Video Screencast Help
Security Community Blog
Showing posts tagged with 12.1
Showing posts in English
Brandon Noble | 01 Aug 2014 | 0 comments

Security Response is aware of an alert from US-CERT regarding a threat they are calling Backoff. This threat family is reported to target Point of Sale machines with the purpose of logging key strokes and scraping memory for data (like credit card info) and then exfiltrating the data to the attacker.

Symantec Security Response is currently investigating this threat family and is working to obtain samples that were mentioned in the IOC section of the CERT alert. All detections for threat files have been, or will, be mapped to: Trojan.Backoff

Detection information:
AV:      Trojan.Backoff – available in RR def 20140731.025 (156267)
IPS:   ...

SebastianZ | 14 Jul 2014 | 0 comments

The newest version of LiveUpdate Administrator (LUA) - 2.3.3 has been released.

The version can be downloaded from here: http://www.symantec.com/docs/TECH134809

 

What's new in LiveUpdate Administrator 2.3.3

  • System requirements:

You can upgrade from 2.2.2.9 through 2.3.2 to 2.3.3.LiveUpdate is packaged with Apache Tomcat version 7.0.54 and PostgreSQL version 9.3.1. See “System requirements for LiveUpdate Administrator” on page 6.

  • Installation changes

When you install LiveUpdate Administrator, the installation folder, temporary folder, and download folder cannot be empty. Also, the root drive (such as C:\ or D:\) must use a subfolder that does not contain other files. The subfolder should use a local path, as network paths are not allowed.

...
Chetan Savade | 21 May 2014 | 1 comment

Hi,

PowerShell script to validate that all machines in your OU have Symantec Endpoint Protection (SEP) anti-virus client installed and started. Generates a color-coded Excel report highlighting problematic nodes.

Refer this link and download the script from here: http://gallery.technet.microsoft.com/scriptcenter/Symantec-Endpoint-8e47c450

Reference link: http://www.reddit.com/r/sysadmin/comments/25mtye/finding_symantec_endpoint_clients_on_network/

Note: This method is not supported by Symantec. Symantec recommends to use unmanaged detector.

Chetan Savade | 17 Apr 2014 | 26 comments

Hello Everyone,

Symantec Endpoint Protection 12.1 Release Update 4 Maintenance Patch 1A (12.1.4104.4130 - 12.1 RU4 MP1a) English has been released and is now available for customers to download on FlexNet. This new SEPM release addresses the OpenSSL “Heart Bleed” vulnerability. Additional language versions will become available throughout the week.

Please refer to the following KB article for additional detail:

Is Symantec Endpoint Protection affected by the Heartbleed OpenSSL vulnerability (CVE-2014-0160)

  • The new SEPM build is labeled RU4 MP1a with a version number of 12.1.4104.4130.
  • This version of the SEPM is supported for migrations over any version of the SEPM (Customer does not need to update to RU4 prior to applying the MP1a)
  • The only...
Chetan Savade | 03 Apr 2014 | 70 comments

Hello Everyone,

Symantec Endpoint Protection 12 RU4 MP1 is released.

This build's version is: 12.1.4100.4126

What's new in this release:

Extended upgrade support

  • Unlike most maintenance patch releases, you can upgrade any version of Symantec Endpoint Protection directly to 12.1.4.1. Unsupported downgrade paths still apply.

Expanded operating system support

  • The Symantec Endpoint Protection (SEP) client is now supported on Windows To Go (Windows 8.1 Enterprise).
  • Symantec Endpoint Protection Manager (SEPM), the SEP client, and the Symantec Network Access Control client are now supported on Windows 8.1 Update 1.
  • SEPM, the SEP client, and the Symantec Network Access Control client are now supported on Windows Server 2012 R2 Update 1

Note: If in case you do not see the SEP 12 RU4 MP1 Release on...

Mithun Sanghavi | 31 Mar 2014 | 4 comments

Symantec Endpoint Protection receives the AV-TEST AWARD FOR BEST PERFORMANCE 2013

AV-AWARD-Performance-Symantec-Endpoint-Protection_01_9d2b025116.png

Corporate Users (Windows): Symantec Endpoint Protection

The AV-TEST AWARD FOR BEST PERFORMANCE 2013 is presented to the security software that has the least influence upon a system once installed.

The tests that are carried out involve typical activities such as loading websites, downloading software, installing and starting up programs and copying files.

To check the regular test results - http...

SebastianZ | 13 Mar 2014 | 0 comments

Symantec Help (SymHelp) is a diagnostic utility used to help automate support for multiple Symantec products.  SymHelp features a new utility, the Threat Analysis Scan, that can help to identify suspicious files on a system.  This new feature replaces the previously known Load Point Analysis and Power Eraser tools.

Use the Threat Analysis Scan when you believe there might be malware on a system but security software is either unable to detect it or to remediate it. The Threat Analysis Scan can help to identify the following types of malware

  • New variants of existing threats that are not detected by the current definition sets
  • Fake antivirus applications and other rogueware
  • Rootkits
  • System settings that have been tampered with maliciously

Because the Threat Analysis Scan uses aggressive heuristics to detect these threats, there is a risk that...

Brian Burch | 25 Feb 2014 | 0 comments

Over the next few weeks, 23 million small businesses will file their taxes.[1]  While many of these companies are investing time and money to identify their 2013 tax deductions,  most don’t realize that small businesses like theirs are being identified as online targets—an oversight that could result in devastating financial loss for their business.  And at tax time, small businesses are especially lucrative targets for cybercriminals, particularly in the BYOD era where work and personal data is accessed on the same device, including bank records and sensitive emails.

In today’s interconnected world, organized crime syndicates utilize a variety of malicious tax-themed scams designed to lure victims and steal important financial information. For example, Symantec has detected a rise in tax-season-specific ‘phishing’ scams—referring to the attempted theft of sensitive information such as usernames, passwords, or...

SebastianZ | 11 Feb 2014 | 0 comments

Microsoft Security Bulletin

On Tuesday the 11th of February Microsoft released the monthly Security Bulletin Summary for February 2014. The summary includes 7 Security Bulletins - 4 are classified as critical; 3 as important:

 

  • MS14-010    Cumulative Security Update for Internet Explorer (2909921)

Vulnerability impact: Critical - Remote Code Execution
Affected Software:
Microsoft Windows, Internet ExplorerSumamry

  • MS14-011    Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (2928390)

Vulnerability impact: Critical - Remote Code Execution
Affected Software: Microsoft Windows

  • MS14-007    Vulnerability in Direct2D Could Allow Remote Code Execution...
SebastianZ | 15 Jan 2014 | 2 comments

Microsoft Security Bulletin

On Tuesday the 14th of January Microsoft released the monthly Security Bulletin Summary for January 2014. The summary includes 4 Security Bulletins that cover altogether 6 CVEs - all are classified as important:

 

  • MS14-001    Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2916605)

Vulnerability impact: Remote Code Execution
Word Memory Corruption Vulnerability    CVE-2014-0258
Word Memory Corruption Vulnerability    CVE-2014-0259
Word Memory Corruption Vulnerability    CVE-2014-0260

  • MS14-002    Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2914368)

Vulnerability impact: Elevation of Privilege
Kernel NDProxy...