Tag: Security

Read Using the command-line interface section in administration_guide.pdf which explains all basic logging tasks for SEP client SEP Client Log File: C:Program FilesSymantecSymantec Endpoint ProtectionSyslog.log Enabling debug logging: C:>"Program FilesSymantecSymantec Endpoint ProtectionSmc.exe" -stop C:>reg add "HKLMSOFTWARESymantecSymantec Endpoint ProtectionSMC" /f /v smc_debuglog_on /t REG_DWORD /d 1 C:>"Program FilesSymantecSymantec Endpoint ProtectionSmc.exe" -start Check the Debug log file: C:Program FilesSymantecSymantec Endpoint Protectiondebug.log Remotely drop SyLink.xml file: C:>psexec \TESTPC1 -s C:tempSylinkDrop.exe -silent C:tempSyLink.xml PsExec v1.5 – execute processes remotely Copyright (C) 2001-2004 Mark Russinovich www.sysinternals.com Sylink file has been successfully replaced. C:tempSylinkDrop.exe exited on TESTPC1 with error code 0. < p>C:>

Check the status of reported client in SEPM console If client is ”’active”’, Run "Update Content" command from SEPM. To verify what definitions that client running with, check below files: C:>type "\<workstation name>c$Program FilesCommon FilesSymantec SharedVirusDefsusage.dat" (definitions in use) C:>type "\<workstation name>c$Program FilesCommon FilesSymantec SharedVirusDefsdefinfo.dat" (definitions dates) If client is ”’active but connected to remote site servers”’ (Computer icon with single red cross arrow) then Check if PC is able to resolve it’s local SEPM servers. Try flushing the DNS cache and see if client makes connection to local SEPM servers If still fails, drop the latest (you may copy […]

Resolving Risks: Every risk alert should be treated as high priority and attended to at the earliest to stop any risk activity. Immediately Disconnect or Shutdown the reported computer from the network. Once disconnected, ensure the latest virus definitions are updated on the machine and run a local full scan on the machine. Determine the risk severity using below strategies and act appropriately. If the risk incident obeys any of the below conditions then it’s considered to be a high severity risk otherwise a low severity risk: From the data in the risk request, · Sum of risk count per […]