

 

For more information or to schedule a demo please contact:

Ryan Schoenherr

810-877-1743

...

The Conquistador | 22 May 2014 | 0 comments

Every now and then I come across infections that are not picked up by SEP, or they happen to be picked up by SEP, but they only register "newly infected" or "Still infected"
The worst thing about these types of infections is there is not much on the surface. Some malware will stand out at you and pretty much tell you, "HEY YOU ARE INFECTED" by running it's own "level of protection" This will prevent you from running other programs or even accessing the internet to get files that can be beneficial in cleaning out this mess.

I have noticed that whenever things like this occur, I have to either google and/or download different parts of programs even though I already have an AV Program installed. One of the things I do is download MalwareBytes Anti Malware and the Norton Power eraser. These have been the two most powerful tools I have had in cleaning up infected files.
Once run, I am able to make great progress and get a PC/Server back on track....

Chetan Savade | 21 May 2014 | 1 comment

Hi,

PowerShell script to validate that all machines in your OU have Symantec Endpoint Protection (SEP) anti-virus client installed and started. Generates a color-coded Excel report highlighting problematic nodes.

Refer this link and download the script from here: http://gallery.technet.microsoft.com/scriptcenter/Symantec-Endpoint-8e47c450

Reference link: http://www.reddit.com/r/sysadmin/comments/25mtye/finding_symantec_endpoint_clients_on_network/

Note: This method is not supported by Symantec. Symantec recommends to use unmanaged detector.

BalaP | 17 Apr 2014 | 0 comments

Symantec has released Endpoint Protection 12.1.4.1a (12.1.4.4130).

This release resolves the Heartbleed OpenSSL vulnerability

http://www.symantec.com/docs/AL1555

Chetan Savade | 17 Apr 2014 | 26 comments

Hello Everyone,

Symantec Endpoint Protection 12.1 Release Update 4 Maintenance Patch 1A (12.1.4104.4130 - 12.1 RU4 MP1a) English has been released and is now available for customers to download on FlexNet. This new SEPM release addresses the OpenSSL “Heart Bleed” vulnerability. Additional language versions will become available throughout the week.

Please refer to the following KB article for additional detail:

Is Symantec Endpoint Protection affected by the Heartbleed OpenSSL vulnerability (CVE-2014-0160)

  • The new SEPM build is labeled RU4 MP1a with a version number of 12.1.4104.4130.
  • This version of the SEPM is supported for migrations over any version of the SEPM (Customer does not need to update to RU4 prior to applying the MP1a)
  • The only...