Video Screencast Help
Security Community Blog
Showing posts in English
Vicky P | 02 May 2013 | 0 comments

Minutes and Upgrade presentation are attached.

MFox70 | 01 May 2013 | 1 comment

Whitelisting has been a buzzword used in the industry for the past 18 months or so, and is seen by some as a Panacea to beat Malware spreading within organisations and control threats inside your environment. Indeed, some of Symantec’s products use Whitelisting as an additional method of controlling software behaviour and limiting the applications that employees can or cannot use.


Whitelisting generally involves a process of learning exactly which applications, operating system components and hardware drivers are installed on a server or workstation, collating that information centrally, and then allowing an administrator to approve or deny the use of these tools.

Once this process has initially completed, enforcement of this list of applications is then applied to the target machines. Theoretically, this has given control back to the organisation in relation to what software is allowed to run on the corporate computers.


Mike Maxwell | 01 May 2013 | 0 comments

* This article originally ran on StateScoop on April 30, 2013.


Each year, Symantec releases its Internet Security Threat Report (ISTR), which recounts—in exhaustive detail—a summation of the previous year’s cybersecurity actions, trends, threats, and opportunities.

(How do we get all this data? By leveraging Symantec’s Global Intelligence Network, which is comprised of more than 69 million attack sensors, and records thousands of events per second.)

Historically, the ISTR’s annual unveiling has always been (as Vice President Biden might say) a “big bleeping deal” for government stakeholders. But this year, it’s even more important, thanks to two additional factors:

  1. More than ever, governments this year are treating quantitative data as the...
bartolomeu | 29 Apr 2013 | 0 comments

When you have installed both Symantec Endpoint Protection Manager and DLO Server 7.5 you can meet a port conflict. Both application use tomcat with default https port 8443.

i.e. if you have installed SEPM 12.1 and upgrade DLO to 7.5 you may encounter problems with logging to SEPM console like:

- Server Certificate is not present in your trusted store

- Unexpected server Error

Problem disappears after service Mindtree StoreSmart Dedupe Server (tomcat7.exe) is stopped.

DLO 7.5 have new feature: Dedupe Server, which uses tomcat on https port 8443, the same port that uses tomcat in SEPM.

I solved the problem by change DLO dedupe server port to 8443. I've edited "C:\Program Files\Symantec\Symantec DLO\Dedupe\Tomcat\conf\server.xml" file in notepad. I've updated all entries of "8443" to i.e. "8449".

Other possible solution is change the SEPM port. You can do it by "Management Server...

John Santana | 28 Apr 2013 | 6 comments

Hi People,

I'm sharing the white paper that I have gathered and read through the weekend regarding the independent testing that benchmark the most common Anti Virus implementation in the industry. (see the attached files including the updated result as at September 2013).

The paper clearly indicates that Symantec Endpoint Protection outshines the competition due to the experience and the maturity in the Computer Security Industry.

Hope this article can be a helpful reference for you all.

Cheers !

Brandon Noble | 25 Apr 2013 | 2 comments

We have been receiving a few scattered cases of outbreaks from a file labeled snkb00ptz.exe or snkb0ptz.exe, but it seems to be on the rise.

It's normally considered poor troubleshooting to use the file name for any type of identification of a threat, but recent examples have made this practical. Even though these files were detected as many different threat names and families (Trojan.gen, w32.IRCBot.NG, Downloader, etc), the cases all reported the same behavior and symptoms.

After some additional investigation, Symantec Security Response has broken out detection for W32.Inabot. That's short for the Insomnia IRC bot. More information is available from the makers of this threat in their manual, here:

For those of you familiar with W32.Changeup,...

Mithun Sanghavi | 23 Apr 2013 | 0 comments


The following general best practices document for configuring and managing SEP 11.0 was prepared by the Symantec product team.

It is always recommended to have the Latest version of SEP 11.x on your Client machines. Check this Article:

About Maintaining Consistency of Software Versions throughout a SEP 11 Organization

See the attached files for additional documents.

Here is a general outline for configuring SEP to maximize protection from today's emerging threats:

(This outline is in order of easiest to implement first)

  1. Implement recommendations from Symantec Security Response:
  2. Validate...
gschumm | 18 Apr 2013 | 0 comments

Recently a few of my colleagues and I had the opportunity to participate in the National Cybersecurity Excellence Partnership (NCEP) partner signing ceremony for the National Cybersecurity Center of Excellence (NCCoE).

Established in 2012 through a partnership between NIST, the State of Maryland and Montgomery County, the NCCoE is dedicated to furthering innovation through the rapid identification, integration and adoption of practical cybersecurity solutions. The approach taken by the NCCoE is to integrate commercially available technologies to build practical cybersecurity solutions that can be rapidly applied to the challenges that businesses face each day. 

The NCEP partner signing ceremony was held at the NCCoE in Rockville, MD and included speeches from:

  • NIST Director Patrick Gallagher
  • U.S. Senator Barbara Mikulski
  • Maryland Governor Martin O'Malley
  • Montgomery County Executive Ike Leggett
  • National Security...
MelanieLopez | 16 Apr 2013 | 0 comments

Follow Managed PKI on Twitter @SymantecMPKI

Symantec would like to announce the release of Managed PKI Service v8.8, which includes support for the newest platforms and browsers, local key escrow and recovery service, and features to address evolving NIST guidelines.

Summary of New Features:

  • Support for heterogeneous environments
    • New platforms and browsers (IE 10 on Windows 8 platforms; PKI Client support for Windows Vista 64-bit)
    • Automate the enrollment process for MAC environments
  • Key Management Enhancements
    • Local key escrow and recovery service
    • Support for evolving NIST standards with ECC based keys
  • Support for WiMAX and DOCSIS certificates
  • General user interface enhancements improve Administrator experience

Support for heterogeneous environments


uuallan | 11 Apr 2013 | 1 comment

In the famous Kenny Rogers song Lucille, a scorned husband confronts his cheating wife in a bar and publicly shames her by reminding her that she “…picked a fine time to leave me Lucille, with four hungry kids and a crop in the field.” (my apologies if that song is now stuck in your head).  While shaming did not work in that song, can it be an effective tool in enforcing security policy?  Surprisingly, the answer may be yes. 

Forbes Magazine just released a study of trends in cyber security and one of the surprising things they found is that people are more concerned about their Facebook or Twitter accounts being compromised than they are about someone getting a hold of their credit cards.  This concern stems in part from the public shame associated with your friends and...