IT Risk Management
Scott5
|
November 19th, 2009
Excuse me if this is answered elswhere; my limit for searching and poking sprawling forums and knowledgebases for answers is 1 hour.
It appears there is a fundamental change in the management software between these two versions. Version 5.0 doesn't seem to require an "Authentication Broker," but version 5.5 (included in the 5.0 VCS installation CD) does.
Is there any risk that the 5.0 VCS console is going to go unsupported? We'd like to avoid the time and hassle of implementing the broker (bloater?) service required for the 5.5 console. For the limited number of clusters we support it's absolutely not necessary.
Thanks in advance!
2 comments
Kevin Haley
|
November 17th, 2009
Yes, it’s a cheap trick and not even close to original. But the lesson here is that even obvious social engineering tricks can get people to click on a link. We can’t help ourselves. We love to click. Clicking on links and attachments that are accompanied by just the slightest bit of social engineering appears to be a basic human need. I expect it to show up in a revision of Maslow’s Hierarchy of Human Needs any day now—behind love, but certainly ahead of safety.
I do have a point to all this. Two actually. As we compiled the Security Trends to Watch in 2010, what occurred to me is that the people who most needed to read this information never will. At least not without some social engineering on my part. And since social engineering plays such a prominent role in future trends, it seemed appropriate. So I’ve decided to use this little trick to get people to read the list of trends below. So…
Don’t read this if you think antivirus technology...
11.x, Security, Security Response, 10.x, Evolution of Security, 9.x and Earlier, IT Risk Management, Malicious Code, Online Fraud, Security Risks, Spam, Vulnerabilities & Exploits, Endpoint Protection (AntiVirus)
0 comments
Kevin Haley
|
November 17th, 2009
The Security Response team has compiled the top security trends of 2009. We pulled data from the Global Intelligence Network and the experiences of the thousands of analysts and security experts at Symantec to come up with the top trends for the year. While none of these trends will be a surprise to anyone even casually following the threat landscape, when compiled and summarized, it is clear that the breadth of security problems in the past year was pretty stunning.
For example:
• Toolkits and threat recycling have made malware easier to create than ever
• Polymorphic technology is being applied to make threats harder to catch
• Botnets, large and small, are used as the foundation of attacks making most attacks complex
• All major news events are used for social engineering
• Major brands are being appropriated by cybercriminals to lure online victims
But, it’s the...
Security, Security Response, Evolution of Security, IT Risk Management, Malicious Code, Online Fraud, Security Risks, Spam, Vulnerabilities & Exploits, Endpoint Protection (AntiVirus)
0 comments
vanwykm
|
November 16th, 2009
Hi Team.
I have been trying to figure this out for the last 3 days now.
When trying to start the Symantec Endpoint Protection Manager Service it stops with the following error in the event log.
The Java Virtual Machine has exited with a code of -1, the service is being stopped.
What i have noticed, is that the secars folder is empty??
What am i doing wrong?
below is an extract from the scm-server log file
////////////////////////////////////
2009-11-16 16:35:55.454 SEVERE: ================== Server Environment ===================
2009-11-16 16:35:55.455 SEVERE: os.name = Windows Vista
2009-11-16 16:35:55.456 SEVERE: os.version = 6.1
2009-11-16 16:35:55.456 SEVERE: os.arch = x86
2009-11-16 16:35:55.456 SEVERE: java.version = 1.5.0_15
2009-11-16 16:35:55.457 SEVERE: java.vendor = Sun Microsystems Inc.
2009-11-16 16:35:55.457 SEVERE: java.vm.name = Java HotSpot(TM) Server VM
2009-11-16 16:35:55.457 SEVERE: java.vm.version = 1.5.0_15-b04
2009-11-16 16:35:55.458 SEVERE: java.home =...
4 comments
shp
|
November 12th, 2009
I would like to add an idea about online status of the users in Symantec connect.
It will be good to see a status icon(small bubble) beside user virtual face(avatar) like Green for online orange for inactive etc....
It will be easy for us to know the person availability and do PM.
11.x, Emerging Threats, Security, 10.x, Evolution of Security, 9.x and Earlier, Basics, IT Risk Management, Best Practice, Malicious Code, Security Risks, Configuring, Spam, Features, Installing, Performance, Reporting, Endpoint Protection (AntiVirus), Tip/How to, Upgrade
2 comments
Vikram Kumar-SA...
|
November 11th, 2009
I have attached the Firewall and Application Control policy Policy to Block Peer to Peer Applications as per this article
.https://www-secure.symantec.com/connect/articles/what-do-p2p-applications-do-and-how-block-peer-peer-applications-p2p-using-symantec-endpoin
Import the Policy from your Symantec Endpoint Protection Manager and Assign it to the groups you want.
