For maintenance purpose you may like this report:
You can easily create your new SQL Report with Role Name, Created/Modified Date and Description:
Here is the query for you:
SELECT TOP 1000 [Name]
,[CreatedDate]
,[ModifiedDate]
,[Description]
FROM [Symantec_CMDB].[dbo].[SecurityRole]
You can use it along with Report of Security Accounts
Ransomware is nothing new to Japan. Symantec’s research has found that Japan ranks among the regions that are the most affected by global ransomware attacks. However, no attacks specifically targeting Japanese users have ever been confirmed. That is, until now. In the recent weeks, Symantec has observed a ransomware variant in the wild that was designed to target users who speak Japanese.
Figure 1. Ransomware attacks in November 2014 by region
The ransomware threat in question is a localized variant of TorLocker. The malware encrypts files with certain file extensions on the compromised computer and demands that the user pays in order to decrypt the files. Symantec has confirmed multiple variants of this particular Japanese ransomware threat.
TorLocker has been used in ransomware attacks around the world. The threat is part of an affiliate program, where the program’s operator gives participants the builder to create custom ransomware, access to the TorLocker control panel to track infections, and miscellaneous files to be used in conjunction with the malware. In return, the participants give a portion of the profit from the attack to the affiliate program’s operator.
Infection
The localized variant’s attacks on Japanese users have occurred on compromised websites that commonly host blogs. However, it is also possible that the attacker is renting an exploit kit to automatically compromise victims’ computers by exploiting software vulnerabilities. In one case, a recently compromised site owned by a Japanese publishing company redirected traffic to several domains hosting the Rig exploit kit. This may have ultimately served the ransomware as a payload.
In another case in late November, a blog site was compromised to display a fake Adobe Flash Player installer page.
Figure 2. Fake Adobe Flash Player installer page
If the user clicks on the yellow install button, they are prompted to download and execute a setup file to install the plugin. However, the file does not contain the typical icon used in Flash Player installers. The file is not digitally signed either, which suggests that the installer is a phony.
Figure 3. Icon of the installer downloaded from the fake Flash Player page
Once the setup file is executed, it does not install Flash Player. Instead, it encrypts certain files and displays a message in Japanese in popup window, stating that the computer has been locked. The message then asks the user to pay in order to unlock their files. The demanded ransom ranges from 40,000 yen to 300,000 yen (approximately US$500 to US$3,600).
Figure 4. Pop-up window of the TorLocker ransomware variant targeting Japanese-speaking users
Stay protected
Japan is approaching its week-long New Year holiday. The long break is a perfect opportunity for the attacker to perform its campaign, as many users will likely surf the internet during the time off. Symantec has the following recommendations to avoid or mitigate ransomware infections:
Symantec and Norton products detect all of the ransomware variants discussed in this blog as Trojan.Cryptlocker.
ランサムウェアは日本でも特に目新しいものではありません。シマンテックの調査によると、世界のなかでも日本はランサムウェアの攻撃を多く受けている地域です。ただ、これまでは日本のユーザーを特に標的とした攻撃は確認されていませんでした。しかし、それも過去の話です。ここ数週間、日本のユーザーを狙って設計されたランサムウェアの亜種が活動していることが確認されています。
図 1.ランサムウェアによる攻撃件数の国別内訳(2014 年 11 月)
今回確認されたランサムウェアは、TorLocker のローカライズ版の亜種です。TorLocker は、侵入先のコンピュータ上で特定の拡張子が付いたファイルを暗号化し、ファイルを復号するために身代金を支払うよう要求します。このランサムウェアの日本語版の亜種が、複数確認されているのです。
TorLocker は世界中のランサムウェア攻撃で利用されています。アフィリエイトプログラムの一環として提供されており、プログラムの運営者は参加者に対して、カスタムのランサムウェアを作成するビルダー、感染を追跡する TorLocker コントロールパネルへのアクセス、マルウェアと連携して使用する各種ファイルを提供します。それに対して参加者は、攻撃で得た利益の一部を運営者に支払うのです。
感染
