Temp de scan trop long

June 5, 2013, 12:06 am

I need a solution

Bonjour,

J'explique un peu mon problème, nous avons un serveur Symantec EndPoint Protection 12.1.2015 qui gère plus ou moins 700 machines.

Toutes les machines ont un scan complet tous les samedi.

Dans ces machines nous avons un serveur de fichiers qui devient fort volumineux et la durée du scan prend maintenant 4 jours, ce qui est trop long.

Y-a-t-il moyen de réduire le temps de scan par un système de "white liste" de fichiers ? Genre les fichiers qui n'ont pas été modifiés ne seront pas scannés ?

D'avance merci

↧

CCS reports in CSV format

June 5, 2013, 12:08 am

≫ Next: Mistakes are costing companies millions from avoidable data breaches

≪ Previous: Temp de scan trop long

I need a solution

Dears,

i have a problem with Excel format of CCS reports , it contains alot of data and cannot create pivot table from these files.

is it possible to have these reports in CSV format .

regards

↧

Mistakes are costing companies millions from avoidable data breaches

June 5, 2013, 12:14 am

≫ Next: SEP 12.1 Manager - Push only to clients without SEP

≪ Previous: CCS reports in CSV format

Lately not a day goes by without a major news story on cybercriminals, hacktivists, and spies. These are generally viewed as the main threat actors behind the data breaches that we spend so much time -- and budget -- fighting. But what about Anne in Accounting, Sam in Sales and Paul in Production? While malicious attacks are certainly a significant problem and make for thrilling headlines, it’s mistakes made by people and systems that actually cause the majority of data breaches.

According to the 2013 Cost of a Data Breach study, negligence and system glitches together accounted for 64 percent of data breaches last year. These can include employees mishandling information, violations of industry and government regulations, inadvertent data dumps, stolen laptops, and wrongful access.

Insiders greatly contribute to data breaches. In fact, in the eight years since Symantec started tracking data breach costs with the Ponemon Institute, the insider threat leading to data breach has increased 22 percent. What’s even more concerning is these trusted insiders likely don’t know they’re doing something wrong. In related research, we found that 62 percent of employees think it is acceptable to transfer corporate data outside the company on personal devices and cloud services. And the majority never delete the data, leaving it vulnerable to data leaks.

These breaches caused by human error are significant. At $159 per compromised record in the United States ($117 globally), the mistakes made by trusted employees are costing enterprises a lot of money. While the cost of a data breach can vary widely because of the types of threats and data protection laws, the financial consequences are serious worldwide.

But this year’s report is not all bad news -- in the United States, the total cost per data breach was down slightly at $5.4 million. This suggests that organizations have made improvements in how they plan for and respond to data breach incidents. Certain factors can help organizations reduce the cost of a data breach such as having a strong security posture and an incident response plan, and appointing a CISO.

So what would a data breach cost your company? You can calculate an estimate of it yourself at www.databreachcalculator.com. This free tool from Symantec lets you connect the dots between all of this research by estimating how a data breach could impact your company.

While we struggle to keep cybercriminals out of our data center, we must not ignore the risk of data breach posed by people within our organizations.

The mistakes of our employees can be just as damaging as a breach caused by cybercriminals, hactivists and spies. Two-thirds of data breaches are right under our noses and more easily avoidable if we’d just pay attention to it. Symantec recommends the following best practices to prevent a data breach and reduce costs in the event of one:

Educate employees and train them on how to handle confidential information.
Use data loss prevention technology to find sensitive data and protect it from leaving your organization.
Deploy encryption and strong authentication solutions.
Prepare an incident response plan including proper steps for customer notification.

You can learn more about the Cost of a Data Breach study and download the global report and nine country reports for the United States, United Kingdom, France, Germany, Italy, India, Japan, Australia, and Brazil at http://bit.ly/10FjDik.

↧

SEP 12.1 Manager - Push only to clients without SEP

June 5, 2013, 12:14 am

≫ Next: トルコ警察になりすました Facebook のセキュリティ詐欺

≪ Previous: Mistakes are costing companies millions from avoidable data breaches

I need a solution

Simple enough I hope. I have about half the PCs deployed to, some were off, some didn't want to at the time (Manager's PCs and such) just in case. How do I deploy to just the clients via the Push method that don't have the client already?

