Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog
Showing posts tagged with 12.x
Showing posts in English
Chetan Savade | 21 Feb 2014 | 3 comments

Hello,

Symantec Endpoint Protection 12.1.4a and 11.0.7.4a has been released on Feb 13' 2014.

The Builds version is: 12.1.4023.4080

SEP released version details are available here: https://www-secure.symantec.com/connect/articles/what-are-symantec-endpoint-protection-sep-versions-released-officially

Download here Symantec Endpoint Protection 12.1.4a and 11.0.7.4a :

https://symantec.flexnetoperations.com/control/symc/registeranonymouslicensetoken

SEP 12.1 Enterprise Edition:

12.4a_1.jpg

For Small Business Customer 12.1:

...

SebastianZ | 11 Feb 2014 | 0 comments

Microsoft Security Bulletin

On Tuesday the 11th of February Microsoft released the monthly Security Bulletin Summary for February 2014. The summary includes 7 Security Bulletins - 4 are classified as critical; 3 as important:

 

  • MS14-010    Cumulative Security Update for Internet Explorer (2909921)

Vulnerability impact: Critical - Remote Code Execution
Affected Software:
Microsoft Windows, Internet ExplorerSumamry

  • MS14-011    Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (2928390)

Vulnerability impact: Critical - Remote Code Execution
Affected Software: Microsoft Windows

  • MS14-007    Vulnerability in Direct2D Could Allow Remote Code Execution...
The Conquistador | 07 Feb 2014 | 2 comments

I have come across some instances where servers would have failing services or instances where they would have perticularly unusual behavior. Typically resulting in a restart of the services or the server. Even with the most current version of SEP, malicious/dangerous files can still be hidden. I have had a few cases where I ran complete windows updates and have found malicious files that SEP did not detect. I have come to learn that SEP alone cannot get rid of every threat out there, so I make sure that my systems are up to date and alerts are in place if anything occurs. The approach I will use is to run a complete scan of a suspected machine, clean and make sure it is up to date. I would advise caution depending on what your server is utilized for.

I would continue to make sure that it is current with Windows and SEP updates. If there is an instance that is repetitive there is a pretty large chance that this is an undetced infection.

The Conquistador | 24 Jan 2014 | 1 comment

Here is how I corrected this

Baseline Filtering Engine service issue.

Good day everyone, here are the steps that worked for me with the BFE issue.

Error Code 0x80070424 with Windows Firewall and "Base Filtering Engine Service" Not available in services database list.

 

danma_

danma_

13,009 Points 10 3 3

Recent Achievements

Ratings Board President Blog Party Starter New Wiki Editor

View Profile

26 Dec 2011 11:44 PM

  • Comments 261
  • ...
SebastianZ | 15 Jan 2014 | 2 comments

Microsoft Security Bulletin

On Tuesday the 14th of January Microsoft released the monthly Security Bulletin Summary for January 2014. The summary includes 4 Security Bulletins that cover altogether 6 CVEs - all are classified as important:

 

  • MS14-001    Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2916605)

Vulnerability impact: Remote Code Execution
Word Memory Corruption Vulnerability    CVE-2014-0258
Word Memory Corruption Vulnerability    CVE-2014-0259
Word Memory Corruption Vulnerability    CVE-2014-0260

  • MS14-002    Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2914368)

Vulnerability impact: Elevation of Privilege
Kernel NDProxy...

SebastianZ | 10 Jan 2014 | 0 comments

January 9, 2014 - Symantec has posted SYM14-001 Security Advisories relating to Symantec Products - Symantec Endpoint Protection Privilege Assumption, Policy Bypass, Local Elevation of Privilege. This is medium severity vulnerability. Detailed information about the vulnerabilities and what SEP builds are affected can be found at:

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140109_00

 

The vulnerabilities have been already resolved in latest releases of Symantec Endpoint Protection. Additionally as part of standard best practices it is advised to update to the latest version possible, keep all operating systems with...

SebastianZ | 09 Jan 2014 | 3 comments

As per Microsoft Support Lifecycle Policy both Windows XP SP3 and Office 2003 will reach end of support on April 8, 2014. The end of support means that after this date there will be no new security updates, non-security hotfixes or patches for both those products available. Technical support for XP from Microsoft will also not be available any more. Running XP SP3 (or lower) and Office 2003 after the end of support date may expose the company to potential security and compliance risks. Worth consideration is also fact that aside of vulnerable system it is expected for several third party software vendors to stop support of their applications on XP Platform after April 2014 as well - this ads additional danger of vulnerable applications and multiplies the possible infection vectors.

For Symantec Endpoint Protection customers running SEP 11.x and 12.1 on XP platform - Symantec will continue releasing definitions for all so...

SebastianZ | 02 Jan 2014 | 0 comments

Last week Trend has reported about a new variant of Cryptolocker worm. In Trend Micro terminology -> WORM_CRILOCK.A (http://about-threats.trendmicro.com/us/malware/worm_crilock.a) - this is being detected by Symantec as Trojan.Cryptolocker.B (http://www.symantec.com/security_response/writeup.jsp?docid=2013-122312-5826-99). In a difference to previous variants of Cryptolocker this particular variant spreads over removable devices. Another significant difference is that it does not rely on a malware downloader routine any more to infect the systems but instead works as activator for software like Office or Adobe Photoshop in P2P sites.

 

Reference:
New...

Brandon Noble | 30 Dec 2013 | 2 comments

I guess we need to face it. Sality is here to stay.

We have been dealing with new Sality variants for more than 8 years and the Sality.AE family for a little over 5…the variants keep coming. It has become one of the most common file infectors reported by Enterprise customers. With its ability to move through shares and disable AV, it’s one of the most destructive and tricky threats we have out there. That said, it’s not too hard to stop, provided you have two things. The first is an understanding of how it spreads and infects, the second is a willingness to mount the proper defense while you seek out the hidden pockets of this threat and eradicate it.

So, first things first. How does it spread?

This is a file infector and it can only spread through shares. Its uses two methods, I refer to as a “Push” and a “Pull” to infect. Managing these attacks will keep the threat from spreading to more computers.

 

...

Mithun Sanghavi | 23 Dec 2013 | 0 comments
Release Updates (RUx) typically contain a significant number of fixes and may include feature-work or enhancements.  The current Release Update is considered the latest release of the product and is the appropriate version for most customers performing a new install or upgrading from an earlier release or build of the product.
 
Maintenance Patches (RUx MPx) contain a small number of fixes for specific customer issues and are based on a specific RU.  MPs can only be applied against the specific Release Update upon which they are based, e.g., RU6 MP1 can only be applied against RU6.  Maintenance Patches are appropriate for customers experiencing an issue that is resolved in the Maintenance Patch.

RTM - Release To Manufacturing

MR - Maintenance Release (Now replaced by the term "RU")

RU - Release Update...