日本のユーザーを狙うローカライズ版の亜種による攻撃では、ブログのホストに広く使用されている Web サイトが侵害されていました。しかし、悪用キットをレンタルした攻撃者が、ソフトウェアの脆弱性を悪用して、自動的に標的のコンピュータに侵入した可能性もあります。最近の事例では、日本の出版社が所有するサイトが侵害され、Rig 悪用キットをホストする複数のドメインにトラフィックがリダイレクトされていました。この結果、最終的にペイロードとしてランサムウェアが投下されていた可能性があります。
11 月後半に発生した別の事例では、ブログサイトが侵害され、偽の Adobe Flash Player インストーラページが表示されました。
図 2.偽の Adobe Flash Player インストーラページ
黄色のインストールボタンをクリックすると、プラグインをインストールするための設定ファイルをダウンロードして実行するよう求められます。しかし、このファイルのアイコンは、Flash Player のインストーラで通常使用されているものではなく、デジタル署名も付いていないため、インストーラは偽物だとわかります。
図 3.偽の Flash Player ページからダウンロードされるインストーラのアイコン
設定ファイルを実行しても、Flash Player はインストールされません。代わりに、特定のファイルが暗号化され、コンピュータがロックされたことを伝える日本語のメッセージがポップアップウィンドウに表示されます。さらに、メッセージには、ファイルをアンロックするために身代金を支払うよう書かれています。要求される金額は、4 万円から 30 万円です。
図 4.日本のユーザーを狙う TorLocker ランサムウェアの亜種によって表示されるポップアップウィンドウ
保護対策
日本ではもうすぐ、1 週間にわたる年末年始休暇を迎えます。長い休みの間には多くのユーザーがさまざまなサイトにアクセスするので、攻撃者にとっては絶好のチャンスです。ランサムウェアの感染を防止または低減するために、次の対策を講じることをお勧めします。
シマンテック製品およびノートン製品は、このブログで説明したランサムウェアのすべての亜種を Trojan.Cryptlockerとして検出します。
* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。
If you have upgraded your EV environment from 10.0.x to 11.0 and if you want to run a pilot of Enterprise Vault Search for a limited number of users then you can do so by creating a Custom Search Provisioning Group. Users who are part of the custom group will be directed to the new search application whereas other users will still have access to the legacy search application like Archive Explorer, Search.asp and Browser Search.
In this blog I will explain the process of creating very FIRST custom search provisioning group.
In the vault admin console, expand Client Access -> Search -> Provisioning Group. Right click on the Provisioning Group node -> New -> Active Directory Provisioning Group for a Window domain or Domino Provisioning Group for a Domino domain.
Active Directory Provisioning Group
1) On the first screen enter the name of the custom search provisioning group.
2) On the next screen click on “New” to add a domain. This is a onetime process once the domain is added you can create any number of custom search provisioning groups.
3) Clicking on the New button will launch a new window with a list of domains from the forest. Select the domain for which you want to create the custom search provisioning group. Specifying Global Catalog server name is optional.
4) Once a domain is added you will be able to add Windows Users, Groups, OU's, LDAP query and Distribution groups to the search provisioning group.
5) On the next screen you can select an EV server which will host the Client Access Provisioning Task.
6) Below screen displays a summary and an option to create provisioning group.
7) Final screen educates administrator to run the Client Access Provisioning Task for the provisioning group to take effect.
Domino Provisioning Group
The only difference between an Active Directory and Domino Search Provisioning Group is the process of adding a Domino domain.
1) Below screen is displayed when you click on "New" button to add a Domino domain.
2) Select an ID file and enter password to access Domino domain. Also enter domino server name in "Domino_server/domain_name" format.
3) Proceed further to add Domino users and create a Client Access Provisioning Task on an EV server which has Notes client installed.
4) Finally run the Client Access Provisioning Task for the provisioning group and search policy to take effect.
Client Access Provisioning Task related report is available at ...\Program Files (x86)\Enterprise Vault\Reports\Client Access Provisioning
If you have upgraded Enterprise Vault environment from 10.0.x to 11.0 you will notice that the new search application is not accessible to the users and they are still directed to the legacy search applications. There are two ways to make Enterprise Vault Search available to the user
1. Create a Custom Search Provisioning Group, which I explained in my previous blog
2. Upgrade EV Search.
In this blog I will explain how to upgrade EV search.
Note: This process is not reversible.
