Probably the most famous ‘button’ in the Enterprise Vault Outlook Add-in is the ‘Store in Vault’ button. I have seen some customers who don’t enable it, but by and large most customers do for all of their users.

But do you know what it actually does?

Well the first thing it does is to check if the item which has been selected is already an archived item, because you can’t archive an already archived item. There are also checks to make sure it’s in the right message store, because again you can’t archive items this way in a PST file.  If it’s not already archived, then it gets marked with a timestamp, and the icon changes to a pending item.

When that’s done, a HTTP request is sent to the Enterprise Vault server which tells it a number of things, including that timestamp. Eg:

09/03/2015 14:34:23.694[2104][M]: Sending HTTP request: http://rowi01-ev-01.rowiev.local/EnterpriseVault/clientaction.asp?act=0&fdrenc=_&dn=/o%3dFirst%20Organization/ou%3dExchange%20Administrative%20Group%20(FYDIBOHF23SPDLT)/cn%3dRecipients/cn%3ddel-1726&svr=ROWI01-EX-01&sid=108A949F5E6FEBF43954BCD5A47E15E7B1d10000rowi01-ev-01.rowiev.local&tsp=2015-03-09T14:34:23&pdl=AAAAAAAACBJPMCNBGNHIBEEEJDJEAIOIAMBODCIDABAABMDEJLPBPBEKMDEJIHBBHHCJAHBNCCDIAAAAAAIPGHAHAAAA

The Enterprise Vault server, specifically the ArchiveTask process, will check the indicated location, and find items with the same timestamp, and archive them.  It’s passed this information from W3WP and AgentClientBroker processes

If all goes well, the item will get archived, and indexed.

This all works well, and pretty quickly. But there are somethings to think about:

* It doesn’t work brilliantly when you have selected hundreds, or thousands of items. In other words, it’s not meant for a mass-archive operation.
* It overrides the policy relating to the message classes which are allowed to be archived (though you can use the ManualArchiveMessageClassCheck registry key to force the policy to be applied)
* It shouldn’t replace the normal scheduled archiving of the mailbox.

ManualArchiveMessageClassCheck

Location

HKEY_LOCAL_MACHINE \SOFTWARE

\Wow6432Node
\KVS

\Enterprise Vault
\Agents
Content DWORD.

0 — [Default] Archive all items when a user performs a manual archiving operation.

1 — Archive only those items that belong to the message classes that are listed in the mailbox policy

I’m sure there are other tales-from-the-trenches that people can tell with the ‘store in vault’ button (or funny stories as well!).  

Do you allow the button to be enabled in the Desktop Policy? Let me know in the comments below.

Image created by Symantec employee Gianluca Busco.

At Symantec, ethics are core to how we do business and the sustainability of our company depends upon the trust of those that depend upon us. Corruption can take place in any market, in any number of contexts, and to ensure a relationship of transparency and confidence with our stakeholders we must not only be led by what the law requires of us, but demonstrate that we are moving beyond this to be a leader in ethical business practices.

For this reason, our corporate ethics go beyond regulatory compliance; they are rooted in a commitment to always make decisions that work best for our multiple stakeholder groups, whether it be employees, shareowners, customers, or our local communities.

We are extremely proud to be recognized for the eighth consecutive yearas one of the World’s Most Ethical Companies by the Ethisphere Institute, a leading organization dedicated to researching business ethics and corporate responsibility.

This honor has been given to Symantec after reviewing our programs and practices in ethics and compliance, corporate citizenship, and governance, among other aspects of our business. The list highlights companies that outperform industry peers in these categories, and Symantec is one of only four companies included in the “computer software” category this year.

“The World’s Most Ethical Companies embrace the correlation between ethical business practice and improved company performance,” said Ethisphere’s Chief Executive Officer, Timothy Erblich. “Through their commitment to innovative corporate citizenship and sustainability efforts and robust compliance & ethics program, Symantec has earned a place among the 2015 World’s Most Ethical Companies for the 8th consecutive year. We congratulate everyone at Symantec for this extraordinary achievement.”

A Culture of Trust.

Our approach to ethics is codified in our Code of Conduct, Anti-Corruption Policy, and other guiding policies. But developing policies isn’t enough. Successful implementation globally depends on a strong governance structure and effective training program. Symantec’s Office of Ethics and Compliance maintains a governance framework that guides our interactions with all of our internal and external stakeholders to ensure they align with our ethical policies and values. Additionally, all employees are enrolled in an annual Code of Conduct training and certification, including a section on our Human Rights Policy. And new employees are trained within 30 days of starting.

