Endpoint Protection

 View Only

  • 1.  ent-shasta-rrs.symantec.com using SSLv3

    Posted Sep 22, 2016 03:42 PM

    Anyone else having issues with ent-shasta-rrs.symantec.com downgrading TLS to SSL v3?

     

    It's hammering a few servers with SCHANNEL errors (36887): "TLS Fatal Alert Code 40"



  • 2.  RE: ent-shasta-rrs.symantec.com using SSLv3

    Posted Sep 22, 2016 06:45 PM

    It's been an issue for some time now.



  • 3.  RE: ent-shasta-rrs.symantec.com using SSLv3

    Posted Sep 22, 2016 06:51 PM
    So what's the recommended action? Just turn off schannel logs?


  • 4.  RE: ent-shasta-rrs.symantec.com using SSLv3

    Posted Sep 22, 2016 07:11 PM

    make sure those servers are patched and block with an IPS if you have one



  • 5.  RE: ent-shasta-rrs.symantec.com using SSLv3

    Posted Sep 23, 2016 10:32 AM

    I'm not sure how that would help since that is where SEP sends reputation requests to.



  • 6.  RE: ent-shasta-rrs.symantec.com using SSLv3

    Posted Sep 23, 2016 10:37 AM

    well this is symantec problem to fix on their end, the vulnerability can be blocked with an ips or you can just allow the downgrade. options are limited here