↧

トルコ警察になりすました Facebook のセキュリティ詐欺

June 5, 2013, 12:16 am

≫ Next: archive bit

≪ Previous: SEP 12.1 Manager - Push only to clients without SEP

寄稿: Avdhoot Patil

フィッシング攻撃のプラットフォームとしてソーシャルネットワークサイトを集中的に利用する例が後を絶ちません。シマンテックでも、ソーシャルネットワークに関連したフィッシング攻撃を何度も確認しています。フィッシングの餌としては、有名人を利用した宣伝、偽のアプリケーション、無料の通話時間、懸賞などが多用されています。最近では、トルコの Facebook ユーザーを標的としたフィッシング攻撃で、トルコ警察が悪用された例があります。このフィッシングサイトは、無料の Web ホスティングサイトをホストとして利用していました。

図. トルコ警察の正規の Web ページに見せかけたフィッシングサイト

このフィッシングサイトはトルコ語で書かれており、トルコの治安局長が所有者だと謳っています。さらに、トルコ警察が最近 Facebook アカウント情報の盗難を確認したため、Facebook の情報漏えい対策として Web サイトを作成したという説明が続きます。また、トルコの刑法に従って、ユーザーは正しい情報を入力する必要があり、ログイン情報を入力すれば、ユーザーアカウントの保護申請が警察に送信されると書かれています。

フィッシングページには、アンカラにあるトルコ警察本庁の名前と住所が記され、このメッセージはトルコ警察のセキュリティシステムから送信されたことになっていますが、言うまでもなく、フィッシングサイトはユーザーのログイン情報を盗み出す目的で作成されたものです。ログイン情報を入力すると、フィッシングページは正規の Facebook サイトにリダイレクトされます。

このフィッシング詐欺に引っかかってログイン情報を入力すると、詐欺師に情報を盗み出されてしまいます。

インターネットを利用する場合は、フィッシング攻撃を防ぐためにできる限りの対策を講じることを推奨します。

電子メールメッセージの中の疑わしいリンクはクリックしない。
電子メールに返信するときに個人情報を記述しない。
ポップアップページやポップアップ画面に個人情報を入力しない。
個人情報や口座情報を入力する際には、鍵マーク、「https」の文字、緑色のアドレスバーなどが使われていることを確かめ、その Web サイトが SSL で暗号化されていることを確認する。
ノートンインターネットセキュリティやノートン 360 など、フィッシング詐欺およびソーシャルネットワーク詐欺から保護する統合セキュリティソフトウェアを使う。
電子メールで送られてきたリンクや、ソーシャルネットワークに掲載されているリンクがどんなに魅力的でも不用意にクリックしない。
偽の Web サイトや電子メールを見かけたら通知する（Facebook の場合、フィッシング報告の送信先は phish@fb.com）。

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

↧

archive bit

June 5, 2013, 12:26 am

≫ Next: Service Pack 1 (SP1) for Symantec System Recovery (SSR) 2013 pushed to client machines that already have SP1 installed when pushed via Symantec System Recovery Management Solution (SSR-MS).

≪ Previous: トルコ警察になりすました Facebook のセキュリティ詐欺

I need a solution

Is there any one knows why archive bit ? and who controle archive bit ?

how server find archive bit status?

↧

Service Pack 1 (SP1) for Symantec System Recovery (SSR) 2013 pushed to client machines that already have SP1 installed when pushed via Symantec System Recovery Management Solution (SSR-MS).

June 6, 2013, 4:12 am

≫ Next: EV client - problems opening archived items

≪ Previous: archive bit

Severity:

Non-data threatening / major functionality

Status:

Investigating/gathering information

Tech Note:

206975

Problem

Service Pack 1 (SP1) for SSR 2013 is automatically pushed to client machine that already have SP1 installed when pushed via Symantec System Recovery Management Solution (SSR-MS). By default, the install policy/package will reboot these client machines.

Error

N/A

Solution

At this time, no workaround is available.

Symantec Corporation has acknowledged that the above-mentioned issue is present in the current version(s) of the product(s) mentioned at the end of this article. Symantec Corporation is committed to product quality and satisfied customers.

