Video Screencast Help
We've launched some major improvements to the interface and community structure. Learn about them here!
updated discussion 55 min ago
I need some help in learning what information to find in which log.  Here's the issue. A network discover scan completes with just a few (anticipated) errors.  The total amount of bytes scanned is reported as ~180 GB.  The problem is that at least one of the folders contained in the target is in excess of 400GB.  In other words, what DLP Network Discover says is scanned ...
updated discussion 1 hour 28 min ago
Hello, i have an issue whit my SQL DB (sem5). the DbValidator give me the bellow error : 2017-05-24 12:37:34.400 THREAD 1 AVERTISSEMENT: Finished validating LiveUpdate content.  --> SUCCESSFUL 2017-05-24 12:37:34.400 THREAD 1 AVERTISSEMENT: Database validation failed. 2017-05-24 12:37:34.451 THREAD 1 AVERTISSEMENT: [La base de données contient des anomalies.Pour plus d’informations, ...
new discussion 3 hours 37 min ago
Hello Folks, I have encountered an issue am unable to create/edit existing class on PS. Checking the limit i see still 5 remaining classes are there. Can anyone advise what should i check further ? PS : 3500 9.2.7
updated discussion 55 min ago
I need some help in learning what information to find in which log.  Here's the issue. A network discover scan completes with just a few (anticipated) errors.  The total amount of bytes scanned is reported as ~180 GB.  The problem is that at least one of the folders contained in the target is in excess of 400GB.  In other words, what DLP Network Discover says is scanned ...
updated discussion 1 hour 28 min ago
Hello, i have an issue whit my SQL DB (sem5). the DbValidator give me the bellow error : 2017-05-24 12:37:34.400 THREAD 1 AVERTISSEMENT: Finished validating LiveUpdate content.  --> SUCCESSFUL 2017-05-24 12:37:34.400 THREAD 1 AVERTISSEMENT: Database validation failed. 2017-05-24 12:37:34.451 THREAD 1 AVERTISSEMENT: [La base de données contient des anomalies.Pour plus d’informations, ...
new discussion 3 hours 37 min ago
Hello Folks, I have encountered an issue am unable to create/edit existing class on PS. Checking the limit i see still 5 remaining classes are there. Can anyone advise what should i check further ? PS : 3500 9.2.7
new discussion 5 hours 38 min ago
Hi All, 1 When configured keyword /content block policy  we are not able to restrict over the skype and Gmail new mail box by typing restriction of content . 2 we applied print screen disable policy .user not able to take  windows print screen but its take a picture through Snipping tool. 3 Extension block policy ( Ms-exle) . Not able to block .xls file which has downloaded from ...
updated article 10 May 2017
The attached document will give you an overview on how to setup the Symantec Email Quarantine.
updated article 08 May 2017
Introduction By popular demand, below is an index of my Connect articles.  Illustrated, semi-formal and mildly amusing, I hope they assist admins and individuals along their neverending quest to find a safe path in this ever more dangerous world.... Security Series The first article, Using SEPM Alerts and Reports to Combat a Malware Outbreak, demonstrated how to use ...
updated article 08 May 2017
Introduction This is the sixteenth in my Security Series of Connect articles.  For more information on how to keep your enterprise environment secure using often-overlooked capabilities of Symantec Endpoint Protection (and the OS upon which it functions), see Mick's Greatest Hits: Index of Helpful Connect Security Articles. This article begins a new mini-series about a much misunderstood ...
new article 08 May 2017
Is it possible to monitor specific progress status with Host Integrity (HI) policy in endpoint protection? The answer is yes. Here is a simple example of how to set the requirement in HI policy. Details steps as below: 1. Edit HI policy--> click Requirements--> click "add" button--> select client platform: Windows and select "Custom requirement", click Ok: 2. On the custom requirement ...