Upon upgrading from 10.0.x to EV11, within VAC you will find a Search tab in the Site properties.
Clicking on “Upgrade Search” you will get a confirmation message
and once you proceed with the upgrade a default search provisioning group will be created in the VAC under the Client Access-> Search -> Provisioning Group node.
After successful upgrade the Search tab will disappear from the Site properties.
Archive Explorer related option will be removed from the Exchange Desktop Policy and once the Exchange mailbox is synchronized Archive Explorer icon will be removed from the users Outlook too.
All the users from the domain will be provisioned for EVS through the Default Search Provisioning Group and Default Search Policy will be assigned to all the users. The linking of search policy to the search provisioning group will be done post running Client Access Provisioning Task. After upgrading EV search, users will not have access to the legacy search applications like Archive Explorer, Search.asp and Browser Search.
DA logs location and use on tech-notes below:
http://www.symantec.com/docs/DOC7408
http://www.symantec.com/docs/HOWTO95200
"DA logs are copied to production during the "Reboot To" production task (translation, if you do not run a reboot to production task and reboot another way, the logs are lost). The logs can be found here:
Automation: x:\program files\symantec\deployment\logs
Production: %\Program Files\Altiris\Altiris Agent\Agents\Deployment\PreOS_Task_Logs"
DA logs are returning errors below:
C:\Program Files\Symantec\Deployment\DriversDB\Intel.MEI.9.5.10.1658\heci.inf is failed in inf validation(IsINFValid()). So not considering for DA operation. Error: File not found fileExists( C:\Program Files\Symantec\Deployment\DriversDB\Intel.MEI.9.5.10.1658\TeeDriverx64.sys)-------Ghost::DA::WinDeviceDriverRetargeterWin32::MatchInfFileToDevices():2879
FIX:
Run the deployment job with selecting "All" at "Bypass Driver Validation" as from picture below:
NOTE:
If you found the above information useful, please give this article a thumbs-up(top right of the post) or add a comment below. Your feedback will help the Symantec tech community – Thank you, Mauro
Very often user wants to know and see list of managed endpoints, which aren't reporting their basic inventory to NS Server - Last 'N' Days
How to import existing .xml report
Contributor: Satnam Narang
Attackers behind malicious spam campaigns have shifted their tactics in recent months and are increasingly attempting to infect victims by luring them into clicking on links rather than sending them malicious attachments.
Since late November, Symantec Security Response has seen a spike in the number of malicious emails using this tactic. Over the last six months, there were relatively few spam emails containing URLs. For example, in October, only seven percent of malicious spam emails contained links. That number jumped to 41 percent in November and has continued to climb in early December.
While many malicious emails come with an attachment, organizations can block and filter these types of messages. Symantec believes that the Cutwail botnet (Trojan.Pandex) is behind some of the recent spam messages, along with other botnets, and that attackers have resorted to using links in a bid to avoid email security products that scan for malicious attachments.
Surge in malicious spam emails
Over the last few weeks, spammers have been pummeling mail servers with social engineering-themed messages, including malicious fax and voicemail notification emails. These emails contain information that is typically included in legitimate fax and voicemail messages, such as a caller ID or confirmation number, but the information itself is fake.
The common thread in each email is that they contain links. These links use hijacked domains and have a URL path that leads to a PHP landing page. If the user clicks on the links, they are led to a malicious file. In particular, we have seen Downloader.Ponik and Downloader.Upatre being used in these emails. These are well-known Trojans that are used for downloading additional malware onto compromised computers, including information stealers like Trojan.Zbot (also known as Zeus).
Figure 1. Fake fax email
Figure 2. Fake voicemail email
So far, we have seen the following subject lines used:
Earlier in November we witnessed a similar campaign based around fake telecoms bills written in German. These emails reported that the receiver had recently run up a large mobile phone bill. The goal was to get the receiver to click on the link to find out more about what appeared to be a billing mistake.
We saw the following subject lines related to this campaign:
Figure 3. German email spam campaign
Always a cat and mouse game
This recent shift away from malicious attachments towards malicious links is a reminder that security is a game of cat and mouse. Spammers try to gain the upper hand while mail security products implement detections against these shifts.
