In our company we have laptops for sales department and sales team mostly travel outside. my requirement is that can i get logs of those laptop in SEPM ( our office) without VPN when these laptop connect through internet out of my office. is it possible?
how to get logs of Laptop in SEPM without VPN
How a Leading Innovator Protects Intellectual Property
As CIO for the Williams Group, I think a lot about how to secure our information and intellectual property – and we clearly generate a ton of it.
During a typical race weekend, our Formula One team generates about 60 gigabytes of telemetry and 80 gigabytes of additional data, delivering a total of 140 GB that requires analysis in order to determine each critical decision made throughout each practice session, qualifying, and the race on Sunday.
That’s just the half of it.
Throughout qualifying and races, our team also needs to relay that massive amount of data back to our UK headquarters in real time for analysis. All the while, our engineers working in the race pits are accessing streams of information on their laptops to make on-the-spot recommendations on the timing of pit-stops, making fractional front and rear-wing adjustments, and to constantly tune vehicle performance.
So when I say that our company thrives on its intellectual property, this is far beyond being a business truism: IP is our organization’s lifeblood and it’s behind our success winning 16 Formula One championships.
As we’ve digitized our operations, we now face escalating threats from cyber criminals. Each year, attackers show increased sophistication and skill in changing up their tactics. We know there’s a steep price to pay for failure. If any malicious outsiders were to get their hands on our car designs or any other of our IP, it would put Williams’ competitive advantage at dire risk.
A breach would also risk dealing a blow to our reputation for safeguarding the closely-held secrets of partners and customers who regularly share their intellectual property with us. In addition to our own Formula One race car division, Williams Advanced Engineering group also works with a range of other industries.
For instance, we partnered with Jaguar Land Rover to produce the Jaguar C-X75. Film-goers may recognize it as the vehicle used by one of the bad guys in the film, `Spectre,’ chasing James Bond through the streets of Rome. We also do work in aerospace, medical sciences, defense and a range of other industries where partners rely on us to maintain a safe and secure supply chain and meet strict security requirements governing the handling of their most valuable information.
Keeping Users Secure
I often get asked what keeps me up at night. There's only one thing I really worry about: Losing data. It’s what I hate the most.
That job has become increasingly fraught given the multiplicity of digital endpoints that we now need to protect, and exacerbated by the fact that our teams are frequently on the road, where they connect via mobile devices in order to access Williams’ intellectual property. Roughly 60% of our workforce regularly now works away from the home office and they need to be able to download data safely from anywhere in the world.
Given the different types of data and intellectual property we’re regularly involved with, we put a premium on finding a way to ensure that our users remain secure, no matter where they work and no matter what networks they use.
In the past, we only had antivirus to protect the endpoints. There was no intrusion prevention or detection system at all. So last year, we partnered with Symantec to help us deal with these myriad endpoint security needs and fill the gaps in our network defense.
Symantec’s breadth of intrusion prevention and detection technology made an immediate impact. Our first race of the 2016 season marked the first time that we had endpoints that I felt were fully protected. With Symantec Endpoint Protection and Endpoint Encryption, which were deployed at the same time, everyone on our team who went to Australia for that race had fully protected endpoints they could trust.
Endpoint protection involves a lot more than just loading antivirus onto our systems. Here’s an example:
One of our laptops was stolen during the Italian Grand Prix at Monza in September 2016. In the past, we would have had to escalate that kind of incident to the boardroom since the theft of data kept on those machines could potentially compromise our IP. Not this time. Symantec’s technology completely enveloped all the data stored on the stolen device in the protective shield. The thieves had one of our machines in their possession, but they had no way to access what was inside. Symantec’s endpoint protection technology had made it impossible for outsiders to access any of our information.
We’ve also extended Symantec Endpoint Protection to safeguard our virtual machines and cloud, where a lot of our intellectual property gets stored. That came in handy when attackers subsequently tried to hack into our cloud. Symantec Endpoint Protection detected the attempt and sent out an alert. The upshot: We foiled their attempt to access our data, bring down our systems or use them as bots, which is probably what they were trying to do.