new blog entry 5 hours 16 min ago
WannaCry の動向についての更新情報 2017 年 5 月 12 日、WannaCry(別名 WCry)というランサムウェアによる大規模なサイバー攻撃の発生が、公式にいくつも報じられました。WannaCry の標的となって被害を受けたユーザーは、世界各国に及んでいます。 WannaCry ランサムウェアに対する保護の状況 Symantec Data Center Security: Server Advanced(DCS:SA)IPS は、WannaCry ランサムウェアに対する保護機能を備えています。Symantec DCS:SA Windows 版 6.0 では 3 レベルすべてのポリシー(Basic、Hardening、Whitelisting)によって、また 5.2.9 ではすべてのポリシー(Limited ...
updated blog entry 11 hours 33 min ago
更新: 2017 年 5 月 23 日、00:30 GMT: シマンテックは、WannaCry ランサムウェアによる攻撃と、Lazarus グループと密接な関係を示すつながりを、引き続き発見しています。詳しくは、「WannaCry ランサムウェア: Lazarus グループとの関係が濃厚に」をご覧ください。 更新: 2017 年 5 月 15 日、23:24:21 GMT: シマンテックは、WannaCry ランサムウェアによる攻撃と、Lazarus グループとの間の緩やかな関係を示すつながりを 2 つ発見しました。 Lazarus が使う既知のツールと、WannaCry ランサムウェアとの出現のタイミングが一致: WannaCry の早期のバージョンに感染したマシンに、Lazarus グループだけが使うツールも存在することをシマンテックは確認しました。これは WannaCry ...
updated blog entry 11 hours 56 min ago
UPDATE: May 23, 2017 00:30 GMT: Symantec has uncovered further links to more closely tie the WannaCry attacks with the Lazarus group. For further details, see: WannaCry: Ransomware attacks show strong links to Lazarus group UPDATE: May 15, 2017  23:24:21 GMT: Symantec has uncovered two possible links that loosely tie the WannaCry ransomware attack and the Lazarus group: Co-occurrence of ...
updated blog entry 21 hours 46 min ago
The Public Key Infrastructure (PKI) ecosystem relies on root certificates issued by various certification authorities (CAs) like Symantec. This is what browsers use to decide which websites can be trusted, and which ones can’t. Currently, any CA can issue a TLS certificate for any domain. That’s how the system works, and it’s good in the sense that it gives website owners choice; ...
updated blog entry 24 May 2017
更新日期:2017年5月23日 0:30 (格林尼治时间): 赛门铁克发现了WannaCry网络攻击事件与Lazarus团伙的其他紧密联系。获取更多详细信息,请查看博文:WannaCry: 勒索软件攻击事件与Lazarus团伙有紧密关联 更新日期:2017年5月15日 23:24:21 (格林尼治时间): 赛门铁克发现了勒索软件WannaCry网络攻击与Lazarus团伙的两个潜在联系。 已知的Lazarus和WannaCry勒索软件共同出现:赛门铁克发现存在WannaCry专用工具的机器上也感染了早期版本的WannaCry。这些WannaCry的早期变体无法通过SMB传播。Lazarus工具可能作为传播WannaCry的方式,但是这一点并没有得到证实。 共享代码:谷歌的 Neel Mehta ...
updated blog entry 23 May 2017
[This is part five of a series of blog posts providing some of the backstory for my RSA presentation on Search Engine Poisoning. There was a lot of material that simply wouldn't fit into 45 minutes...] RESEARCH QUESTION #3: WHAT ABOUT CELEBRITY SEARCHES? Probably the single most interesting part of the chart in Part 4 was the "Celebrity" SEP category. Just 2.7%??? Don't we all know that the ...
updated blog entry 23 May 2017
[This is part four of a series of blog posts providing some of the backstory for my RSA presentation on Search Engine Poisoning. There was a lot of material that simply wouldn't fit into 45 minutes...] RESEARCH QUESTION #2: Seeing that no really interesting results -- well, at least, not enough for a conference-length presentation -- were going to come from the "who's the safest search ...
updated blog entry 23 May 2017
[This is part three of a series of blog posts providing some of the backstory for my RSA presentation on Search Engine Poisoning. There was a lot of material that simply wouldn't fit into a 45-minute presentation...] WHO'S THE SAFEST SEARCH ENGINE? So, late last Summer, seeing that SEP was such a dominant attack vector, we talked about what sort of research focus would make for an interesting ...