We recognize that people want to work for companies that do the right thing, so we strive to ensure that all Symantec employees and managers understand and demonstrate our collective values. All employees and managers are trained in our corporate values as part of the onboarding process. Furthermore, senior management stay involved by joining the company’s Ethics and Compliance meetings.

Beyond Compliance. Our Global Efforts.

Symantec is very involved with anti-corruption efforts on a broader scale as well. We support international frameworks such as the UN Convention Against Corruption, and we serve on the Anti-Corruption Working Group of the United Nations Global Compact (UNGC).

To show their support for the 10th anniversary of the UNGC’s principle on anti-corruption, on December 9th, 2014 (International Anti-Corruption Day), employees at our Mountain View headquarters participated in a “walk against corruption,” and submitted creative works that demonstrated what anti-corruption means to them.

We are delighted that our efforts have been recognized by the Ethisphere Institute, especially considering the rigor with which they have analyzed companies’ ethical practices. This year, Ethisphere recognized 132 companies spanning 21 countries and five continents, using a robust scoring methodology. To see the complete list of the 2015 World’s Most Ethical Companies, please view Ethisphere’s full honoree list. To learn more about our approach to corporate responsibility and ethics, please visit our Corporate Responsibility site.

This is part two of a three part series discussing the end-of-life (EOL) of Windows Server 2003. As mentioned in part one, on July 14th, 2015 Microsoft will end support for all versions of Windows Server 2003. There will be no more customer support or security patches from Microsoft after that date.

Previously, we discussed the risks of continuing to run unsupported versions of Windows Server 2003, which consists of many factors such as security vulnerabilities, higher costs in maintaining the outdated software and noncompliance issues. When a software company announces the EOL of a product, you generally have 24-30 months to plan and execute an effective and efficient migration strategy.

Hardening and Protecting Your Legacy System

There are some companies that are unable to immediately start migration due to the operational risks and costs associated with platform migrations.  Others may be using, older, custom applications that can only run on Windows Server 2003.  In both these instances, the customer has to ensure that critical applications and processes are supported by the new platforms.  These companies still need to be able to defend against malware without access to security patches, protect their infrastructure against Zero-day threats, and meet their regulatory and compliance obligations and internal security standards.

Server hardening solutions will help secure, monitor, and harden legacy systems as well as new platforms.  They will help mitigate unnecessary cycles of emergency patching and prevent malware from accessing critical applications, even within compromised physical servers.

Symantec Data Center Security Solutions

While running a legacy system has significant challenges, it is not impossible to maintain. Symantec offers simplified, cost effective solutions for the protection and eventual migration from Windows Server 2003. Symantec Data Center Security: Server Advanced provides the most comprehensive and rigorous set of security controls to help when you either choose to, or cannot migrate off of Windows Server 2003 yet. This will help organizations meet security and compliance requirements while they set the pace of their system migration.

Symantec Data Center Security: Server Advanced provides protection from known and unknown OS and application vulnerabilities, and Zero-day threats.

Symantec Data Center Security: Server Advanced identifies all server operating systems running in your environment, allowing you to effectively prioritize and manage the server migration process.  It provides policy-based protection that will detect and protect against malware, targeted attacks, and even the abuse of user privileges.  In addition to intrusion detection and prevention protection,

Symantec Data Center Security: Server Advanced offers real time file integrity monitoring, configuration monitoring, and event logging so that you are able to support your continuous monitoring objectives and support compliance programs like the Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI) Security Standards, and other industry regulations.  DCS: Server Advanced also gives you the ability to create such micro-segments of security containers per application instance, so that you can apply the right policies to the asset groups. 

As previously mentioned, this is not a permanent solution, as maintaining server hardening solutions on a legacy system is the right thing to do, but does not solve for the migration itself. While using Symantec Data Center Security: Server Advanced, you will also be solving for the initial steps for your system migration. In the final part of this series, we will be discussing the migration process itself.

Learn more here: W2K3 Migration Landing page: http://go.symantec.com/2003migration

No doubt your organization goes to great lengths to keep sensitive information secure. But if you’re like many organizations, you have a weak spot – the potential for company emails to be intercepted and the information contained in them falling into the wrong hands. This weakness suffers even greater risk exposure as more of your workforce goes mobile, sending and receiving emails with their various mobile devices while out in the wild beyond the secure borders of your network infrastructure.

