Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog
Showing posts tagged with 12.x
Showing posts in English
Kari Ann | 05 Nov 2014 | 5 comments

Today, Symantec released a new security advisory impacting older versions of the Symantec Endpoint Protection Manager (SEPM). Product engineering teams have worked closely with SEC Consult Vulnerability Lab and @virtualminds_es to verify the vulnerabilities. The latest release, SEPM 12.1.5, is available on FileConnect and contains updates that prevent the issues and should be installed to prevent infection.

The issues affect XML External Entity Injection, reflected cross-site scripting and the potential for arbitrary file write/overwrite. The vulnerabilities are considered medium to high severity. With normal SEPM installation the affected port(s) should not be accessible without gaining initial access to the network. Successful exploitation of these vulnerabilities could result in unauthorized user-level access to the SEPM, elevated or application-level access on a server, or...

Dhasan | 09 Oct 2014 | 1 comment

SEPM home page dash board is not updating quickly

After SEP client installation shows under up-to-date category even though the client is not up-to-date

This is observed if we install SEP Client using the package exported from SEPM a month or week ago...and the LU policy is set not to download updates from SEPM or directly from Symantec...that client goes to up-to-date category then after long time..it disappears from that then it goes to out-of-date..

AV - up to date.png

av -up to date.jpg

av -up to date 1.jpg

Dhasan | 29 Sep 2014 | 0 comments

Issue : Non-English character is not showing up in Symantec Endpoint Protection Manager reports in Excel

Cause : SEPM compatible with UTF-8 encoding

Solution :

1. Open the CSV report file in Notepad.

2. Click on save as 'UTF-8' under encoding.

3. Then Open CSV in Excel.

Christopher Johnson | 16 Sep 2014 | 0 comments

On September 15, 2014, Symantec issued a SONAR release via Live Update definitions, which erroneously detected some low prevalence files as malicious. The false positive was reported as a SONAR.SuspLaunch detection.

Symantec discovered the issue and had a roll back release available to the field within forty five minutes.  But unfortunately some customers were affected by the issue.  All customers with current SONAR definitions  will not be affected by the issue. The problem has been corrected.

Symantec is currently addressing the internal factors that caused the problem and will make the proper changes to ensure we do not repeat this issue.

Chetan Savade | 27 Aug 2014 | 12 comments

#Updated: 22nd September'2014

This blog contains all the versions of SEP and SEPM (Symantec Endpoint Protection Manager) which were released since the first version of SEP in Sep 2007.

It contains the Enterprise Editions (EE) and Small Business Editions (SBE)

RTM - Release To Manufacturing

MR - Maintenance Release (replaced by RU)

RU - Release Update

MP - Maintenance Pack

PP - Point Pack

                            SEP Enterprise Edition/Small Business Edtion 12.1.x

Note: SEP 12.1 Enterprise Edition & Small Business Edition have the same version code and product name.

 Name

 Version

  Release date (English)

Release Notes

 RTM

 12.1.671.4971   

...

Kari Ann | 21 Aug 2014 | 1 comment

Demand for cyber-security professionals is growing twice as fast as other IT jobs, according to the report by Burning Glass, and the availability of necessary skills appears to be “outstripping supply.” Given the complex and competitive environment, how do cyber-security professionals keep up with the expertise required to move endpoints “beyond antivirus” in today’s digital age? 

Complex threats and internal challenges require focus on building an architecture with efficiency and effectiveness. A solid endpoint security architecture under-pins every foundation from the small-business to even the most complex enterprise. 

With constrained resources, is it possible to improve your security architecture without spending another cent? 

The simplest place to start is with Symantec’s...

Kari Ann | 07 Aug 2014 | 4 comments

The prevalence of zero-day vulnerabilities hit close to home this week when a North American penetration tester published a report claiming they had found a vulnerability in Symantec Endpoint Protection. The reality of Symantec’s ISTR vo. 19 seeing a 64%* increase in zero-day discoveries last year came alive as the Endpoint Protection product team reacted quickly to confirm and respond to the risk with a patch (available on FileConnect).

To date, no known compromise has been reported due to this medium severity vulnerability. The issue affects the Application and Device Control component of Symantec Endpoint Protection. If exploited, it could result in a client crash, denial of service or, if successful, escalate to admin privileges and gain control of the system.

It’s important to note that the vulnerability is not...

Brandon Noble | 01 Aug 2014 | 0 comments

Security Response is aware of an alert from US-CERT regarding a threat they are calling Backoff. This threat family is reported to target Point of Sale machines with the purpose of logging key strokes and scraping memory for data (like credit card info) and then exfiltrating the data to the attacker.

Symantec Security Response is currently investigating this threat family and is working to obtain samples that were mentioned in the IOC section of the CERT alert. All detections for threat files have been, or will, be mapped to: Trojan.Backoff

Detection information:
AV:      Trojan.Backoff – available in RR def 20140731.025 (156267)
IPS:   ...

SebastianZ | 17 Jul 2014 | 0 comments

Following Security Bulletins have been released in July 2014:

Microsoft

Microsoft Security Bulletin Summary for July 2014

https://technet.microsoft.com/library/security/ms14-jul

Symantec product detections for Microsoft monthly Security Advisories - July 2014

http://www.symantec.com/docs/TECH146537

MS14-037

Cumulative Security Update for Internet Explorer (2975687)

Critical 

Remote Code Execution

MS14-038

Vulnerability in Windows Journal Could Allow Remote Code Execution (2975689)

...
ryanschoenherr | 08 Jul 2014 | 0 comments

Need complete visibility into your environment?  Do you find yourself reactive to breaches or always behind intrusions?  MetriX dashboards can provide complete visibility into your security environment and give you the power to be proactive!

Check out MetriXdashboards for more information and ways to utilize MetriX to increase your efficiency.

EP dashboard.png

DLP dashboard.png

For more information or to schedule a demo please contact:

Ryan Schoenherr

810-877-1743

...