The partnership with Symantec has translated into a vastly improved risk management posture–which further enhances our reputation and enables us to give customers and partners even more confidence in our ability to protect their IP. Symantec has equipped Williams with the necessary tools and technology so that we can turn to our customers and assure them that, "Your data is safe with us."
Learn more about how Symantec protects Williams on our dedicated microsite.
How to allow USB devices for specific user
I want to allow USB devices for specific user and my SEPM is not integrated with AD
it is possible that without AD user sync i can make a user based USB policy. In single computer two user login, user A allow USB and user B block USB
documentation on binding the SSL to loopback for Sym DLP
Nessus Scans showed the following 3 vulnerabilities, they are related to need assistance to SSL Cert Loop back configuration.
Plugin Plugin Name
45411 SSL Certificate with Wrong Hostname
51192 SSL Certificate Cannot Be Trusted
57582 SSL Self-Signed Certificate
===============
SSL Certificate with Wrong Hostname (45411)
Synopsis: The SSL certificate for this service is for a different host.
Description: The 'commonName' (CN) attribute of the SSL certificate presented for this service is for a different machine.
Solution: Purchase or generate a proper certificate for this service.
================
SSL Certificate Cannot Be Trusted (51192)
Synopsis: The SSL certificate for this service cannot be trusted.
Description:
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
Solution: Purchase or generate a proper certificate for this service.
====================
SSL Self-Signed Certificate (57582)
Synopsis: The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description: The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.
Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
Solution: Purchase or generate a proper certificate for this service.
How to disable pop up notification in SEP for host integrity
When i apply host integrity in any group, inside the group all computer start getting pop up notification security compliance scan failed. and client start calling to support team they have some problem. May i know is it possible that disable this notification on client.
Restore a 2012 R2 VM using BE 16 with SEP 12.1.6
Hi all,
I'm currently testing a new 2012 R2 hypervisor with two 2012 R2 VMs before putting it into a podcution
and noticed that when running a restore job on the 2012 R2 file server VM I get E00084F9 error code.
However if I disable the SEP 12.1.6 installed on that VM the restore job goes through.
Are there any exceptions that I need to create in the SEP firewall for the BE16 restore jobs?
The backup jobs are running fine with the SEP active on both hyeprvisor and the VMs.
Thanks
"May we access your computer?"
Friday Sept 8, at home (I'm retired), phone call from outside US: "Hi [Pretty sure didn't greet me by name], we're from Symantec. Our monthly report to you [Antivirus? Endpoint?] has been blocked. Do you have a problem there? May we access your computer to see what's blocking us? Shouldn't take longer than 20 minutes or so."
Unfamiliar with Symantec procedures, I begged off--doctor's appt--said why not call Saturday? They said sure. The last I heard from them.
Were they for real?
Windows 7 Enterprise Editions Shows Windows Vista Enterprise in Computer Status logs
After Migrating to SEP14.0 MP2 from SEP12.1RU6MP6 Windows 7 Enterprise Editions Shows Windows Vista Enterprise in Computer Status logs.
And also in Client Inventory report. The clients are still in SEP 12.1RU6MP6. When we see the clients in Groups It shows Windows 7 Enterprise Editions.
We had opened a case with Symantec Support and Symdiag logs uploaded.
Windows 7 Enterprise Editions Shows Windows Vista Enterprise in Computer Status logs
After Migrating to SEP14.0 MP2 from SEP12.1RU6MP6 Windows 7 Enterprise Editions Shows Windows Vista Enterprise in Computer Status logs.
And also in Client Inventory report. The clients are still in SEP 12.1RU6MP6. When we see the clients in Groups It shows Windows 7 Enterprise Editions.
We had opened a case with Symantec Support and Symdiag logs uploaded.
SEPM Upgrade stuck at stopping services
SEPM Upgrading from 12.1.6 to 12.1. RU6 MP8 - after taking the Database backup and stopping the SEPM manager.