The truth is that unsecured emails can be easily read by anyone monitoring the network used by your mobile users. Those emails can even be hijacked for criminal purposes, whether it’s to modify their contents or inject malware, and then forwarded on to the intended recipients without them ever becoming aware that your emails have been hacked.

As an IETF standard, S/MIME was developed specifically to solve for these threats to your business email. The basis of S/MIME is that it lets you create and send trusted and secure email messages. It uses a digital ID (also called a certificate) that digitally signs the email message to let the recipient know that the email is really from who it says it is and that no one has tampered with the email. The digital ID can also be used to encrypt the email message before it’s ever sent from a computer or mobile device, making it impossible for anyone to read the message contents except for its intended recipient.

In spite of the at-risk position they leave their organization in, too many IT directors and managers put off taking the steps to adequately secure their emails with S/MIME. Some don’t take advantage of S/MIME digital IDs and encryption because they have the misperception that they’re difficult to use or will slow down performance on users’ devices. The truth is once it’s set up, S/MIME is fairly transparent to the users and any impact on device performance is nominal.

However, the majority of those who have put off taking advantage of S/MIME in the mobile world have done so because in the past S/MIME has been difficult for users to set up and configure. The difficulty in trying to educate and help users with this initial setup multiplies and magnifies when you’re dealing with a vast array of different mobile devices from different device manufacturers using different versions of different mobile operating systems with different native and third-party email apps that all rely on different S/MIME implementations.

The good news is that the difficulty of setting up S/MIME on mobile devices is a thing of the past with Symantec Work Mail. Work Mail works and behaves the same across all your users’ different iOS and Android devices. Users don’t have to jump through a bunch of confusing steps to enable secure email. Regardless of mobile device, setting up S/MIME with Work Mail requires two simple clicks.

By significantly simplifying setup and usage, Symantec Work Mail dramatically increases your user adoption of S/MIME, your security posture and your ability to comply with organizational and industry security standards. And because of the ubiquitous and trusted nature of the Primary Certificate Authority (PCA) used by Symantec Work Mail, most, if not all, of the email applications used by your email recipients will work seamlessly with Work Mail’s digital IDs.

When it comes to S/MIME, Symantec Work Mail delivers consumer class usability with enterprise class security and productivity. With how vital it is to secure your organization’s sensitive information and how easy Work Mail makes it to use S/MIME there’s really no good reason to delay taking advantage of its ability to secure your email.

This is part two of a three part series discussing the end-of-life (EOL) of Windows Server 2003. As mentioned in part one, on July 14th, 2015 Microsoft will end support for all versions of Windows Server 2003. There will be no more customer support or security patches from Microsoft after that date.

Previously, we discussed the risks of continuing to run unsupported versions of Windows Server 2003, which consists of many factors such as security vulnerabilities, higher costs in maintaining the outdated software and noncompliance issues. When a software company announces the EOL of a product, you generally have 24-30 months to plan and execute an effective and efficient migration strategy.

Hardening and Protecting Your Legacy System

There are some companies that are unable to immediately start migration due to the operational risks and costs associated with platform migrations.  Others may be using, older, custom applications that can only run on Windows Server 2003.  In both these instances, the customer has to ensure that critical applications and processes are supported by the new platforms.  These companies still need to be able to defend against malware without access to security patches, protect their infrastructure against Zero-day threats, and meet their regulatory and compliance obligations and internal security standards.

Server hardening solutions will help secure, monitor, and harden legacy systems as well as new platforms.  They will help mitigate unnecessary cycles of emergency patching and prevent malware from accessing critical applications, even within compromised physical servers.

Symantec Data Center Security Solutions

While running a legacy system has significant challenges, it is not impossible to maintain. Symantec offers simplified, cost effective solutions for the protection and eventual migration from Windows Server 2003. Symantec Data Center Security: Server Advanced provides the most comprehensive and rigorous set of security controls to help when you either choose to, or cannot migrate off of Windows Server 2003 yet. This will help organizations meet security and compliance requirements while they set the pace of their system migration.

Symantec Data Center Security: Server Advanced provides protection from known and unknown OS and application vulnerabilities, and Zero-day threats.

Symantec Data Center Security: Server Advanced identifies all server operating systems running in your environment, allowing you to effectively prioritize and manage the server migration process.  It provides policy-based protection that will detect and protect against malware, targeted attacks, and even the abuse of user privileges.  In addition to intrusion detection and prevention protection,

Symantec Data Center Security: Server Advanced offers real time file integrity monitoring, configuration monitoring, and event logging so that you are able to support your continuous monitoring objectives and support compliance programs like the Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI) Security Standards, and other industry regulations.  DCS: Server Advanced also gives you the ability to create such micro-segments of security containers per application instance, so that you can apply the right policies to the asset groups. 