updated blog entry 23 May 2017
[This is part two of a series of blog posts providing some of the backstory on my upcoming RSA presentation on Search Engine Poisoning. There was a lot of material that simply wouldn't fit into a 45-minute presentation...] Before looking into the details of what the Bad Guys are up to these days in the realm of SEP, we need to look back to see how we got here. The simplest way to do that, I ...
updated download 24 Apr 2017
Symantec DCS Policy Utility v1.0.0.11 For Windows OS (Note .NET Framework 4.5 is required) Designed to help you tune your policy by processing the log files from an Agent. There's a getting started tab that explains the best steps to get the logs and events you need to troubleshoot your policy. The program does not make any changes to the machine or policy. It parses the sisidsevents and ...
updated download 17 Apr 2017
The database space reclamation utility lets you reclaim unused incident LOB space in your Symantec Data Loss Prevention Oracle 11g Standard database. This can use the database space reclamation utility after migrating incident attachments to external storage, or after deleting a large number of incidents.
updated event 18 hours 46 min ago
Please join us for the next Columbus Data Loss Prevention User Group meeting, Tuesday June 20, 2017, from 12 noon to 4:00 pm -- at the offices of DSW in Columbus. Food will be served! Location: DSW Designer Shoe Warehouse – 810 DSW Drive, Columbus, OH 43219. Tentative Agenda: 12:00 - 1:00:  Networking lunch at DSW's Cafe! 1:00 - 2:00:  Symantec Presentation - TBD 2:00 - ...
new event 17 May 2017
WEBINAR: Using the NIST Cybersecurity Framework to Identify PHI TIME: 10:00 AM (PST) / 1:00 PM (EST) SPEAKERS: Axel Wirth, CPHIMS, CISSP, HCISPP, Technical Architect, Symantec & Vishal Gupta, VP, Engineering/Product Management, Symantec Part 2 of 7: The NIST Cybersecurity Framework Healthcare Webinar Series Of the 16 critical infrastructure sectors, healthcare is the only one yet to ...
updated event 16 May 2017
WEBINAR ON-DEMAND VIEW ANY TIME Don’t Cry Over WannaCry Ransomware Wannacry is big but how big is it really? It’s important to understand how this piece of ransomware is operating, what you can do to stop it and what to do if you’ve been compromised. Join us to learn what Symantec customers and non-customers can do against this threat and future threats like it. Register Now (CLICK HERE)
new event 10 May 2017
WEBINAR:  Symantec Endpoint Protection 14: Part 5 of 5: A Step-By-Step Approach for Endpoint Detetion & Response TIME: 10:00 AM (PST) / 1:00 PM (EST) SPEAKER: Scott Hardie, System Engineer, Symantec Endpoint Detection and Response (EDR) was developed as a way to address Advanced Persistent Threats (APTs). It is the sneakiness of APTs that make them so dangerous and so difficult ...
updated event 08 May 2017
WEBINAR: Data-Centric Security: A Best Practice Approach TIME: 10:00 AM PT / 1:00 PM ET DATE: June 22, 2017 SPEAKERS: Guest Speaker Heidi Shey - Senior Analyst at Forrester and Nico Popp - SVP Engineering,  Information Protection at Symantec Keeping data safe pays dividends for protecting your reputation and retaining trust. No-one wants to suffer a breach, let alone a mega ...
updated event 02 May 2017
(Agenda will be decided in spring 2017.)
updated event 02 May 2017
(Agenda should be nailed down by April 2017.)
updated event 27 Apr 2017
Please join us for 1.5 days of exclusive training on Symantec Control Compliance Suite on May 16-17 in Chicago.  This FREE technical workshop will include deep dives on a range of topics such as: Best practices for deployment, configuration, scalability, and troubleshooting Vulnerability management Control Compliance Suite platform generic collector and script engine Check ...
