Video Screencast Help
Security Community Blog
Showing posts in English
tiffany_jones | 08 Dec 2009 | 0 comments

As the infrastructures that comprise the backbone of critical services, business and government operations become more dependent on technology, the need for greater coordination and security of our critical infrastructure increases.  

Last week, President Barack Obama issued a proclamation declaring December, 2009 to be “Critical Infrastructure Protection Month.”  The Presidential proclamation underscores the vital importance of the ongoing work and achievements of the private sector and the government in protecting and ensuring the resilience of our Nation’s critical infrastructure and key resources.

At Symantec, we know that the nation’s critical infrastructures are top-tier targets for groups wishing to cause visible harm in order to negatively affect continuity of services, create civil unrest...

DominikG | 08 Dec 2009 | 4 comments
I am receiving many support requests related to scan errors of the scan engine, which are caused by a suboptimal usage of the system resources, or because someone simply did not configure the parameters in the right way.
The scan engine is not software that can be set up and is good to go. In each environment, there has to be done some tuning to avoid errors and/or performance issues.
For that reason I talked to Symantec’s tech support to get a little help on how to configure the resource parameters correctly.
 
So if you are experiencing scan errors in a large amount or get reports of bad performance, please check the following steps:
 
1. Open the scan engine interface and go to “reports” -> “resources”
2. Note the value of “thread pool size”
3. Note the value of “Load statistics” -> “queued...
GertjanA | 04 Dec 2009 | 0 comments

When installing multiple EV-servers, where multiple Exchange, File, Domino etc servers need to be checked, it is not very friendly you have to key in the list of servers on each install of Deployment Scanner.

To get the list of servers on all of your Deployment Scanner's do the following:

Install Deployment Scanner on all the servers that need to have it.
Start Deployment Scanner on 1 server, put in the required servers to check, and let it run.
Close Deployment Scanner
Goto the C:\Program Files\Enterprise Vault folder, and copy the file PreReqConfig.xml to the same location on the other servers you installed D.S. on.

Start Deployment Scanner on the other servers, and you will see that the entries are present.

Gertjan

Joe Pendry | 01 Dec 2009 | 0 comments

Symantec recently hosted Government Security News editor-in-chief Jacob Goodwin on a "Black Market Tour" that demonstrates how information is stolen and sold by hackers throughout the world.  As Goodwin mentions in his story, Symantec has received a terrific reception for this educational exhibit which has toured Toronto, New York City, Washington, Tokyo, London and Mountain View, CA.

Goodwin's take?

"The Black Market Tour attempts to recreate a hacker's "lair," where the evil-doer might use phishing software to fool victims into allowing key-logging software to track their computer's keystrokes. The hacker might then grab their victims' account numbers, passwords, security codes and the answers to a slew of security questions, all in an effort to assemble marketable "personal identities" which can be sold in bundles to nefarious...

TSE-JDavis | 01 Dec 2009 | 1 comment

I am currently investigating, with Ben C Smith, an issue where IU shadowing does not work on Server 2008 64-bit version. The location where AV defs are stored on 64-bit 2008 is C:\ProgramData\Symantec\Definitions but the setup-iu.bat builds the definitions in the C:\Program Files(x86)\Common Files\Symantec Shared folder. When I run IntelligentUpdater, either i32 or i64, it doesn't see a product tpo update. Trying to figure out where Scan Engine's shadowing process looks for defs to convert and if this will work if we just change the batch file to look in the right place.

UPDATE: Shadowing seems to be working once I installed SEP onto the server. Will uninstall all products and runt eh modified version of the setup-iu.bat file and see if it can build a VirusDefs folder that the Intelligent Updater will see and update.

Rolf Niedhorn | 28 Nov 2009 | 1 comment

Hello, everyone,

Daniel Melanchton (Microsoft Germany) made a blog post regarding scan exclusions for Microsoft Products.

Because some people reported issues with user profiles since SEP 11 RU5, it is very interesting to look at Microsofts following recommodation:

Group Policy related files

Group Policy user registry information. These files are located in the following folder:

%allusersprofile%\

Exclude the following file:

NTUser.pol

Group Policy client settings file. These files are located in the following folder:

%Systemroot%\system32\GroupPolicy\

Exclude the following file:

registry.pol

You may find the whole article under the following link:

 http://support.microsoft.com/kb/822158/en-us (Article ID: 822158 - Last...

jjesse | 25 Nov 2009 | 0 comments

The recession is creating camaraderie amongst workforces, at the expense of their employers, is the finding of a transatlantic survey. Carried out amongst 600 office workers in Canary Wharf London and Wall Street New York, 41% of workers have already taken sensitive data with them to their new position, whilst a third would pass on company information if it proved useful in getting friends or family a job.

From an article on a security website, it states more and more employees are stealing data when they leave their current employer; A couple of interesting stats from the article.

  85% of people admit they know it’s illegal to download corporate data.

  57% of people say it is easier to take sensitive data this year, up 29% from last year

  Top of the list is customer and...

snekul | 24 Nov 2009 | 1 comment

First, some background. We were setting up a new box running Server 2008 R2 Core on x64.  In my department, we push out SEP to all our servers via Group Policy.  On this new Server 2008 R2 Core on x64 box the install of SEP failed.  We were puzzled until we ran into another application (in this case VMware Tools) that did not install properly either.  We discovered that Server 2008 R2 Core does not have an "Installer" folder inside the Windows folder--this would usually be C:\Windows\Installer.  Upon creating the folder, VMware Tools installed fine and on a reboot, SEP installed just fine as well.

Also, we were pushing out RU5, as that is necessary for full support on Server 2008 R2.

So, if you run into trouble installing SEP (or anything else for that matter) on Server 2008 R2 Core, make sure you have an "Installer" directory in your Windows folder.

DominikG | 20 Nov 2009 | 0 comments
I recognized something strange, which has been quite confusing for some of our customers. Actually the current version von Endpoint Protection (11 RU5) is published with two different version numbers. The packages, you receive through LiveUpdate are listed as 11.0.5002.0 in the Endpoint Protection Manager, but packages you create from other sources, e.g. downloads from Symantec’s fileconnect , are listed as 11.0.5002.333.
 
This fact makes it possible to import both versions into the Manager, if you received the packages through LiveUpdate onto your MR4 system and then upgrade it to RU5. After that you will see that four packages with the mentioned two different version numbers get listed under “install packages”.
Now, if you install the package with number 11.0.5002.0 onto a client, it gets actually also listed as installed version 11.0.5002.333. So the whole issue is just wrong information in the Manager, which the software cannot...
MarissaVicario | 17 Nov 2009 | 0 comments

Posted on behalf of Paul Wood

This week I had the pleasure of sitting on a panel with some of the best and the brightest among my Symantec colleagues to reflect on 2009’s threat landscape and what we anticipate for the year ahead.

We concur that what we’ve seen this year was ugly. Botnets prevailed and took over as a primary means of spamming and spreading malware and social engineering attacks became more sophisticated. But what we also know is that this year pales in comparison to what 2010 is expected to bring: fast flux botnets will dominate, IM spam will rear its head, rogue security software vendors will up their game, fraud targeted at social networking apps will grow, new CAPTCHA bypass techniques will emerge... to name a few.

That’s the bad news. The good news is that with a bit of preparation and the right security solutions in place, we can continue to outsmart the bad guys.
So without further ado, I present to you...