Video Screencast Help
We've launched some major improvements to the interface and community structure. Learn about them here!
updated discussion 23 May 2017
How to resolve this issue ?  What could be the possible isolation steps to remediate this infections and locate the infected file ? 
updated discussion 23 May 2017
How to resolve this issue ?  What could be the possible isolation steps to remediate this infections and locate the infected file ? 
updated article 10 May 2017
The attached document will give you an overview on how to setup the Symantec Email Quarantine.
updated article 08 May 2017
Introduction By popular demand, below is an index of my Connect articles.  Illustrated, semi-formal and mildly amusing, I hope they assist admins and individuals along their neverending quest to find a safe path in this ever more dangerous world.... Security Series The first article, Using SEPM Alerts and Reports to Combat a Malware Outbreak, demonstrated how to use ...
updated article 08 May 2017
Introduction This is the sixteenth in my Security Series of Connect articles.  For more information on how to keep your enterprise environment secure using often-overlooked capabilities of Symantec Endpoint Protection (and the OS upon which it functions), see Mick's Greatest Hits: Index of Helpful Connect Security Articles. This article begins a new mini-series about a much misunderstood ...
new article 08 May 2017
Is it possible to monitor specific progress status with Host Integrity (HI) policy in endpoint protection? The answer is yes. Here is a simple example of how to set the requirement in HI policy. Details steps as below: 1. Edit HI policy--> click Requirements--> click "add" button--> select client platform: Windows and select "Custom requirement", click Ok: 2. On the custom requirement ...
updated blog entry 23 May 2017
UPDATE: May 23, 2017 00:30 GMT: Symantec has uncovered further links to more closely tie the WannaCry attacks with the Lazarus group. For further details, see: WannaCry: Ransomware attacks show strong links to Lazarus group UPDATE: May 15, 2017  23:24:21 GMT: Symantec has uncovered two possible links that loosely tie the WannaCry ransomware attack and the Lazarus group: Co-occurrence ...
updated blog entry 23 May 2017
Tools and infrastructure used in the WannaCry ransomware attacks have strong links to Lazarus, the group that was responsible for the destructive attacks on Sony Pictures and the theft of US$81 million from the Bangladesh Central Bank. Prior to the global outbreak on May 12, an earlier version of WannaCry (Ransom.Wannacry) was used in a small number of targeted attacks in February, March, ...
new blog entry 22 May 2017
勒索软件WannaCry攻击事件中使用的工具和基础设施与Lazarus有着紧密联系。该团伙曾对索尼影业公司进行摧毁性攻击,还曾从孟加拉央行盗取8100万美元。 在5月12日WannaCry全球性爆发前,其早期版本(Ransom.Wannacry) ...
updated blog entry 22 May 2017
WannaCry ランサムウェアの攻撃で使われているツールとインフラストラクチャは、Lazarus グループとつながりがあることが濃厚になってきました。Lazarus は、Sony Pictures Entertainment に対して破壊的な攻撃をしかけ、バングラデシュの中央銀行から 8,100 万米ドルを盗み取ったグループです。 5 月 12 日の世界的な大流行以前、今年の 2 月、3 月、4 月には、WannaCry の初期バージョン(Ransom.Wannacry)が、少数ながら標的型攻撃に使われたことがあります。この初期バージョンも、2017 年 5 月に発生したバージョンとほぼ同一ですが、ただひとつ、拡散方法だけが違っていました。シマンテックセキュリティレスポンスのチームが、こうした初期の WannaCry 攻撃を解析したところ、WannaCry ...
updated blog entry 22 May 2017
It's fun when two or more research lines intersect... I meant to do a post on a new twist in "Russian Bride/Dating" spam that I noticed a month or two ago, but didn't have enough time, thanks to the series of recent posts on Search Engine Poisoning (which showed that SEP attacks are still alive and well on the Internet). To make SEP attacks work, the Bad Guys need large networks of interlinked ...
updated blog entry 22 May 2017
In the previous post on recent Search Engine Poisoning (SEP) data, there were a few pieces of interesting research that "missed the cut-off". But they're worth a look... Image Searches Back in Part 6 of our original research, we looked at the ratio of SEP clicks on image searches versus text searches. We calculated, as of early 2012, that around 9.23% of the SEP events had begun with an image ...
updated download 24 Apr 2017
Symantec DCS Policy Utility v1.0.0.11 For Windows OS (Note .NET Framework 4.5 is required) Designed to help you tune your policy by processing the log files from an Agent. There's a getting started tab that explains the best steps to get the logs and events you need to troubleshoot your policy. The program does not make any changes to the machine or policy. It parses the sisidsevents and ...