As previously mentioned, this is not a permanent solution, as maintaining server hardening solutions on a legacy system is the right thing to do, but does not solve for the migration itself. While using Symantec Data Center Security: Server Advanced, you will also be solving for the initial steps for your system migration. In the final part of this series, we will be discussing the migration process itself.

Learn more here: W2K3 Migration Landing page: http://go.symantec.com/2003migration

This is part two of a three part series discussing the end-of-life (EOL) of Windows Server 2003. As mentioned in part one, on July 14th, 2015 Microsoft will end support for all versions of Windows Server 2003. There will be no more customer support or security patches from Microsoft after that date.

Previously, we discussed the risks of continuing to run unsupported versions of Windows Server 2003, which consists of many factors such as security vulnerabilities, higher costs in maintaining the outdated software and noncompliance issues. When a software company announces the EOL of a product, you generally have 24-30 months to plan and execute an effective and efficient migration strategy.

Hardening and Protecting Your Legacy System

There are some companies that are unable to immediately start migration due to the operational risks and costs associated with platform migrations.  Others may be using, older, custom applications that can only run on Windows Server 2003.  In both these instances, the customer has to ensure that critical applications and processes are supported by the new platforms.  These companies still need to be able to defend against malware without access to security patches, protect their infrastructure against Zero-day threats, and meet their regulatory and compliance obligations and internal security standards.

Server hardening solutions will help secure, monitor, and harden legacy systems as well as new platforms.  They will help mitigate unnecessary cycles of emergency patching and prevent malware from accessing critical applications, even within compromised physical servers.

Symantec Data Center Security Solutions

While running a legacy system has significant challenges, it is not impossible to maintain. Symantec offers simplified, cost effective solutions for the protection and eventual migration from Windows Server 2003. Symantec Data Center Security: Server Advanced provides the most comprehensive and rigorous set of security controls to help when you either choose to, or cannot migrate off of Windows Server 2003 yet. This will help organizations meet security and compliance requirements while they set the pace of their system migration.

Symantec Data Center Security: Server Advanced provides protection from known and unknown OS and application vulnerabilities, and Zero-day threats.

Symantec Data Center Security: Server Advanced identifies all server operating systems running in your environment, allowing you to effectively prioritize and manage the server migration process.  It provides policy-based protection that will detect and protect against malware, targeted attacks, and even the abuse of user privileges.  In addition to intrusion detection and prevention protection,

Symantec Data Center Security: Server Advanced offers real time file integrity monitoring, configuration monitoring, and event logging so that you are able to support your continuous monitoring objectives and support compliance programs like the Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI) Security Standards, and other industry regulations.  DCS: Server Advanced also gives you the ability to create such micro-segments of security containers per application instance, so that you can apply the right policies to the asset groups. 

As previously mentioned, this is not a permanent solution, as maintaining server hardening solutions on a legacy system is the right thing to do, but does not solve for the migration itself. While using Symantec Data Center Security: Server Advanced, you will also be solving for the initial steps for your system migration. In the final part of this series, we will be discussing the migration process itself.

Learn more here: W2K3 Migration Landing page: http://go.symantec.com/2003migration

PartnerNet Landing page: PartnerNet

 If you are looking for Google Chrome standalone offline installer, then you can find below the links for 32 bit and 64 versions.

Google Chrome 32-bit (x86):

32-bit Google Chrome Offline Installer  (Single user account, 40MB)

32-bit Google Chrome Offline Installer  (All user accounts, 40MB)

Google Chrome 64-bit (x64):

64-bit Google Chrome Offline Installer  (Single user account, 46MB)

64-bit Google Chrome Offline Installer  (All user accounts, 46MB)

Are you looking for new content for your next user group meeting?

In conjunction with the recent news about the expanded partnership between Bomgar and Symantec regarding the pcAnywhere replacement, Bomgar will be available to present its remote support solution to your group. Bomgar’s remote support solution is used by thousands of IT organizations and service desks worldwide to securely access and troubleshoot remote computers, systems and mobile devices. For more information about additional offers for Symantec pcAnywhere users, click here.

