[Micronet] Symantec Endpoint Protection

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

[Micronet] Symantec Endpoint Protection

Jon Johnsen
I'm curious:

SEP 12.0 was released over six months ago.

Will it be made available to campus?

--
Jon Johnsen
Information Systems Office
433 University Hall
School of Public Health, UC Berkeley
510 643-4357


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Symantec Endpoint Protection

tedcrum
Jon,

Do you know if SEP 12 is fully functional under Windows x64?

-Ted


At 02:05 PM 1/11/2012, you wrote:

>I'm curious:
>
>SEP 12.0 was released over six months ago.
>
>Will it be made available to campus?
>
>--
>Jon Johnsen
>Information Systems Office
>433 University Hall
>School of Public Health, UC Berkeley
>510 643-4357
>
>
>
>-------------------------------------------------------------------------
>The following was automatically added to this message by the list server:
>
>To learn more about Micronet, including how to subscribe to or
>unsubscribe from its mailing list and how to find out about upcoming
>meetings, please visit the Micronet Web site:
>
>http://micronet.berkeley.edu
>
>Messages you send to this mailing list are public and
>world-viewable, and the list's archives can be browsed and searched
>on the Internet.  This means these messages can be viewed by (among
>others) your bosses, prospective employers, and people who have
>known you in the past.



 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Symantec Endpoint Protection

Allison Henry

Hi all, to (briefly) answer these questions:

At this point we have no immediate plans to migrate our management
console to SEP v12, or build and distribute SEP12 clients. If anyone
would like access to the SEP12 Administrator DVD, please let me know and
I will make it available. But we won't be offering support for SEP12,
other that assisting with requests to Symantec technical support if
required.

Both SEP11 and SEP12 are fully supported under Windows x64.

Allison Henry
System and Network Security
University of California, Berkeley
http://security.berkeley.edu

On 1/11/2012 2:54 PM, Ted Crum wrote:

> Jon,
>
> Do you know if SEP 12 is fully functional under Windows x64?
>
> -Ted
>
>
> At 02:05 PM 1/11/2012, you wrote:
>> I'm curious:
>>
>> SEP 12.0 was released over six months ago.
>>
>> Will it be made available to campus?
>>
>> --
>> Jon Johnsen
>> Information Systems Office
>> 433 University Hall
>> School of Public Health, UC Berkeley
>> 510 643-4357
>>
>>
>>
>> -------------------------------------------------------------------------
>> The following was automatically added to this message by the list server:
>>
>> To learn more about Micronet, including how to subscribe to or
>> unsubscribe from its mailing list and how to find out about upcoming
>> meetings, please visit the Micronet Web site:
>>
>> http://micronet.berkeley.edu
>>
>> Messages you send to this mailing list are public and
>> world-viewable, and the list's archives can be browsed and searched
>> on the Internet.  This means these messages can be viewed by (among
>> others) your bosses, prospective employers, and people who have
>> known you in the past.
>
>
>
>  
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Symantec Endpoint Protection

johnww
>On Wed, Jan 11, 2012 at 11:10 PM, Allison Henry <[hidden email]>
wrote:
> Both SEP11 and SEP12 are fully supported under Windows x64.


SEP 11 may be supported, but it is not fully functional. Contextual menu
virus scanning has never worked with SEP 11 on 64-bit Windows.

http://www.symantec.com/business/support/index?page=content&id=TECH105489
http://www.symantec.com/connect/ideas/context-menu-entry-scan-viruses-64-bit-platform
http://www.symantec.com/business/support/index?page=content&id=TECH102143



> On 1/11/2012 2:54 PM, Ted Crum wrote:
>> Jon,
>>
>> Do you know if SEP 12 is fully functional under Windows x64?
>>
>> -Ted
>>

Supposedly SEP 12.1 64-bit has all 32-bit features enabled,
http://www.symantec.com//connect/fr/forums/sep-121-anything-you-cant-do-x64-bit-client
.