This issue is currently under investigation by Symantec Corporation. Pending the outcome of the investigation, this issue may be resolved by way of a patch or hotfix in current or future revisions of the software. However, this particular issue is not currently scheduled for any release. If you feel this issue has a direct business impact for you and your continued use of the product, please contact your Symantec Sales representative or the Symantec Sales group to discuss these concerns. For information on how to contact Symantec Sales, please see http://www.symantec.com

Please be sure to refer back to this document periodically as any changes to the status of the issue will be reflected here.

↧

EV client - problems opening archived items

June 6, 2013, 4:40 am

≫ Next: Patch Management reports

≪ Previous: Service Pack 1 (SP1) for Symantec System Recovery (SSR) 2013 pushed to client machines that already have SP1 installed when pushed via Symantec System Recovery Management Solution (SSR-MS).

I need a solution

EV Client 10.0.1, EV server version 9.0.0.

Some users have problems when opening same archived e-mail more than one time.

First time they open the archived e-mail in outlook (dobbel-click), it is opening as usual.
Next time, only the shortcut is opened.

If the user try another archived e-mail, this is opening fine the first time, then this is failing as well.

The same problem occurs from Archive Explorer and Archive Search,

I did set the tracing to max on the client, and in this log I can see the URL to the archived item. If I copy this URL to IE, I can open the archived item several times without problems.

Any tips on this problem?

everror.txt

↧

Patch Management reports

June 6, 2013, 4:55 am

≫ Next: Exclude time on Backup job.

≪ Previous: EV client - problems opening archived items

I need a solution

Is there any way I can bring up a report on a machine and see what isn't installed, and also include the policy those patches may be in ?

↧

Exclude time on Backup job.

June 6, 2013, 5:52 am

≫ Next: CMS: Patch assessment failed (exit code 4)

≪ Previous: Patch Management reports

Problem.

We have backup jobs that takes Log backup of our SQL every 10 minutes, we need to exclude this from running between 01:00 - 06:00 (For example) when other jobs are running and due to server fixed reboots.
At present Backup Exec is flawed and does not have this functionality and that is a huge problem for us moving forward with Symantec.
We have waited now a year for a solution and hope it will be solved soon we cannot recommend to use symantec until that time.

Solution, add exclude time frame meny og backup job level example

Job 1 , dayli every 10 min, excluding (Select timframe)

Thanks

PS
(Would like to be in BETA for testing this thanks)

↧

CMS: Patch assessment failed (exit code 4)

June 6, 2013, 6:07 am

≫ Next: Difficulty virtualizing Smart Notebook with Symantec SWV

≪ Previous: Exclude time on Backup job.

I need a solution

Hi,

I have troubles to make the patch assessment work. I always get the exite code 4.
Running it manually already doesn't work. The error message is the following:

Utils::ConnectionPointSinkImpl<struct ShavlikAssessmentSdk::IRunEvents>::AttachToSource()- ptrIUnknownOfSource.QueryInterface<IConnectionPointContainer>() failed (hr=0x80004002).

Patch assessment failed (exit code 4).

Thanks in advance,

↧

Difficulty virtualizing Smart Notebook with Symantec SWV

June 6, 2013, 6:07 am

≫ Next: How to block access using SEP client.

≪ Previous: CMS: Patch assessment failed (exit code 4)

I need a solution

Hello,

I wish to install Smart Notebook software (http://smarttech.com/notebook) into a "virtual layer" using Symantec Workspace Virtualization on a Windows 7 64 bit operating system. I have done this successfully, however, when running the Smart Notebook software and viewing content (within its format) that incorporates Flash video files, Smart Notebook reports that Flash is not installed when in fact it is.

Is there a setting that I should be applying in order to help virtualized Smart Notebook software see and work with Adobe Flash (system plugin)?

Your help is appreciated.

↧

How to block access using SEP client.

June 6, 2013, 6:11 am

≫ Next: Need a Manual way to replace the Sylink.xml on a Windows 2003 32 Server

≪ Previous: Difficulty virtualizing Smart Notebook with Symantec SWV

I need a solution

Hi all!!!

I am using Symantec Endpoint Protection in my company from 2008. But need Yours help. We have latest SERM 12.1.2100.