Symantec advises users to be on their guard and to adhere to the following security best practices:
Symantec and Norton protection
Antivirus:
Intrusion Prevention System:
Symantec.cloud customers are protected by Skeptic and antispam heuristics.
For further monthly statistics on the threat landscape, you can also check out our Symantec Intelligence Report.
Verify is the UK government’s authentication scheme that is being developed to confirm the identity of online public service users via the GOV.UK portal. Existing provider Experian was the sole partner for GOV.UK private beta that ran from February to October 2014. This centred on the authentication of applicants for the new Common Agricultural Policy (CAP) Basic Payment Scheme, and came in for criticism from farmers due to the overly complex nature of the authentication process. However, a second provider (Dutch secure digital communication specialist Digidentity) has now been certified as an identity authentication provider for the scheme.
Full article available here https://www.pac-online.com/%E2%80%9Cstop-who-goes-there%E2%80%9D-second-provider-joins-govuk-%E2%80%98verify%E2%80%99-public-beta
Symantec strives to create a positive impact both on a global and local scale through volunteering initiatives, grants, software donations, and by supporting employees in their personal volunteer and monetary contributions. With these tools in hand, Symantec teams all over the world support their communities in a variety of ways, and here in South Africa, our team has partnered with a local charity that does excellent work within our community.
Five years ago, the Nelson Mandela Foundation launched Mandela Day to commemorate the leader’s legendary impact and also as a call to action for others. Mandela Day, which is on July 18th – Nelson Mandela’s birthday – is considered a day to honor his legacy by volunteering and contributing to the community. Here in South Africa, our office gets involved in some capacity every year, and this year we decided to join forces with non-profit, Clean C, whose mission is “community upliftment through community involvement.” For Mandela Day, Symantec employees volunteered their time to paint a daycare in the township to clean and brighten it up.
That is when our partnership first began with Clean C. Mandela Day encourages people to “Take action. Inspire change. Make every day a Mandela day.” Because Clean C takes a multi-initiative approach to community development it offers many opportunities to align with different causes and in various ways. They seek to provide “multi inter-community upliftment and enrichment through education, skills development, sport participation, safety and security initiatives, environmental awareness all through community involvement and job creation.” This broad approach allows our employees to get involved in the issues that interest them most. After further discussion with Clean C, we identified additional opportunities for our team to get involved in charity events on an ongoing basis, and so far have arranged five different events this year from a beach clean-up day to student online safety training. We participated and planned numerous volunteer events to help uplift the Masibambane Creche Day Care in Joe Slovo Park. The day care receives $100 a month to feed 40 kids, all between 4 months to 4 years old. Due to the dire need for financial support, Clean C initiated the relationship.
In September, a team of Symantec employees spent the morning setting up shelves and repositioning a door frame, as well as providing lunch to the children. We visited the day care again in October and the team hung up hooks for the kids and provided a hygienic kit for each child. We provided toothbrushes, toothpaste as well as some much needed supplies for the crèche such as wet wipes, hand sanitizer, liquid hand soap and toilet paper.
On November 15th, employees from the sales group Team US, organized a charity event at Blouberg Beach. Symantec employees teamed up with underprivileged children and they all helped clean the beach. After, they played football and provided the children with hotdogs, drinks, snack packs and homemade cupcakes to enjoy! “To all who contributed with donations and most importantly your time, thank you so much! It was a big success and the looks on those children’s face were priceless!” said Mark Wade, Inside Product Sales Rep at Symantec.
The fourth charity event was held on November 21st at the Symantec office. Eighteen high school boys from Joe Slovo came into the office to learn about online safety. Three Symantec employees volunteered their time to teach the boys about online safety and about Symantec’s role in internet safety. They did an amazing job on the presentation and the kids were so engaged and actively listening! After the training, some more employees joined the boys in the canteen to play games.
For our next event in December, we are organizing a Christmas drive and a Symantec employee will dress as Santa to deliver the presents to the children at the daycare.
Many people have been keen to get involved and I’ve found that everyone really wants to help. It is so much fun! I love being able to bring a little bit of happiness into the lives of someone how is not as fortunate as we are. Especially spending time with the kids at the daycare warms my heart. The little kids have so much love and they are so happy just to get a hug or a kiss.