updated download 17 Apr 2017
The database space reclamation utility lets you reclaim unused incident LOB space in your Symantec Data Loss Prevention Oracle 11g Standard database. This can use the database space reclamation utility after migrating incident attachments to external storage, or after deleting a large number of incidents.
new event 17 May 2017
WEBINAR: Using the NIST Cybersecurity Framework to Identify PHI TIME: 10:00 AM (PST) / 1:00 PM (EST) SPEAKERS: Axel Wirth, CPHIMS, CISSP, HCISPP, Technical Architect, Symantec & Vishal Gupta, VP, Engineering/Product Management, Symantec Part 2 of 7: The NIST Cybersecurity Framework Healthcare Webinar Series Of the 16 critical infrastructure sectors, healthcare is the only one yet to ...
updated event 16 May 2017
WEBINAR ON-DEMAND VIEW ANY TIME Don’t Cry Over WannaCry Ransomware Wannacry is big but how big is it really? It’s important to understand how this piece of ransomware is operating, what you can do to stop it and what to do if you’ve been compromised. Join us to learn what Symantec customers and non-customers can do against this threat and future threats like it. Register Now (CLICK HERE)
new event 10 May 2017
WEBINAR:  Symantec Endpoint Protection 14: Part 5 of 5: A Step-By-Step Approach for Endpoint Detetion & Response TIME: 10:00 AM (PST) / 1:00 PM (EST) SPEAKER: Scott Hardie, System Engineer, Symantec Endpoint Detection and Response (EDR) was developed as a way to address Advanced Persistent Threats (APTs). It is the sneakiness of APTs that make them so dangerous and so difficult ...
updated event 08 May 2017
WEBINAR: Data-Centric Security: A Best Practice Approach TIME: 10:00 AM PT / 1:00 PM ET DATE: June 22, 2017 SPEAKERS: Guest Speaker Heidi Shey - Senior Analyst at Forrester and Nico Popp - SVP Engineering,  Information Protection at Symantec Keeping data safe pays dividends for protecting your reputation and retaining trust. No-one wants to suffer a breach, let alone a mega ...
updated event 02 May 2017
(Agenda will be decided in spring 2017.)
updated event 02 May 2017
(Agenda should be nailed down by April 2017.)
updated event 02 May 2017
Please join us for the next Pittsburgh Security User Group meeting on June 6, 2017 from 2pm to 5pm at the Jerome Bettis Grille 36 -- 393 N. Shore Dr. Pittsburgh, PA 15212. Agenda 2:00 – 5:00 pm Welcome & Introductions Symantec Presentation: Tony Stasa & Valerie Zaucha Customer Presentation: TBD Customer Roundtable (3-4 topics/groups) Conclusion, Feedback survey & Prize Drawings
updated event 27 Apr 2017
Please join us for 1.5 days of exclusive training on Symantec Control Compliance Suite on May 16-17 in Chicago.  This FREE technical workshop will include deep dives on a range of topics such as: Best practices for deployment, configuration, scalability, and troubleshooting Vulnerability management Control Compliance Suite platform generic collector and script engine Check ...
new event 26 Apr 2017
WEBINAR: 2017 Internet Security Threat Report (ISTR): A Review of the Threat Landscape TIME: 10:00 AM (PST) / 1:00 PM (EST) DATE: May 16, 2017 SPEAKER: Kevin Haley, Director of Product Management for Symantec Security Technology and Response 2016 saw major shifts in techniques used by targeted attackers, the continued rise of ransomware and significant attacks from IoT ...
new video 27 Apr 2017
This video forms part of a series which describes the actions administrators will need to take in order to setup the Symantec Email Quarantine when they are using the Symantec Email service. This video focuses on creating the correct user permissions in the ClientNet portal to ensure that the quarantine administrator may take all necessary actions.
new video 27 Apr 2017
This video forms part of a series which describes the actions that administrators will need to take in order to setup the Symantec Email Quarantine when they are using the Symantec Email service. This video looks at the Quarantine portal and some of the more common actions that administrators may wish to take, such as customizing the Email Notifications that are generated to end ...
new video 27 Apr 2017
