On January 30th, the New York Times published a story about themselves. They were infected with an advanced persistent threat, and had called in Mandiant to clean up the mess. The quote repeated many times on twitter was Over the course of three months, attackers installed 45 pieces of custom malware. The Times — which …
Continue reading ‘NY Times – A poor craftsman blames his tools’ »
This week we upgraded the production Symantec Endpoint Protection Manager (SEPM) server to 12.1.2 (aka 12.1 ru2). Unlike previous upgrades on the production server, this one was smooth as silk. Before leaving, we exported the 32 bit workstation client packages and there was no issue with that. The next day my officemate was trying to …
Just last week someone commented on a very old post asking if my problems with virtualization with Symantec Endpoint Protection (SEP) were ever solved. That was a addressed in an early maintenance release for SEP11. That was a very specific specific issue. This week Symantec released an updated Best practices for virtualization with Symantec Endpoint Protection …
Symantec Endpoint Protection 12.1.2 has been released. The release notes are available here. The download is available through Fileconnect. The same serial number as for 12.1 worked for me. Of primary interest to me is support for Windows 2012, Windows 8 and Apple OS X 10.8 (Mountain Lion). The Client Deployment Wizard can now deploy …
Continue reading ‘Symantec Endpoint Protection 12.1.2 Released’ »
In a blog post on Friday VirusTotal announced they’d been purchased by Google. The post says that “VirusTotal will continue to operate independently, maintaining our partnerships with other antivirus companies and security experts.” VirusTotal is a website where you can upload a file or a url to be scanned by multiple scanners. Files are currently scanned by over 30 scan …
About a week ago, Brandon Dixon blogged about malicious PDF sample in the wild that was a PDF in a XDP file. XDP is an XML Data Package. What he found was antivirus and IPS scanners weren’t looking inside the XDP file to see the malicious code in the contained PDF. For the lay person, this is roughly analogous to not …
Source code for Symantec Endpoint Protection 11 and Symantec Antivirus 10 has been stolen. According to speculation in news reports, the source code had been provided to the Indian government and was compromised from their servers. Security companies often provide source code to be able to sell software in a country. I suppose they are worried about …
Over on Symantec Connect (the Symantec support forum), I frequently see people ask about the ability to automatically scan a removable drive when it is connected to a system. They also submit it as an “idea”. The Idea section is where you can make product suggestions that users can discuss and vote up or down. I …
Android malware has certainly been in the news a lot this week. First, I read a AV-Test report that found the free antivirus for Android is garbage. In a on-demand scan “the best free app was Zoner AntiVirus Free with 32% detected malicious apps. All other scanners detected at best 10% of the apps, some didn’t …
Symantec Endpoint Protection 12.1 RU1 is out. The list of fixes and features is here. I upgraded my test server no problem. That is the server where everything always works out fine. SEP 12.1 RU1 is version 12.1.1000.157. The previous version was 12.1.671.4971. So of course when you log into SEPM, click on admin and Client Install …