We would love more people to get involved in this wonderful collaboration and volunteering initiatives. As part of the partnership, Clean C has received a $5,000 grant to help support their work. Due to all the wonderful work that they are doing, they were awarded an additional $5,000 grant and will receive it in January! We have an internal meeting in January to plan our volunteer events for the new year around the Q4 theme – STEM education. Please contact me at pia_defreitas@symantec.com for more information and to volunteer in our upcoming activities.
Pia De Freitas is Symantec's Territory Sales Executive, South Africa
Continuando con la colaboración de nuestro Canal de Symantec, en esta ocasión Anchamar - Tecnologías de la Información, a través de su Director Técnico Antonio Chacón, ha realizado dos nuevos videos de Backup Exec para el canal de Youtube.
En estos videos vamos a poder ver y comprobar la sencillez del despliegue de Agentes de Windows y Aplicaciones y Bases de Datos en un entorno de Microsoft Exchange 2013 desde Backup Exec 2014. Además, Antonio, nos muestra la facilidad para crear un trabajo de backup del entorno de correo Microsoft y una restauración granular de buzones de correo del mismo.
Lo mejor es que lo comprobéis viendo estos dos amenos y específicos videos de Anchamar:
Backup Exec 2014 - Exchange 2013 Backup
Backup Exec 2014 - Exchange 2013 Restore
Nota: Si estáis interesados en realizar un video y aparecer en nuestro canal de Youtube, poneros en contacto con Álvaro Monje - alvaro_monje@symantec.com
Targeted attack campaigns grew by 91% and data breaches increased by 62% during 2013, according to Symantec’s 2014 Internet Security Threat Report. All the indications are that enterprises everywhere can expect the frequency, intensity and sophistication of such assaults only to increase in the years ahead.
As a result, demand from Symantec customers for advanced threat protection has soared, as this evolving threat matrix creates new challenges right across industry.
Our Unified Security strategy in delivering the top-end protection enterprises need not only addresses today's security challenges, but also accelerates our ability to innovate and evolve our protection, moving forward. How? Check out my previous blog for more details.
Intelligence at the Heart
We are building a massively scalable analytics platform that leverages cutting-edge techniques to mine our unified intelligence assets. As mentioned previously these are once-in-a-lifetime engineering challenges and we intend to lead the way! At the core of that strategy lays our Symantec Global Intelligence Network (GIN). GIN has global visibility into the threat landscape through big data accumulated from one of the largest collection of sensors in the industry with over 3.7 trillion rows on threat data in our platform gathering an additional 100,000 rows every hour, more than 100 million endpoints providing anonymous threat telemetry from around the world, and analysis of around a third of the world’s email on a daily basis.
Making Intelligence Actionable
GIN delivers this information to provide proactive protection to Symantec products and services, including our leading malware research, InSight, Managed Security Services, Incident Response, Web Gateway, Endpoint Protection and DeepSight Intelligence. Global threat and vulnerability intelligence enables organisations to enhance security and take proactive control of information.
New Advanced Threat Protection Services
To meet our customers’ escalating needs, Symantec has already released two new advanced threat protection services: Symantec Managed Adversary Threat Intelligence services & Symantec Incident Response services. Together, these new services combine proactive and reactive tools for companies to prevent and manage advanced attacks.
Symantec Managed Adversary Threat Intelligence
Many companies simply don’t have the security staff or other resources to obtain the competitive intelligence they need to defend digital files. The Symantec Managed Adversary Threat Intelligence (MATI) service provides this deep level of intelligence on attacks and threats specific to each industry, and insights into the key risks and vulnerabilities to digital assets. It offers customers proactive warnings and reactive context on threats, and information on campaigns, attack actors and trusted third parties. Initially, Symantec will offer the MATI service in three industries where Symantec has identified a vital need: manufacturing, IT and insurance, with scaled tiers and contract length for a ‘right for me’ solution for customers.