This video forms part of a series which describes the actions that administrators will need to take in order to setup the Symantec Email Quarantine when they are using the Symantec Email service. This video looks at the Quarantine options in ClientNet itself and the various options available for quarantine administrators to configure.
updated video 27 Apr 2017
This video forms part of a series which describes the actions that administrators will need to take in order to setup the Symantec Email Quarantine when they are using the Symantec Email service. In this video you will be walked through how to turn on quarantine settings for the services that are included in your bundle: either Anti-Spam only, or Anti-Spam, Data Protection ...
updated video 10 Feb 2017
The world is changing. We are entering another era of IT, where enterprises are experiencing a fundamental shift in the way their workforce consumes technology. Personally owned devices ubiquitously connected in today’s world, are giving way to cloud-based applications and repositories in almost every region and vertical. The shift of workloads to cloud applications such as Office365, Google ...
new idea 23 May 2017
While I am working on DLP since more than 5+ yrs, I feel many times that there should be one more filter must be present before pulling the reports. The filter must allow to set the date or time of last communicated/connected time which will help us to get the precise reports.
new idea 22 May 2017
Want to be able to whitelist/exclude USB devices that we don't want blocked by the USB device Control option when it set to "BLOCKED". Currently it would block all USB devices including printers and wireless keyboard/mouses due to the blocking and need to enter a password to unblock it till the machine reboots.
updated idea 22 May 2017
We have a content filtering policy set up as per the screenshot below. It checks on outbound emails whether a domain of a recipient in the recipient field of a message matches an entry in a managed dictionary or matches some specific "wildcard" type domains. If one of the conditions are met it will force the email to go via TLS. The domains specified in the dictionary and the conditions ...
new idea 19 May 2017
Many of your customers are expressing an urgent need to receive Attacker IP Address in SEP email alerts. In addition, I would like to find this information somewhere in the affected computer's log files or Windows event log. Without this information, it takes much more time to log onto your web site and retrieve and we cannot script a response in our firewalls, etc.
new idea 16 May 2017
We currently have SEP v14 MP1 installed in our environment.  I've seen some other endpoint protection products that track the footsteps of a threat on a compromised computer.  Some even put this in graphical form to make it easier to see the big picture of what was accessed.  It would be great if Symantec would incorporate something like this into SEP.
new idea 15 May 2017
When creating, editing or modifying Symantec Endpoint Protection's Application and Device Control policies, you sometimes need to restart the computer to force the rules to take effect. Would like to request this behavior be changed to prevent the need to restart, especially when trying to use Application and Device Control to block  malicious software from running prior to detection ...
new idea 15 May 2017
We dont want users to have pop up appear for every single clean file.  It would be great if notifications for clean files could be turned off. Obviouslly we want to keep the notificaions of files that have problems.  I know that notifications can be turned off of all notifications through the bacl end of symantec on the local machines, but that turns off all notifications. Ideally it ...
Member Name
Reward Points
All Time
Member Name
Reward Points
Last 30 Days
Member Name
Mithun Sanghavi

A Message From Your Community Manager: RGMDonaldson

Welcome to the Security Community on Symantec Connect.

The Security Community covers many different security products from Symantec and provides valuable technical information for each.

Please feel free to contact me via private message with any questions you may have.

I look forward to hearing from you and answering any questions about the Community.

Login to contact the Community Manager.