Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog
Showing posts in English
LyNeTtE-sKi23 | 22 Sep 2009 | 0 comments

Host ID Transfer

What is a Host ID?
A Host ID, sometimes called a Node ID, is a unique identifier on aUNIX system. Symantec asks for this ID during license registrationand utilizes the ID to ensure that only the license owner can install and use the license

When a license key/file is generated for a specific computer, it is locked to a number that is unique to that machine.

What is a Symantec System ID (SSID)?
The Symantec System ID is a unique identifier for a particular machine. An SSID is similar to a Host ID, except that the Symantec software adds data to the core Host ID value to create a unique string format. The Symantec System ID format varies from product to product, and across machine types.

What is the difference between "Node-Locked" and "Non-Node-Locked" license keys?

A "Node-Locked" license key is one that can only be used...

snekul | 22 Sep 2009 | 0 comments

Sometimes besides just having a large quarantine as far as MB is concerned, sometimes you also end up with a large quarantine as far as the number of files is concerned.  I found this on a computer where the user was complaining of slow speeds.  In this case, they were repeatedly visiting a website that was infected with malware and the quarantine grew huge as a result.  57,996 objects in the Quarantine folder! I simply deleted everything in this folder and all was well again.  I'm not sure if the slow speeds were a result of the Symantec's handling of the large quarantine or because it kept finding this stuff on the system.


As a side tip, on machines that have been running for a while and may be filled with junk,...

Aniket Amdekar | 22 Sep 2009 | 1 comment












upgrade process2.jpg

Step 1: Back up the database

 Back up the database used by the Symantec Endpoint Protection Manager to ensure the integrity of your client information.

Step 2: Turn off replication

Turn off replication on all sites that are configured as replication partners. This avoids any attempts to update the database during the installation.

Step 3: Stop the Symantec Endpoint Protection Manager service

The Symantec Endpoint Protection Manager service must be stopped during the installation.

Step 4: Upgrade the Symantec Endpoint Protection Manager software

Install the new...

snekul | 21 Sep 2009 | 1 comment

As the "go to" guy for SEP on campus an interesting question came up, "How can I get a list of my machines that are actually running on SEP?" The SEP Manager (SEPM) has quite a few options, but the reports section seemed to be missing an option to export a list of all your machines. After searching around, I did find a solution. The trick is to go to the log section, not the reports section.

So in SEPM go to "Monitors" and choose the "Logs" tab. Then choose the log type of "Computer Status." Hit the button to get advanced settings. Then in the "Domain" field you'll want to enter your SEPM domain name so you only get your machines, otherwise you'll get all of them from all SEPM domains (unless that's what you want). You'll also want to expand the time range when searching. The default of last 24 hours will only show machines that have checked-in in the last 24 hours, so you'll want to expand that appropriately...

snekul | 21 Sep 2009 | 0 comments

I helped an admin out yesterday who was running out of disk space on a system. It turns out a very large email folder in Thunderbird was triggering a virus alert and an attempt to clean it up, but the cleaning failed. As such, the file was left in quarantine and left on the file system. Each time a scan ran, this happened again and the hard drive slowly filled up. By default, SEP clears items out of quarantine that are over 30 days old. I suggest adding the second option to your systems that also sets a file-size limit. Probably aim high, like 5120 MB or so, since it isn't permanent. This should be enough to prevent systems that had ample hard disk space from running out for some reason caused by SEP and misbehaving software, yet still allow for file recovery in most circumstances.

Mudit Kumar | 18 Sep 2009 | 16 comments

It’s important to know which kind of DSN you are suppose to check when you are Troubleshooting ODBC Connection.

If you want to check ODBC Connection on x64 system, you can check or create an ODBC Connection(DSN) for 32 Bit application and also use it for 64 Bit application.

32-bit applications will only look for ODBC connections created in the 32-bit, and 64-bits applications will look for ODBC connections from the 64-bit. 

So if you want to configure DSN for 32-bit application on 64-Bit OS you will have to use:

1. C:\Windows\SysWOW64\odbcad32.exe(Used to check ODBC for Symantec Endpoint Protection Manager)

You want to do the same on 64-bit application on 64-Bit OS you can use:

2. C:\Windows\System32\odbcad32.exe

Note: In case of Symantec Endpoint Protection...

neil_rogers | 17 Sep 2009 | 2 comments

Everyone knows USB drives are a huge chance for losing data.  I found a way to make that worse.
I bought a USB drive for my wife to use on her personal laptop.  We all carry at least one of these.  Her drive stopped be recognized, let alone work on the system. 

Since it had only been used 3 times, i wanted the manufacturer to replace it under warranty.  They offered to exchange it only if i send it back with drive intact.  I was shocked that they required me to send it back.  They had a fax number that if i was with the government and can send letterhead of such an organization asking to not send the drive, and they will exempt it.

So a new drive cost $60-$150 depending on size.  Having personal, let alone any corporate data on the drive and it falls into the wrong hands, which if it is being sent in a box that says what company makes the drive or is addressed to the company, it would be easy for someone...

Rafeeq | 17 Sep 2009 | 4 comments

Email Notifications from Specific Accounts
Hi All,

I have seen many cases where people wanted to get alerts and mails from their existing accounts/ new security account they have configured for SEP.

The default email delivery or alerts comes from SYSTEM.Some times these gets rejected by mail servers if rules are defined.

So how can we change the from address from default SYSTEM TO something else May be

for any alerts or email we first need to configure mail severs.

For newbie's

1)Login to Symantec Endpoint Protection Manager.
2)Click on Admin tab.
3)Select the Management Server for which you wish to configure the mail server and go to Properties.
4)Click on Mail Server tab.
5)Enter the IP address of your Mail server.
6)Enter the credentials for the Mail server...

Satyam Pujari | 17 Sep 2009 | 7 comments

It has always been observed that autoplay/autorun feature of MS windows OS is one of the most preffered selection of malware propagation.We've witnessed some devastating examples of malware which used this feature effectively to replicate and converting a single machine infection to a malware outbreak with in first few hours.Conficker a.k.a W32.downadup is the most recent example of such malware.But this is not at all a new method of infection,rather this method of infection is there since decades.Some more popular examples are Trojan.Brisv.A!inf,W32.Gammima and many more in the long list.

Many other AV vendors detect autorun.inf but Symantec does not.Many people take it in a wrong way but there's a valid reason behind this decision that why Symantec does not detect autorun.inf.
sandeep_sali | 16 Sep 2009 | 2 comments





/* Style Definitions */
{mso-style-name:"Table Normal";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
font-family:"Times New Roman","serif";}

Title: - Points to remember while collecting memory dump.


Symptoms: -


Ø  No dump file

Ø  Corrupt dump file


Cause: -


Ø  No Paging file

Ø  Paging file on a...