While on the upgrade process screen stuck at stopping services, and then after ''installer no longer responding'' - retry - still the same stopping service status.
What could be the trouble?
Cancel the setup or try the force restart (or then manual restart after the installer no longer responding screen)
Thanks,
Forgot admin console password
I forgot my admin console password.When i click on forgot your password? option for temporary password it is saying "password reset email was sent to the email address assoiciated with the account that you specified.".But i didn't get the mail.When i open the mail.config file by using notepad there is no content in that file(empty).I have added these lines and saved that file.Oncen again i click on the forgot your password? again it is showing same("password reset email was sent to the email address assoiciated with the account that you specified.").But i didn't get the mail.Once i click on the forgot your password? the file is showing empty(mail.confile file).
#Mon Aug 14 13:57:01 IST 2017
adminMailReciptants=xyz@abc.com
mailSender=admin@abc.com
mailSrvPort=25
mailPwd={DES}D9F3Y5c1DgQ\=
mailAdmin=
sslEnable=false
mailServer=deg
Please suggest
Mail security file types
i want to block different file types other than the extensions mentioned in file type rules in symantec mail security for exchange .. how can i do that
Working link for SEP release notes
Is there a working link for all of the releases of SEP? The one I have no longer works.
Thanks,
Cara
Problem sending email form our domain
We have a problem sending email from our domain bulteck.com 176.31.3.43 to ferrovial.com under messagelabs.
The server sent properly the messages to messagelab servers, but the final user doesn't receive the email.
I attach a small report for one message sent this morning.
ICAP and RPC in parallel usage
Hi,
in Symantec Protection Engine is possibile to use both RPC (with NetApp) and ICAP (with EMC) in the same SPE Server ?
Thanks
Endpoint Status dispays incorrect Out-Of-Date Info
Hi all,
When i login to my console (14.0 MP2), I can see a certain number showing in the out-of-date status. Yet when i click on Out-Of-Date the box displays more servers in the list than the number suggests.
Its not a major issue, its just confusing sometimes. When on the home tab i've click refresh, and selected the Out-Of-Date again and the amount of servers displayed still differ to the number that shows in the home status page.
Other statuses seem to be accurate.
This is running on Server 2008 R2
How to block external network access to my network
Hello everyone,
I need to block the network from 10.70.0.0 to 10.70.255.255 from my network from 10.90.0.0 to 10.90.255.255 and do not know how to configure, could they help me?
httpd.exe*32 RU6 MP8
Hi dears,
last week we upgraded our Symantec management console from RU6 MP5 to MP8 and everything looked good since this morning we've got high CPU utilization on one of oue SEPM server. Actually we have two SEPM servers with one database and both of them are upgraded to MP8 and their AV agents as well.
Anyway after some research I change the communication settings of all the groups to Pull mode and now CPU utilization has been decreased from 100% to (20~60)% which still is not good as other SEPM server.
Thanks
BR
Cannot email MessageLabs protected domains
Hi,
We have a problem that started 2 days ago unexpectedly. I began getting reports from staff that certain clients of ours weren’t receiving emails from us.
On inspecting our mail logs I could see that the common factor between these clients was that they all use MessageLabs.
I've checked the reputation tool and can see that we do not have a negative reputation so am I bit stumped what’s going on. We could email perfectly fine at the start of the week?
Are there any other places I can check to see if MessageLabs have us on some kind of block list please?
Thanks
James
SQL 2008 SP1 upgrade to SQL 2016
Hello everybody,
Currently I am in the process of upgrading from SEPM 12.1.6 to SEPM14 MP2. During this upgrade process we need to upgrade our SEP database from SQL 2008 SP1 to SQL 2016 due to system requirments.
I was wondering what the best route would be to upgrade this database. Also, if anyone has performed this upgrade as the first time we attempted this upgrade we were able to connect to the database and then it stopped working about 15 minutes after the upgrade. So we are just looking for any suggestions or issues that might occur.
Thank you,
Jack McAloon