Note:Default Template has been taken for both the Policies only addition is the new Firewall rule was added for P2P applications and Block Application from running have been modified for blocking P2P applications.
11.x, Security, IT Risk Management, Best Practice, Malicious Code, Security Risks, Configuring, Endpoint Protection (AntiVirus), Tip/How to
2 comments
Marius Salay
|
November 10th, 2009
Good morning out there,
I´ve got SEP RU5 running in a domain with up to 1000 clients. Due to the fact that we´re all in the same net, I have to set up only ONE unmanaged detector. Now there is the problem, that my devices that need to be excluded from detection have different IP-spaces. I have to exclude them via the MAC. Is there any possibility to add them to exclusion via script? There are up to 150 entries to be done and I don´t have the time to enter all the MACs by hand!
Thank you @ll!
Greets,
Marius
3 comments
JoshuaT
|
November 10th, 2009
On the home tab of the managemnet console in the Security Status section, you have the ability to set your thresholds (preferences) for when to alert on a failure.
This screen is missing the optin to alert on out of date proactive threat definition levels.
0 comments
Happytohelp
|
November 10th, 2009
Hi,
I get lot of IE POPUP's if the computer is kept Idle for long time. I have run loadpoint checked every thing. Have also submitted some file they came up as clean. There is notting in MS config. I have also removed all the browser helping Object still the same. Tried some other antivirus software still the same.
Please let me if any one have faced this issue or if you know how to fix this.
0 comments
Bijay.Swain
|
November 10th, 2009
Who has done a migration from Kaspesky/Trend Micro/McAfee to SEP
Need this Information along with companyinfo.
Security, IT Risk Management, Best Practice, Malicious Code, Security Risks, Configuring, Spam, Features, Installing, Performance, Reporting, Endpoint Protection (AntiVirus), Tip/How to, Upgrade
16 comments
Bijay.Swain
|
November 9th, 2009
there is a virus which symantec is not detecting but I know the filename and location of the file which is same on all infected computers.
Now I want to quarentine that file which i can do by adding the file to quarentine manually on the client but can i create a policy on my sepm console so that all clients will quarentine that file at once so that the virus can't damage our network any more.
Emerging Threats, Security, Basics, IT Risk Management, Best Practice, Malicious Code, Security Risks, Configuring, Features, Performance, Endpoint Protection (AntiVirus), Tip/How to
3 comments
Kevin Haley
|
November 9th, 2009
One thing I see again and again in this job is that people usually don’t think about security until after they are hit with an incident. Companies create disaster recovery plans after the disaster. They come up with incident response teams after the incident. And consumers get antivirus software after they’ve had a virus infect their system.
People, here is a chance to turn that all around. We’ve seen several incidents of mobile phones being hacked. So far it’s been by old school hackers, those that are doing it just to prove that it can be done. But history shows us that the cyber criminals follow closely behind the old school hackers, and they will not be doing it for kicks—they’ll be doing it to rip you off.
Security professionals approach any situation like this by a risk assessment; in other words, they try to figure out what bad things could happen. Then they can hope for the best, but prepare for the worse. If anyone with a smart...
0 comments
Bijay.Swain
|
November 7th, 2009
How to turn off replication between two sites?
I want to reinstall my replication site again so how to turn off replication before uninstalling it.
Security, Basics, IT Risk Management, Best Practice, Configuring, Features, Installing, Performance, Reporting, Endpoint Protection (AntiVirus), Tip/How to, Upgrade
2 comments
ant2010
|
November 6th, 2009
My Domain server has this problem 2 weeks ago. it worked fine before.
About every one day, the DC server will automatically create user's profile under "document and setting" in server. No roaming profile was set. when we have this problem, we cannot access the shared folder in server. Restart the server solve it temporary but about 10 hours later, same problem come again.
I searched the solutions for this problem, some one suggested uninstall symantec, so I stopped all symantec service in DC server, and seems the problem fixed.
we use symantec antivirus version 10.1.5.5002.
any one know how to fix it?
Any suggestion would be appreciated..
Thanks,
Ant
Security, 10.x, IT Risk Management, Security Risks, Configuring, Features, Endpoint Protection (AntiVirus)
3 comments
ant2010
|
November 6th, 2009
My Domain server has this problem 2 weeks ago. it worked fine before.
About every one day, the DC server will automatically create user's profile under "document and setting" in server. No roaming profile was set. when we have this problem, we cannot access the shared folder in server. Restart the server solve it temporary but about 10 hours later, same problem come again.
I searched the solutions for this problem, some one suggested uninstall symantec, so I stopped all symantec service in DC server, and seems the problem fixed.
we use symantec antivirus version 10.1.5.5002.
any one know how to fix it?
Any suggestion would be appreciated..
Thanks,
Ant
0 comments
Bijay.Swain
|
November 6th, 2009
Is scanning speed in SEP11RU5 faster then sep11mr4mp2 ?
