Video Screencast Help
Security Community Blog
Showing posts tagged with 12.x
Showing posts in English
Wally | 08 Apr 2014 | 0 comments

In addtion to the steps to follow in HOWTO54944 Licensing an unmanaged client,  after the .slf file is placed in the client's inbox as described in the HOWTO article, check the client's system log.

In the client's UI - VIEW LOGS>Client Management Log>System Log.  An entry appears that states "The client has successfully applied a license file (nnnnnnnn) from the inbox.", where nnnnnnnn is the name of the license file.

Some time after the license file is applied, another entry appears - "[Client authentication token request} Information submitted to Symantec]  Size bytes (nnn)" where nnn is the length of the CAT request.

If a valid license is not present, the CAT request will fail.

Muad'Dib | 03 Apr 2014 | 0 comments

I ran into an issue changing the Installed Feature set on clients and i wanted to share my solution.

I was following the below tech Article on how to add or remove features:

http://www.symantec.com/docs/TECH90936

What was happening is that when the client received the new Install Package with the updated feature set, the client would never update its installed features.

For example, if i had a client group which was installed without the Firewall feature, but then i wanted to add the Firewall feature it would not install.

After tons of searching around i found the following VERY helpful post:

https://www-secure.symantec.com/connect/forums/remove-sep-components-update-content

My situation was very similar. If the client was upgrading versions (for example from 12.1 RU3 to 12.1...

Chetan Savade | 03 Apr 2014 | 65 comments

Hello Everyone,

Symantec Endpoint Protection 12 RU4 MP1 is released.

This build's version is: 12.1.4100.4126

What's new in this release:

Extended upgrade support

  • Unlike most maintenance patch releases, you can upgrade any version of Symantec Endpoint Protection directly to 12.1.4.1. Unsupported downgrade paths still apply.

Expanded operating system support

  • The Symantec Endpoint Protection (SEP) client is now supported on Windows To Go (Windows 8.1 Enterprise).
  • Symantec Endpoint Protection Manager (SEPM), the SEP client, and the Symantec Network Access Control client are now supported on Windows 8.1 Update 1.
  • SEPM, the SEP client, and the Symantec Network Access Control client are now supported on Windows Server 2012 R2 Update 1

Note: If in case you do not see the SEP 12 RU4 MP1 Release on...

Mithun Sanghavi | 31 Mar 2014 | 4 comments

Symantec Endpoint Protection receives the AV-TEST AWARD FOR BEST PERFORMANCE 2013

AV-AWARD-Performance-Symantec-Endpoint-Protection_01_9d2b025116.png

Corporate Users (Windows): Symantec Endpoint Protection

The AV-TEST AWARD FOR BEST PERFORMANCE 2013 is presented to the security software that has the least influence upon a system once installed.

The tests that are carried out involve typical activities such as loading websites, downloading software, installing and starting up programs and copying files.

To check the regular test results - http...

The Conquistador | 14 Mar 2014 | 8 comments

Checklist for scanning suspicious files
1.    Disconnect any drive mappings and check to see if the PC has any shared folders
2.    Stop the shares if they are present, they can be reestablished if necessary after cleanup
3.    Take the PC OFF the network
4.    Check disk space, lack of disk space can cause multiple issues
5.    Check to see if any users have local admin rights, if they do, remove them
6.    Check the “Run” Key in the registry for any suspicious entries (Check on HKEY_LOCAL_MACHINE AND     HKEY_CURRENT_USER
    Delete any suspicious entries from
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
7.    Check for old windows user profiles, check with...

SebastianZ | 13 Mar 2014 | 0 comments

Symantec Help (SymHelp) is a diagnostic utility used to help automate support for multiple Symantec products.  SymHelp features a new utility, the Threat Analysis Scan, that can help to identify suspicious files on a system.  This new feature replaces the previously known Load Point Analysis and Power Eraser tools.

Use the Threat Analysis Scan when you believe there might be malware on a system but security software is either unable to detect it or to remediate it. The Threat Analysis Scan can help to identify the following types of malware

  • New variants of existing threats that are not detected by the current definition sets
  • Fake antivirus applications and other rogueware
  • Rootkits
  • System settings that have been tampered with maliciously

Because the Threat Analysis Scan uses aggressive heuristics to detect these threats, there is a risk that...

Chetan Savade | 21 Feb 2014 | 3 comments

Hello,

Symantec Endpoint Protection 12.1.4a and 11.0.7.4a has been released on Feb 13' 2014.

The Builds version is: 12.1.4023.4080

SEP released version details are available here: https://www-secure.symantec.com/connect/articles/what-are-symantec-endpoint-protection-sep-versions-released-officially

Download here Symantec Endpoint Protection 12.1.4a and 11.0.7.4a :

https://symantec.flexnetoperations.com/control/symc/registeranonymouslicensetoken

SEP 12.1 Enterprise Edition:

12.4a_1.jpg

For Small Business Customer 12.1:

...

SebastianZ | 11 Feb 2014 | 0 comments

Microsoft Security Bulletin

On Tuesday the 11th of February Microsoft released the monthly Security Bulletin Summary for February 2014. The summary includes 7 Security Bulletins - 4 are classified as critical; 3 as important:

 

  • MS14-010    Cumulative Security Update for Internet Explorer (2909921)

Vulnerability impact: Critical - Remote Code Execution
Affected Software:
Microsoft Windows, Internet ExplorerSumamry

  • MS14-011    Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (2928390)

Vulnerability impact: Critical - Remote Code Execution
Affected Software: Microsoft Windows

  • MS14-007    Vulnerability in Direct2D Could Allow Remote Code Execution...
The Conquistador | 07 Feb 2014 | 2 comments

I have come across some instances where servers would have failing services or instances where they would have perticularly unusual behavior. Typically resulting in a restart of the services or the server. Even with the most current version of SEP, malicious/dangerous files can still be hidden. I have had a few cases where I ran complete windows updates and have found malicious files that SEP did not detect. I have come to learn that SEP alone cannot get rid of every threat out there, so I make sure that my systems are up to date and alerts are in place if anything occurs. The approach I will use is to run a complete scan of a suspected machine, clean and make sure it is up to date. I would advise caution depending on what your server is utilized for.

I would continue to make sure that it is current with Windows and SEP updates. If there is an instance that is repetitive there is a pretty large chance that this is an undetced infection.

The Conquistador | 24 Jan 2014 | 1 comment

Here is how I corrected this

Baseline Filtering Engine service issue.

Good day everyone, here are the steps that worked for me with the BFE issue.

Error Code 0x80070424 with Windows Firewall and "Base Filtering Engine Service" Not available in services database list.

 

danma_

danma_

13,009 Points 10 3 3

Recent Achievements

Ratings Board President Blog Party Starter New Wiki Editor

View Profile

26 Dec 2011 11:44 PM

  • Comments 261
  • ...