John Wuorenmaa
Berkeley Language Center
B-40 Dwinelle Hall
510-877-40002 x17



 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Symantec Endpoint Protection

tedcrum

> > On 1/11/2012 2:54 PM, Ted Crum wrote:
> >> Jon,
> >>>> Do you know if SEP 12 is fully functional under Windows x64?
> >>
> >> -Ted
> >>




> >On Wed, Jan 11, 2012 at 11:10 PM, Allison Henry <[hidden email]>
>wrote:
> > Both SEP11 and SEP12 are fully supported under Windows x64.
>
>

(? wrote [tc])

>SEP 11 may be supported, but it is not fully functional. Contextual menu
>virus scanning has never worked with SEP 11 on 64-bit Windows.
>
>http://www.symantec.com/business/support/index?page=content&id=TECH105489
>http://www.symantec.com/connect/ideas/context-menu-entry-scan-viruses-64-bit-platform
>http://www.symantec.com/business/support/index?page=content&id=TECH102143

John Wuorenmaa wrote:



>Supposedly SEP 12.1 64-bit has all 32-bit features enabled,
>http://www.symantec.com//connect/fr/forums/sep-121-anything-you-cant-do-x64-bit-client
>.
>
>John Wuorenmaa
>Berkeley Language Center
>B-40 Dwinelle Hall
>510-877-40002 x17


In addition to the missing context menu operations that are mentioned
above, the article that John W quotes confirms that the absence of an
outgoing firewall option ("Device Control") in SEP11 x64 is a fault
of the package and not part of the UCB installer. Apparently,
Proactive Threat Protection (Heurisitcs?) is also absent.

SEP 12.1 seems a little raw yet, to read the bug list. But with Adobe
now driving Professional 64-bit installations (the way the maker's
desire to sell more memory drove Home installations)  we may want to
give 12 another look.

-tc

-tc


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Symantec Endpoint Protection

Allison Henry

On 1/19/2012 12:35 PM, Ted Crum wrote:

>> Supposedly SEP 12.1 64-bit has all 32-bit features enabled,
>> http://www.symantec.com//connect/fr/forums/sep-121-anything-you-cant-do-x64-bit-client

> In addition to the missing context menu operations that are mentioned
> above, the article that John W quotes confirms that the absence of an
> outgoing firewall option ("Device Control") in SEP11 x64 is a fault
> of the package and not part of the UCB installer. Apparently,
> Proactive Threat Protection (Heurisitcs?) is also absent.

The "Device Control" feature is not an outgoing firewall; it's part of a
feature set that is used to control the allowed behavior of applications
and devices connected to the client. There are no Application and Device
Control policies applied to the UCB custom install. You can create
outbound firewall rules for x64-bit SEP and the outbound intrusion
detection features work as on the 32-bit clients.

Proactive Threat Protection is present and functional on the x64 bit
SEP11 client. The article references a specific type of keylogger not
detected by Proactive Threat Protection on x64, but detected through the
standard antivirus auto-protect feature. Proactive Threat Protection is
not supported on server OSes however.

> SEP 12.1 seems a little raw yet, to read the bug list. But with Adobe
> now driving Professional 64-bit installations (the way the maker's
> desire to sell more memory drove Home installations)  we may want to
> give 12 another look.

If we opt to stay with Symantec as our AV vendor, which is not at all
clear at this point, we will of course need to plan a migration to 12
eventually. While the lack of contextual menu scanning on 64-bit client
is inconvenient, I do not feel that the feature differences in 32 and 64
bit clients are currently large enough to accelerate migration plans. If
anyone has found additional difficulties with the x64 bit Symantec
clients, pleaes let me know or report to [hidden email]. Thanks,

Allison Henry
System and Network Security
University of California, Berkeley
http://security.berkeley.edu

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Symantec Endpoint Protection

Allison Henry
Another note on Symantec while the topic is active...

Earlier this week someone called me (sorry I forgot who it was!)
requesting a copy of the Symantec Endpoint Recovery Tool. I have posted
this tool on Software Central:

http://ist.berkeley.edu/software-central/symantec-endpoint-protection

This is a bootable ISO that can be used to clean computers too badly
infected to clean while booted. Please be aware that in general we do
not recommend attempting to clean a system this badly damaged. While you
may be able to move the original malware, it is extremely difficult to
find and restore all damage done while the system was compromised, and
attempting to do so may leave behind backdoors left by the hackers that
result in further compromise. However if you feel the need to try the
tool, it is available.

Symantec has posted a video on how to use the tool:

http://www.symantec.com/connect/videos/symantec-endpoint-recovery-tool-sert

Thanks all, and please note that there are more annoucements and
discussion regarding Symantec on the UCB-security list:

https://security.berkeley.edu/node/22#lists

I would encourage anyone who is supporting Symantec clients on campus to
subscribe to UCB-security in order to stay up-to-date on current
developments. Thanks,

Allison Henry
System and Network Security
University of California, Berkeley
http://security.berkeley.edu


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.