Video Screencast Help
Security Community Blog
Showing posts in English
aNgeLiQuE | 23 Sep 2009 | 2 comments


Data Loss Prevention (Vontu)


Version #

Release Date*

End of Standard Support

Current version

Data Loss Prevention (DLP) 8


Upgrade to current version from


Supported versions


Unsupported & End of Life versions


What does this product do?


Vontu Data Loss Prevention 8 from Symantec is the industry's first integrated solution that combines both endpoint and...

Twixxica_09 | 23 Sep 2009 | 7 comments

Symantec Endpoint Protection Small Business Edition 12.0 VS. Symantec Enpoint protection 11.0

What is the difference between SEP SBE 12.0 and SEP 11.0?
- SEP SBE 12.0 is a product optimized for Small Business (<=100 nodes) customers.
- It is much easier to install and use.
- SEP SBE has all the features of SEP 11.0 except for Application and Device Control. It also does not support NAC.
- With the introduction of SEP SBE 12.0, Symantec now has targeted offerings based on customer segment.
- If the customer is larger than 100 users, you should recommend SEP.
- If your customer has less than 100 users, SEP SBE is the better fit.

Can I install SEP SBE 12 over SEP 11?
- SEP SBE 12.0 clients can be installed over SAV 9.x or later, SCS 3.x, or previous SEP 11.x installs.

Can I migrate SEP Manager from the SEP 11 Management Console?
- A customer that has SEP 11.0 deployed will have to uninstall the manager...

Twixxica_09 | 23 Sep 2009 | 1 comment

Vontu Data Loss Prevention: Upgrade

Customers upgrading to Vontu 8.0 to 9.0 will not recieve any upgrade key. They will continue to use the vontu 8.0 keys.

If you already have the Vontu Data loss prevention 8 license key, you can use the license key of Vontu DLp 8.0 to Vontu DLP 9. If you would like to purchase additional products, or if your renewing the product, that is the time you will recieve a license key for Vontu DLP 9.0.

LyNeTtE-sKi23 | 22 Sep 2009 | 0 comments

Host ID Transfer

What is a Host ID?
A Host ID, sometimes called a Node ID, is a unique identifier on aUNIX system. Symantec asks for this ID during license registrationand utilizes the ID to ensure that only the license owner can install and use the license

When a license key/file is generated for a specific computer, it is locked to a number that is unique to that machine.

What is a Symantec System ID (SSID)?
The Symantec System ID is a unique identifier for a particular machine. An SSID is similar to a Host ID, except that the Symantec software adds data to the core Host ID value to create a unique string format. The Symantec System ID format varies from product to product, and across machine types.

What is the difference between "Node-Locked" and "Non-Node-Locked" license keys?

A "Node-Locked" license key is one that can only be used...

snekul | 22 Sep 2009 | 0 comments

Sometimes besides just having a large quarantine as far as MB is concerned, sometimes you also end up with a large quarantine as far as the number of files is concerned.  I found this on a computer where the user was complaining of slow speeds.  In this case, they were repeatedly visiting a website that was infected with malware and the quarantine grew huge as a result.  57,996 objects in the Quarantine folder! I simply deleted everything in this folder and all was well again.  I'm not sure if the slow speeds were a result of the Symantec's handling of the large quarantine or because it kept finding this stuff on the system.


As a side tip, on machines that have been running for a while and may be filled with junk,...

Aniket Amdekar | 22 Sep 2009 | 1 comment












upgrade process2.jpg

Step 1: Back up the database

 Back up the database used by the Symantec Endpoint Protection Manager to ensure the integrity of your client information.

Step 2: Turn off replication

Turn off replication on all sites that are configured as replication partners. This avoids any attempts to update the database during the installation.

Step 3: Stop the Symantec Endpoint Protection Manager service

The Symantec Endpoint Protection Manager service must be stopped during the installation.

Step 4: Upgrade the Symantec Endpoint Protection Manager software

Install the new...

snekul | 21 Sep 2009 | 1 comment

As the "go to" guy for SEP on campus an interesting question came up, "How can I get a list of my machines that are actually running on SEP?" The SEP Manager (SEPM) has quite a few options, but the reports section seemed to be missing an option to export a list of all your machines. After searching around, I did find a solution. The trick is to go to the log section, not the reports section.

So in SEPM go to "Monitors" and choose the "Logs" tab. Then choose the log type of "Computer Status." Hit the button to get advanced settings. Then in the "Domain" field you'll want to enter your SEPM domain name so you only get your machines, otherwise you'll get all of them from all SEPM domains (unless that's what you want). You'll also want to expand the time range when searching. The default of last 24 hours will only show machines that have checked-in in the last 24 hours, so you'll want to expand that appropriately...

snekul | 21 Sep 2009 | 0 comments

I helped an admin out yesterday who was running out of disk space on a system. It turns out a very large email folder in Thunderbird was triggering a virus alert and an attempt to clean it up, but the cleaning failed. As such, the file was left in quarantine and left on the file system. Each time a scan ran, this happened again and the hard drive slowly filled up. By default, SEP clears items out of quarantine that are over 30 days old. I suggest adding the second option to your systems that also sets a file-size limit. Probably aim high, like 5120 MB or so, since it isn't permanent. This should be enough to prevent systems that had ample hard disk space from running out for some reason caused by SEP and misbehaving software, yet still allow for file recovery in most circumstances.

Mudit Kumar | 18 Sep 2009 | 16 comments

It’s important to know which kind of DSN you are suppose to check when you are Troubleshooting ODBC Connection.

If you want to check ODBC Connection on x64 system, you can check or create an ODBC Connection(DSN) for 32 Bit application and also use it for 64 Bit application.

32-bit applications will only look for ODBC connections created in the 32-bit, and 64-bits applications will look for ODBC connections from the 64-bit. 

So if you want to configure DSN for 32-bit application on 64-Bit OS you will have to use:

1. C:\Windows\SysWOW64\odbcad32.exe(Used to check ODBC for Symantec Endpoint Protection Manager)

You want to do the same on 64-bit application on 64-Bit OS you can use:

2. C:\Windows\System32\odbcad32.exe

Note: In case of Symantec Endpoint Protection...

neil_rogers | 17 Sep 2009 | 2 comments

Everyone knows USB drives are a huge chance for losing data.  I found a way to make that worse.
I bought a USB drive for my wife to use on her personal laptop.  We all carry at least one of these.  Her drive stopped be recognized, let alone work on the system. 

Since it had only been used 3 times, i wanted the manufacturer to replace it under warranty.  They offered to exchange it only if i send it back with drive intact.  I was shocked that they required me to send it back.  They had a fax number that if i was with the government and can send letterhead of such an organization asking to not send the drive, and they will exempt it.

So a new drive cost $60-$150 depending on size.  Having personal, let alone any corporate data on the drive and it falls into the wrong hands, which if it is being sent in a box that says what company makes the drive or is addressed to the company, it would be easy for someone...