Symantec Incident Response Services
Symantec Incident Response enables customers to take immediate action against attacks with a ‘boots on the ground’ team response that delivers decades of experience in cyber incident response services, in both the public and private sectors, combined with the wealth of Symantec threat and malware Intelligence. Symantec Incident Response (IR) extends the customer’s team to help stop attacks and protect operations when it need it the most. The services provides highly skilled and well resourced incident responders who will enable customers to analyse, mitigate & contain an attack, limiting its impact and restoring business as usual activities in the shortest possible time. Customers will have immediate access to investigators who can not only have deep technical, depth of incident response skills & access to the latest malware intelligence and research, but also the ability to empower executives to make the right business decisions related to critical response actions.
And there is more to come. This is only the beginning of the new journey on which we have embarked on at Symantec, the next steps will see the release of new advanced threat protection solutions to help solve more of the critical cyber jobs our customers have. At the heart of our Unified Security strategy is better intelligence and with that, we will rise to meet the greater challenges in the face of unprecedented global cyber threats.
It's time to move beyond diversity as a feel-good talking point and bring about actual results.
The concept of diversity as a driver of innovation and healthy company culture has been around for a long time. To a large extent, companies have embraced the concept of diversity and inclusion, but there is still a lot of work to be done around integrating a commitment to diversity and inclusion into company culture in ways that result in more engaged employees, improved decision making, and healthier bottom lines. We talk a good talk – but how can we begin to see actual results?
I believe the answer lies in the relationship between diversity and corporate responsibility. Diversity and inclusion has been considered solely an HR issue for many years, and I think we haven’t seen the kind of results we’d like to see. If we begin to look at diversity as a CSR issue, and use the same framework that we use to drive other corporate responsibility issues through our organization, I think we’ll be a lot more effective.
If you are experiencing problems booting into WinPE 4.0 it may be because you are missing some NIC or Storage driver.
(For troubleshooting purposes also try to change the BIOS options from AHCI to IDE)
HP provides a sets of drivers specifically designed to work with WinPe 4.0
HP Elite 8300 SFF and HP 8200 SFF as now(December 2014) share the same package, named sp64529. This includes NIC and Storage drivers for both x86 and x64
http://h20564.www2.hp.com/hpsc/swd/public/readIndex?sp4ts.oid=5037932&swLangOid=8&swEnvOid=4131
http://h20564.www2.hp.com/hpsc/swd/public/readIndex?sp4ts.oid=5232853&swLangOid=8&swEnvOid=4131
the result of the drivers injection for x86 should be as image below:
\Program Files\Altiris\Notification Server\NSCap\bin\Deployment\BDC\bootwiz\Platforms\WinPE\x86\Drivers\CUSTOM\Drivers
If you are having trouble injecting the NIC drivers, clean the folders from the .exe file, as from article below:
Please find the ready-to-go \CUSTOM folder attached below. And if you are still having difficulties please log a case with support.
NOTE:
If you found the above information useful, please give this article a thumbs-up(top right of the post) or add a comment below. Your feedback will help the Symantec tech community – Thank you, Mauro
We are excited to announce Amazon Web Service (AWS) Storage Gateway VTL support for Backup Exec 2014. The AWS Storage Gateway VTL enables Backup Exec 2014 customers to expand the powerful media management capabilities of Backup Exec to Cloud Storage.
AWS Storage Gateway VTL integration accelerates IT agility for Backup Exec 2014 customers by seamlessly migrating existing backup jobs to cloud storage by simply adding another job stage or by replacing existing storage destination with the AWS VTL.
The seamless integration enables anybody to take advantage of Cloud Storage benefits like automation, elasticity and Pay-as-you-Go directly from Backup Exec 2014 without spending time and resources learning and managing new products or re-architecting environments.
You can even archive Virtual Tapes for low-cost long-term storage directly in the Backup Exec 2014 User Interface to move media from Virtual Tape Library (VTL) powered by Amazon S3 to Virtual Tape Shelf (VTS) powered by Amazon Glacier.
AWS Storage Gateway is a virtual appliance that can be deployed locally on VMware or Hyper-V. The front-end can be presented to Backup Exec as a Virtual Tape Library (VTL) or as an iSCSI disk target. The back-end is powered by Amazon S3 for Virtual Tape Library (VTL) and Amazon Glacier for Virtual Tape Shelf (VTS).
All you need to get started is:
Since all Backup Exec 2014 editions include support for a Single Tape Drive in every Robotic Library, no additional licenses are required to get started!
