Video Screencast Help
Security Community Blog
Showing posts in English
Aniket Amdekar | 22 Sep 2009 | 1 comment

 

 

 

 

 

 

 

Normal
0

false
false
false

EN-US
X-NONE
X-NONE

MicrosoftInternetExplorer4

upgrade process2.jpg

Step 1: Back up the database

 Back up the database used by the Symantec Endpoint Protection Manager to ensure the integrity of your client information.

Step 2: Turn off replication

Turn off replication on all sites that are configured as replication partners. This avoids any attempts to update the database during the installation.

Step 3: Stop the Symantec Endpoint Protection Manager service

The Symantec Endpoint Protection Manager service must be stopped during the installation.

Step 4: Upgrade the Symantec Endpoint Protection Manager software

Install the new...

snekul | 21 Sep 2009 | 1 comment

As the "go to" guy for SEP on campus an interesting question came up, "How can I get a list of my machines that are actually running on SEP?" The SEP Manager (SEPM) has quite a few options, but the reports section seemed to be missing an option to export a list of all your machines. After searching around, I did find a solution. The trick is to go to the log section, not the reports section.

So in SEPM go to "Monitors" and choose the "Logs" tab. Then choose the log type of "Computer Status." Hit the button to get advanced settings. Then in the "Domain" field you'll want to enter your SEPM domain name so you only get your machines, otherwise you'll get all of them from all SEPM domains (unless that's what you want). You'll also want to expand the time range when searching. The default of last 24 hours will only show machines that have checked-in in the last 24 hours, so you'll want to expand that appropriately...

snekul | 21 Sep 2009 | 0 comments

I helped an admin out yesterday who was running out of disk space on a system. It turns out a very large email folder in Thunderbird was triggering a virus alert and an attempt to clean it up, but the cleaning failed. As such, the file was left in quarantine and left on the file system. Each time a scan ran, this happened again and the hard drive slowly filled up. By default, SEP clears items out of quarantine that are over 30 days old. I suggest adding the second option to your systems that also sets a file-size limit. Probably aim high, like 5120 MB or so, since it isn't permanent. This should be enough to prevent systems that had ample hard disk space from running out for some reason caused by SEP and misbehaving software, yet still allow for file recovery in most circumstances.

Mudit Kumar | 18 Sep 2009 | 15 comments

It’s important to know which kind of DSN you are suppose to check when you are Troubleshooting ODBC Connection.

If you want to check ODBC Connection on x64 system, you can check or create an ODBC Connection(DSN) for 32 Bit application and also use it for 64 Bit application.

32-bit applications will only look for ODBC connections created in the 32-bit, and 64-bits applications will look for ODBC connections from the 64-bit. 

So if you want to configure DSN for 32-bit application on 64-Bit OS you will have to use:

1. C:\Windows\SysWOW64\odbcad32.exe(Used to check ODBC for Symantec Endpoint Protection Manager)

You want to do the same on 64-bit application on 64-Bit OS you can use:

2. C:\Windows\System32\odbcad32.exe

Note: In case of Symantec Endpoint Protection...

neil_rogers | 17 Sep 2009 | 2 comments

Everyone knows USB drives are a huge chance for losing data.  I found a way to make that worse.
 
I bought a USB drive for my wife to use on her personal laptop.  We all carry at least one of these.  Her drive stopped be recognized, let alone work on the system. 

Since it had only been used 3 times, i wanted the manufacturer to replace it under warranty.  They offered to exchange it only if i send it back with drive intact.  I was shocked that they required me to send it back.  They had a fax number that if i was with the government and can send letterhead of such an organization asking to not send the drive, and they will exempt it.

So a new drive cost $60-$150 depending on size.  Having personal, let alone any corporate data on the drive and it falls into the wrong hands, which if it is being sent in a box that says what company makes the drive or is addressed to the company, it would be easy for someone...

Rafeeq | 17 Sep 2009 | 4 comments

Email Notifications from Specific Accounts
------------------------------------------
Hi All,

I have seen many cases where people wanted to get alerts and mails from their existing accounts/ new security account they have configured for SEP.

The default email delivery or alerts comes from SYSTEM.Some times these gets rejected by mail servers if rules are defined.

So how can we change the from address from default SYSTEM TO something else May be securityadmin@yourdomain.com

for any alerts or email we first need to configure mail severs.

For newbie's

1)Login to Symantec Endpoint Protection Manager.
2)Click on Admin tab.
3)Select the Management Server for which you wish to configure the mail server and go to Properties.
4)Click on Mail Server tab.
5)Enter the IP address of your Mail server.
6)Enter the credentials for the Mail server...

Satyam Pujari | 17 Sep 2009 | 7 comments

It has always been observed that autoplay/autorun feature of MS windows OS is one of the most preffered selection of malware propagation.We've witnessed some devastating examples of malware which used this feature effectively to replicate and converting a single machine infection to a malware outbreak with in first few hours.Conficker a.k.a W32.downadup is the most recent example of such malware.But this is not at all a new method of infection,rather this method of infection is there since decades.Some more popular examples are Trojan.Brisv.A!inf,W32.Gammima and many more in the long list.

Many other AV vendors detect autorun.inf but Symantec does not.Many people take it in a wrong way but there's a valid reason behind this decision that why Symantec does not detect autorun.inf.
 
sandeep_sali | 16 Sep 2009 | 2 comments

Normal
0

false
false
false

EN-US
X-NONE
X-NONE

MicrosoftInternetExplorer4

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman","serif";}

Title: - Points to remember while collecting memory dump.

 

Symptoms: -

 

Ø  No dump file

Ø  Corrupt dump file

 

Cause: -

 

Ø  No Paging file

Ø  Paging file on a...

Rafeeq | 15 Sep 2009 | 5 comments

Before I would begin , I know few of you would have these questions.

What is Social Engineering?

In simplest terms its gaining trust and misleading users.

Well..Does it really work?

Can the smartest people be easily mislead?

the answer is YES!! 

Kevin Mitnick the famous hacker said that "SE helped him a lot to gain access to most critical systems".

If so, Are we protected?

In this world where we all are connected through internet.Banking, stocks, sport updates,Face book,Twitter, everything is connected.As we are depeneding on computers for our daily work, even computers are depended on us.The more we depend the more vulberable we become. The attackers / creators mislead users by some means and gain access to the systems whichleads to financial loss.

SE in Email:

I'm sure we all would have received emails like I'm the only descendant of a rich African who recently passed...

Aniket Amdekar | 14 Sep 2009 | 0 comments

The Symantec ThreatCon rating is a measurement of the global threat exposure, delivered as part of Symantec DeepSight Threat Management System.

We always see the Threatcon level indicator on the Symantec.com website as well as the Endpoint Protection Manager.

Following is the description for each one of the levels:

Threatcon Level 1

ThreatCon Level 1

Low : Basic network posture
This condition applies when there is no discernible network incident activity and no malicious code activity with a moderate or severe risk rating. Under these conditions, only a routine security posture, designed to defeat normal network threats, is warranted. Automated systems and alerting mechanisms should be used.

 

...