Scanning of 8GB of data takes more than 90 minutes in sep11mr4mp2 .
Security, Basics, IT Risk Management, Best Practice, Configuring, Spam, Features, Installing, Reporting, Endpoint Protection (AntiVirus), Tip/How to
1 comments
Bijay.Swain
|
November 4th, 2009
Proactive threat Protection Needs more improvments as it is doing almost nothing. It should detect on behaviour of a file.Currently symantec is only depending upon signatures. Now irus writers are easily corrupting SEP and it can't even save itself.
SEP is failing to save itself also. A small program enters and easily destroys sep in a system. symantec should include some technology to protect all its files which are created during installation.
Emerging Threats, Security, Evolution of Security, Basics, IT Risk Management, Best Practice, Malicious Code, Security Risks, Configuring, Spam, Features, Installing, Performance, Reporting, Endpoint Protection (AntiVirus), Tip/How to, Upgrade
0 comments
bytesbits
|
October 30th, 2009
What are the event ID's in the log files (application or system?) when the program detects a threat? What is the event ID's when it cleans something?
1 comments
mgrajendra.mgr
|
October 30th, 2009
We have SEPM MR4 MP1 in our office. This console is not dupdating from 14 oct 2009. Wnen i tried it update giving error "replication issues Symantec Connect"
11.x, Emerging Threats, Security, Evolution of Security, Basics, IT Risk Management, Best Practice, Malicious Code, Security Risks, Configuring, Spam, Features, Installing, Performance, Reporting, Endpoint Protection (AntiVirus), Tip/How to, Upgrade
2 comments
vinodmanu
|
October 29th, 2009
Hi @all i am getting an error masaage on my clients that is SID:23179 MSRPC Server servise BO dected and my client are showing me Offline though there are connected to my Antivirus server
kindly help me
2 comments
Eileen
|
October 26th, 2009
Wednesday, October 28, 2009 @ 11:00 AM PT
Why Breaches Happen… And What to Do About It
Presented by:
Kevin Rowney, Senior Principal Strategic Partner (founder of Vontu)
Steven Elefant, Chief Information Officer, Heartland Payment Systems
Steven Piliero, CISO, The Center for Internet Security
Registration URL: http://www.symantec.com/offer?a_id=87640
2 comments
WowandIT
|
October 22nd, 2009
Just wanted to throw a question out there to see if anyone else has experienced this issue before. We have over 4,000 computer in our firm and have recently rolled out SEP11. We first had issues with profiles being blocked, which has since been resolved. Now we're seeing machines(a small number but still....hehe) that have received SEP11 and upon reboot, are dead in the water. The machines boot up to our default background but doesn't load the local machine policy, etc. Ctrl+Alt+Delete never shows up. It's almost as if the machine is locked up but the mouse cursor and the keyboard still work. Safe Mode is the same, boots into Safe Mode but never loads all the way to Ctrl+Alt+Delete. While the machine is up, there is no way to manage it. We've had to resort to imaging the machines to restore functionality. Restoring from the registry is hit or miss and I was wondering if there was an alternate resolution?!?! Thanks
11.x, Security, Basics, IT Risk Management, Configuring, Vulnerabilities & Exploits, Installing, Performance, Endpoint Protection (AntiVirus), Tip/How to
11 comments
soumyaghosh
|
October 22nd, 2009
EVERYDAY WE HAVE GOT Packed.Generic.258 TROJAN AND DELETED. LASTDAY I HAVE CHECKED THE STATUS THROUGH CONSOLE NO RISKS ARE FOUND BUT IN "TOP SOURCES OF ATTACK" DETECTS ONE OF MACHINES IN OUR LAN AND "NUMBER OF ATTACKS" GRADUALLY INCREASED.I HAVE GOT A CASE ID BUT STILL NOW WE DON'T GET ANY SOLUTION.CAN ANYBODY HELP ME OUT.
SOUMYA GHOSH
NETWORK EXECUTIVE
SHRIRAM INSIGHT SHARE BROKERS LIMITED
2 comments
Bijay.Swain
|
October 20th, 2009
Will there be any issue if I use sepm 11ru5 with sep 11mr4mp2 clients.
I want to use this because I want to upgrade the clients in phases which may take me 1 month to upgrdae the clients.
Security, IT Risk Management, Best Practice, Security Risks, Features, Installing, Performance, Endpoint Protection (AntiVirus), Upgrade
17 comments
jomargonzales
|
October 18th, 2009
Any group from Symantec Philippines?
11.x, Security, Evolution of Security, Basics, ManageFusion, IT Risk Management, Best Practice, User Group, Vision 2008, Configuring, Features, Installing, News, Performance, Reporting, Endpoint Protection (AntiVirus), Tip/How to, Upgrade
0 comments