For more information on Backup Exec 2014 and to download FREE 60 day trialware, visit:
Install 60-day Free Trial of Backup Exec 2014
Video: How to create secure backups with Backup Exec 2014
Backup Exec 2014 Hardware Compatibility List
Additional information on AWS Storage Gateway:
As the largest security software company in the world, Symantec has earned the trust of consumers, businesses and governments alike to secure and manage their information and identities. We place the highest priority on maintaining this trust and believe it is imperative to be transparent about our business positions as questions arise across the globe on data security and privacy. We have always been clear that:
Symantec is committed to complying with all relevant rules, laws, and regulations in the countries where we operate. When requested by a lawful authority to share customer data, Symantec will only do so following the appropriate due process of law. In such cases, Symantec will endeavor to be transparent with its customers to the extent permissible by applicable law.
Symantec has stated publicly that we will collaborate with authorities to share information on cyberattacks in order to facilitate the detection and prevention of cybercrime. We believe this benefits our customers and the global community at large. There are a number of examples where Symantec has contributed to the disruption of cybercrime activities through cooperation with law enforcement around the world. Among these were the recent takedowns of financial fraud botnet Gameover Zeus and the ransomware network Cryptolocker. Both were used by cybercriminals to steal tens of millions of dollars by compromising millions of computing devices.
Around the world, companies are being put in a position to have to choose whether they should comply with one government’s law or break another’s. The broader issue of state surveillance is putting companies in the middle of national security debates between sovereign governments. We welcome a discussion among the international community focused around the permissible boundaries of government security activities on the Internet. It is important, however, that the conversation focuses on solutions and transparency and that it does not become a finger-pointing exercise. To be clear, we enter this dialogue with the strong and long-held belief that the infrastructure underlying essential Internet functions should be trustworthy. Commercial software and hardware should not be targets for intelligence collection or manipulation.
The role of industry in a globalized economy is to promote technological innovation and economic growth. Unfortunately, we see governments using national security as a justification for protectionist agendas. The public debate on surveillance is necessary around the world, and for that debate to be effective the participants should not use it to advance unrelated agendas or to make their points at the expense of the private sector.
The bottom line is that companies should not become the long arm of intelligence for any government, nor should they be perceived as such by their customers. Such perceptions risk undermining the trust on which the Internet and its underlying technology have been built.
Equally, the role of government is to ensure national security, the protection of individual privacy, and the economic well-being of its citizens. However, neither of these objectives will be served in the long run by restricting the ability of industry to reach national markets or to take advantage of economies of scale by limiting global data flows.
Symantec remains committed to maintaining the trust we have earned, to being a constructive participant in the fight against international cybercrime, and to contributing to the global dialogue on security and privacy.
Recently I have been asked by several customers how to determine the total number of TB's used in their capacity license. SharePoint and File System Archiving are sold on a per-TB basis within the EV Archiving Per TB solution. This blog will provide details on how to determine your current usage and whether or not you need to purchase additional TB's of data.
EV Archiving Per TB is sold on a front-end TB basis meaning that it is based on the total amount of data archived prior to compression and single-instancing.
To get an accurate reading on your current usage you need to leverage the EV Report tool. Details on setting this up can be found here:
http://www.symantec.com/business/support/index?page=content&id=DOC7136
Specifically, the new report (added in EV10.0.4) called the "Content Providers Licensing and Usage Summary report" will provide details on your current usage.
First choose the report from the list of Operational reports:
Then specify your current entitlement:
Next generate the report showing your current usage:
Support is seeing an influx of calls on a spam attack with a Downloader.Upatre threat.
Because the threat is a downloader and the downloaded files have differing behaviors the following is general information on what we are seeing.
The threat generally:
Remediation is fairly starightforward
*Because the secondary threats may not be the same for each infection it’s important to get new submissions and stay flexible in your troubleshooting.
*We have had several reports of one of the secondary threats having mass mailing capability as well. This is unconfirmed.
*Whats a SCRIBE Report?
A SCRIBE report is provided to all enterprise submissions and provides technical analysis of the threat. It usually arrives about an hour after the inital submission.
Support Notes:
Customers that have been attacked once are likely to be attacked again with a new variant designed to avoid detection...usually within 24 hours.
