Video Screencast Help
Security Community Blog
Showing posts in English
Pascal KOTTE | 28 Aug 2009 | 2 comments

Here you will find a 1,5 year old presentation regarding some explain regarding the Zombie problem on the Web...
I build this presentation to explain (try) what are the risks to non IT people.
Reuse for free - Most people must understand this problem.

We should Just add this presentation the information that Antivirus, all the same updated, with a true firewall, are not enough to protect any PC to turn a Zombie.

The 2 files are same content, in PDF + PPT format (about 1MB size)

jjesse | 27 Aug 2009 | 1 comment

In an article on Channel Insider, the author raises the question, Could a solid Data Loss Prevention product stopped the transfer of data from Goldman Sachs to a third part web hosting.

For those that don’t remember the whole story, a quick Google news search will be a quick refresher or from a New York Times article

“Mr. Aleynikov, who is free on $750,000 bond, is suspected of having taken pieces of Goldman software that enables the buying and selling of shares in milliseconds. Banks and hedge funds use such programs...

Peterpan | 26 Aug 2009 | 2 comments
In year 2007, I am newbie in IT industry, I was graduated as an IT in the same year, having a basic knowledge in this field, After I graduated I am seeking a job related to my profession, and there are lots of company where I applied for any position that fit to my skills, with my guts to have a job, I didn’t stop seeking, then finally I was hired as a Technical Support Engineer in one company which is a Reseller of Symantec products particular in IT Security and High Availability solution.
During my first few days I was orient with my Technical Head on what products that we could handle and manage, he also give me an idea on what is our main responsibility and roles, since the company’s nature of business is a reseller, we need to do a Proof of Concept in the client, during this days I have no idea and how and where to start that kind of task, I was assigned to focus in IT security solution. so I could absorb and learn the functionality...
LeslieMiller | 26 Aug 2009 | 2 comments

At long last we can announce the runners up to the Tell Your Story Contest that ended on July 31st.

The grand prize winners are announced here.

The runners up are:

Backup and Archiving:
clewis: Symantec Backup Exec: A feature-rich software
Abesama: PureDisk--the de-dup champion
Geral Wanjohi Gitau: The migration that went smoothly

shaun_b: Migration Success Story
danny77: SEP and SNAC - An Unbeatable Combination

Congratulations to each of...

hemu | 25 Aug 2009 | 1 comment

Dear Friends please find attached SQL query for DB report.....

use sem5
select pat.version as vd_version,i.MAC_addr1, i.CURRENT_LOGIN_USER, i.computer_name, i.ip_addr1_text,OPERATION_SYSTEM,
dateadd(s,convert(bigint,i.TIME_STAMP)/1000,'01-01-1970 00:00:00'),
dateadd(s,convert(bigint,CREATION_TIME)/1000,'01-01-1970 00:00:00'),i.DELETED,
dateadd(s,convert(bigint,LAST_UPDATE_TIME)/1000,'01-01-1970 00:00:00') lastupdatetime,agent_version, as group_name from
sem_agent as sa with (nolock) left outer join pattern pat on sa.pattern_idx=pat.pattern_idx
inner join v_sem_computer i on i.computer_id=sa.computer_id
inner join identity_map g on
inner join identity_map p on
inner join identity_map s on
inner join identity_map q on where
(sa.agent_type='105' or sa.agent_type='151') and sa.deleted='0'
and (sa.major_version >...

thaller | 24 Aug 2009 | 0 comments
Hello Everyone,

So like I said in my last blog post, whenever something interesting or useful happens to me with regards to my dealing with SEP, I'll post about it, so here is the latest.

Last week we had an interesting "incident" with one of our clients.

The Client:

The client is a Windows XP SP2 Machine, that was on our Guest Network (Removed from the Corporate Network by Firewalling).
It was running SEP MR4 MP1 as an unmanaged client.

The client was set to auto-update from symantec every 4 hrs, and do a daily full scan.

The Problem:

We first noticed a problem when an end-user was complaining about "spyware" like symptoms, browser hijacking, popups, etc...

upon inspection SEP had not found anything, and the logs showed it was behaving as normal.

Upon furth investigation (using "other" tools) we found out that the machine was infected with Win32.XiaJian.bk Trojan.

As part of our incident response (Which I suggest every business create one...
Shaizad | 23 Aug 2009 | 1 comment

Issue                 :-  SEP Client Install roll back  on Windows Vista Enterprise Machine . (SEP 11)

Sep Install log :-  MSI (c) (8C:24) [12:02:40:166]: Invoking remote custom action. DLL: C:\Users\ADMINI~1.TEA\AppData\Local\Temp\MSI6C91.tmp, Entrypoint: CheckInstallPath
Action ended 12:02:40: CheckInstallPath. Return value 3.
Info 2896.Executing action CheckInstallPath failed.
Action ended 12:02:40: InstallWelcome. Return value 3.
MSI (c) (8C:34) [12:02:40:201]: Doing action: SetupCompleteError
Action 12:02:40: SetupCompleteError.
Action start 12:02:40: SetupCompleteError.
Action 12:02:40: SetupCompleteError. Dialog created

In Windows Vista

Open Control Panel
Open Regional and Language Options
Under 'Current Formats' select 'US English'
Click OK

Should be able to install Sep 11

Abhishek Pradhan | 23 Aug 2009 | 1 comment
When it comes to fighting malware, you may be asking as a security professional, “Why would I need to perform malware analysis? I don’t work for an anti-virus vendor.” If you are responsible for the security of a network, at some point in your career you will most likely have to perform malware analysis.
The goal of malware analysis is to gain an understanding of how a specific piece of malware functions so that defenses can be built to protect an organization’s network. There are two key questions that must be answered. The first: how did this machine become infected with this piece of malware? The second: what exactly does this malware do? After determining the specific type of malware, you will have to determine which question is more critical to your situation.
Types of Malware Analysis
There are two types of malware...
Satyam Pujari | 21 Aug 2009 | 5 comments

Symantec’s Web site ratings service Norton Safe Web presents the Dirtiest Web Sites of Summer 2009 – the top 100 infected sites based on number of threats. Norton Safe Web is a new reputation service from Symantec. 

What makes these sites so dirty?
Symantec explained it by pointing out the fact that the average number of threats per malicious site rated by Norton Safe Web is 23. With that said, the average number of threats on the Dirtiest Web Sites list is a staggering 18,000 per site. Forty of the top 100 have more than 20,000 threats per site. Moreover, 75-percent of sites on the list have distributed Malware for more than six months.

“This list underscores what our research shows. There has been exponential growth in the number of online threats that are constantly evolving as cybercriminals look for new ways to target your money, identity, or assets. In 2008, most new infections occurred while people were...

Warrior6945 | 21 Aug 2009 | 0 comments

Clients move to the Default Group Automatically

Even after replacing the sylink.xml the clients move to the Default group automatically.
This happens as a lot of tmp and dat files are generated in the AgentInfo Folder


1. Stop the Symantec Endpoint Protection Manager service
2. Browse to the following location
    C:\Prog Files\Symantec\ Symantec Endpoint Protection Manager\data\inbox\AgentInfo
3. Delete all the files in the above folder.
4. Start the Symantec Endpoint Protection Manager service
5. Update the policy on the client.