I would like to block access to servers shared folders, access via VNC to servers and so on, from computers which has an old defenitions or hasn't Symantec Endpoint Protection Client at all.

I would like the SEP client installed on the servers to control access. (may be using SEP Embeded Firewall or SNAC)

Thanks!

↧

Need a Manual way to replace the Sylink.xml on a Windows 2003 32 Server

June 6, 2013, 6:19 am

≫ Next: SSR 2013 SP1

≪ Previous: How to block access using SEP client.

I need a solution

Ever since we went from v.11 to v.12, I have NO idea where the Sylink files that I need to replace is in order to make a client go from unmanaged to managed, I know of the sylink drop utilities, but I want to know the location of the Sylink.xml file, so I can replace it manually. WIndows 2003 Server 32 Bit systen.

V. 12. 2093

↧

SSR 2013 SP1

June 6, 2013, 6:20 am

≫ Next: Media server IP has changed and this is not working

≪ Previous: Need a Manual way to replace the Sylink.xml on a Windows 2003 32 Server

I need a solution

I'm subscribed to Chris' posts, and I received an email reply to a post about SSR 2013 SP1. Huh? First time I heard of it's existance. Does a home user need to worry about SP1? The program doesn't automatically check, and tell me if there's an update? I don't even receive an email about it? I have to remember to check Symantec's website manually, occassionally, to see if it's current?

Thank you

↧

Media server IP has changed and this is not working

June 6, 2013, 6:31 am

≫ Next: Way to see the loaded in Standalone tape drive remotetly

≪ Previous: SSR 2013 SP1

I need a solution

Hi,

Today, IP of 1 of my media server has changed and that media server is now showing as ping failed in Host properties.

The new IP is pingable from the master server and vice versa. Could you please let me know the places where i need to make the necessary changes (both master & media servers) so that it reflects the new IP and has connectivity.

The OS is Windows 2008 server of both master and media running Netbackup 7.1.0.3.

Kindly suggest asap please..

↧

Way to see the loaded in Standalone tape drive remotetly

June 7, 2013, 3:33 am

≫ Next: iam trying to pull up basic reports through the Altiris console

≪ Previous: Media server IP has changed and this is not working

I need a solution

Can someone tell me the command or way to find out if the tape is loaed in Standalone tape?

I work from a remote place and need to find out if tape is there in the drive or not?

I know one command vmoprcmd -d where it is not showing anything in Recorded Media but Ready status is YES

PENDING REQUESTS

<NONE>

DRIVE STATUS

Drv Type Control User Label RecMID ExtMID Ready Wr.Enbl. ReqId

0 hcart2 AVR No Yes Yes 0

ADDITIONAL DRIVE STATUS

Drv DriveName Shared Assigned Comment

0 HP.ULTRIUM5-SCSI.000 No -

Thank you all in adavance.

↧

iam trying to pull up basic reports through the Altiris console

June 7, 2013, 3:40 am

≫ Next: EV10 Tiered Storage questions

≪ Previous: Way to see the loaded in Standalone tape drive remotetly

I need a solution

iam trying to pull up basic reports through the Altiris console, do i need the IT Analytics to be configured ? or can i still go ahead and pull up the basic reports

right now i have access to around 50 machines, they are all Lab machines

i am able to view the collection and also able to filter the machine with respect to their OS etc...

Thank you

Tanoj

↧

EV10 Tiered Storage questions

June 7, 2013, 3:43 am

≫ Next: Create custom Group to deploy SEP on Altiris

≪ Previous: iam trying to pull up basic reports through the Altiris console

I need a solution

We are looking to deploy EV10 within the next few months, but I'm trying to get a better understanding of how the storage works.

We want to deploy a tiered storage model, using fast storage for indexes and new data, with mail migrating to slower storage after a period, and eventually migrating to tape.

On this basis:

- In a multi-server environment, how does the server interact with the storage layer? Are there any concerns with file locks etc if one of the servers goes down?

- How does mail move between tiers? What service is responsible for this? What happens if this service fails?

- How does SIS affect this? Is it possible for a new piece of mail to match one that has already moved to tape? If so, how will EV address this?

Any documentation/process diagrams which can provide some insight on the above would be much appreciated.

Thanks

↧