new video 27 Apr 2017
This video forms part of a series which describes the actions administrators will need to take in order to setup the Symantec Email Quarantine when they are using the Symantec Email Security.cloud service. This video focuses on creating the correct user permissions in the ClientNet portal to ensure that the quarantine administrator may take all necessary actions.
new video 27 Apr 2017
This video forms part of a series which describes the actions that administrators will need to take in order to setup the Symantec Email Quarantine when they are using the Symantec Email Security.cloud service. This video looks at the Quarantine portal and some of the more common actions that administrators may wish to take, such as customizing the Email Notifications that are generated to end ...
new video 27 Apr 2017
This video forms part of a series which describes the actions that administrators will need to take in order to setup the Symantec Email Quarantine when they are using the Symantec Email Security.cloud service. This video looks at the Quarantine options in ClientNet itself and the various options available for quarantine administrators to configure.
updated video 27 Apr 2017
This video forms part of a series which describes the actions that administrators will need to take in order to setup the Symantec Email Quarantine when they are using the Symantec Email Secrurity.cloud service. In this video you will be walked through how to turn on quarantine settings for the services that are included in your bundle: either Anti-Spam only, or Anti-Spam, Data Protection ...
updated video 10 Feb 2017
The world is changing. We are entering another era of IT, where enterprises are experiencing a fundamental shift in the way their workforce consumes technology. Personally owned devices ubiquitously connected in today’s world, are giving way to cloud-based applications and repositories in almost every region and vertical. The shift of workloads to cloud applications such as Office365, Google ...
new idea 23 May 2017
While I am working on DLP since more than 5+ yrs, I feel many times that there should be one more filter must be present before pulling the reports. The filter must allow to set the date or time of last communicated/connected time which will help us to get the precise reports.
new idea 22 May 2017
Want to be able to whitelist/exclude USB devices that we don't want blocked by the USB device Control option when it set to "BLOCKED". Currently it would block all USB devices including printers and wireless keyboard/mouses due to the blocking and need to enter a password to unblock it till the machine reboots.
updated idea 22 May 2017
We have a content filtering policy set up as per the screenshot below. It checks on outbound emails whether a domain of a recipient in the recipient field of a message matches an entry in a managed dictionary or matches some specific "wildcard" type domains. If one of the conditions are met it will force the email to go via TLS. The domains specified in the dictionary and the conditions ...
new idea 19 May 2017
Many of your customers are expressing an urgent need to receive Attacker IP Address in SEP email alerts. In addition, I would like to find this information somewhere in the affected computer's log files or Windows event log. Without this information, it takes much more time to log onto your web site and retrieve and we cannot script a response in our firewalls, etc.
new idea 16 May 2017
We currently have SEP v14 MP1 installed in our environment.  I've seen some other endpoint protection products that track the footsteps of a threat on a compromised computer.  Some even put this in graphical form to make it easier to see the big picture of what was accessed.  It would be great if Symantec would incorporate something like this into SEP.
new idea 15 May 2017
When creating, editing or modifying Symantec Endpoint Protection's Application and Device Control policies, you sometimes need to restart the computer to force the rules to take effect. Would like to request this behavior be changed to prevent the need to restart, especially when trying to use Application and Device Control to block  malicious software from running prior to detection ...
new idea 15 May 2017
We dont want users to have pop up appear for every single clean file.  It would be great if notifications for clean files could be turned off. Obviouslly we want to keep the notificaions of files that have problems.  I know that notifications can be turned off of all notifications through the bacl end of symantec on the local machines, but that turns off all notifications. Ideally it ...
Member Name
Reward Points
All Time
Member Name
Reward Points
Last 30 Days
Member Name
ArticlesSolved
Mithun Sanghavi
1,266
60
SMLatCST
436
1
jjesse
107
24
ℬrίαη
2,760
21

A Message From Your Community Manager: RGMDonaldson

Welcome to the Security Community on Symantec Connect.

The Security Community covers many different security products from Symantec and provides valuable technical information for each.

Please feel free to contact me via private message with any questions you may have.

I look forward to hearing from you and answering any questions about the Community.

Login to contact the Community Manager.