Bomgar announcement on Symantec Connect:  http://www.symantec.com/connect/forums/pcanywhere-solution-and-bomgar-changes-itms-76

To schedule your “Bomgar Deep Dive” session for your next user group meeting please contact Jenna Cleaveland.

Today, Google Cloud Storage Nearline beta was announced. The new offering is designed to provide businesses quick backup data retrieval, limitless storage capacity and simplified access to information at an extremely low cost. At Veritas (the planned spinout of Symantec’s Information Management business), we’re excited to be working with Google Cloud Platform to bring key information management use cases to life for customers. 

Veritas NetBackup 7.7 (in beta, GA planned for the summer)* – our next version of the market leading Backup and Recovery platform – will natively support Google Cloud Storage Nearline as a backup target. As our customers further embrace the hybrid cloud model, our planned support of Google Cloud Platform’s new service will allow enterprises to optimize business agility and information availability.

Veritas solutions are present in 90% of the Fortune 500, and we’re encouraged to see demand for NetBackup support in Google Cloud Storage Nearline. The offering is attractive to NetBackup customers for the following reasons: 

• Enables use of cloud storage as an alternative to tape when choosing long-term storage of backup data
• Allows backup of large volumes of data at a low cost, and access to it any time
• Our integration, through NetBackup’s unique OST layer, allows NetBackup to continue to monitor and manage all backup information, regardless of location – disk, tape or cloud
• NetBackup lifecycle management capabilities also manage when and how information is moved from online disk to Google Cloud Storage Nearline
• NetBackup records all metadata from the information it protects, including data stored on Google Cloud Storage Nearline.

While storage and services are changing rapidly, access, understanding and managing data is more crucial than ever. We believe it’s the information that matters most. We help our enterprise customers manage data in all environments – cloud, hybrid, and on-prem – and harness its power by taking advantage of the latest technologies to transform it into actionable intelligence and competitive advantage.

The hybrid cloud model is the new norm inside of the enterprise. Determining what is valuable becomes more complicated as IT organizations employ multiple hypervisors, storage platforms and cloud models. Our approach is focusing on hybrid cloud and investing to help ensure that our customers have the tools to manage information in increasingly complex environments.

Information availability - keeping data and systems available where and when needed, and irrespective of location – is fundamental to realizing value from enterprise data. Our integration with Google Cloud Storage Nearline will help maintain this availability for NetBackup customers using the service.

*Any forward-looking product plans is preliminary and all future release dates are tentative and subject to change. Any product capability, functionality, or feature are subject to ongoing evaluation by Symantec, may or may not be implemented, should not be considered firm commitments by Symantec, and should not be relied upon in making purchasing decisions.

Recent research undertaken by the Department for Business, Innovation and Skills (BIS) shows that 31% of the worst security breaches in businesses during 2014 were caused by inadvertent human error – and a further 20% by staff deliberately misusing systems.

It’s a huge wake-up call, because the reality is that the day-to-day demands within any enterprise mean employees will do whatever it takes to get their jobs done, whether that’s:

• Accessing corporate data from a personal smartphone or tablet
• Accessing email and business apps outside of office hours
• Using unmanaged apps for work tasks
• Finding ways around corporate policies.

This level of behavior is now regarded so widely as being the ‘norm’ yet most organizations are not prepared for the repercussions. Such workforce behavior, unchecked, is leaving enterprises dangerously exposed:

• Instant gratification– 2 out of 5 employees move work files to personal devices and one-third move work files to cloud-based file sync and share tools. Half of employees think companies don’t enforce data protection policies/don’t take action.
• Low security–aware culture: Half of employees that lose or leave their job take IP with them; 40% plan to use it in their new jobs.

Not only is user behavior a security concern, but bad-behaving apps are increasingly threatening corporate data. Last year, Gartner reported that 75% of apps will fail basic security tests. At Symantec, our Norton Mobile Insight research uncovered that the amount of mobile malware has grown four times in the last year and popular consumer apps are often rated medium or high risk because of the level of personal and device information it has access to that could potentially exploit corporate information.

How then do enterprises protect their data at all times, so it is beyond such compromise? By keeping that data – such as email, for instance – in a separate, secured ‘wipeable’ app, rather than in consumer or native apps. With secure mobile apps, employees can be productive on the go with the ability to do these essential tasks:

Check email, manage tasks and calendar items. Separate corporate email, calendar and contacts from personal or native apps so it can be easily encrypted and managed on its own, in a single app.

Open, edit, save and collaborate on documents. Provide a file repository with secure storage for viewing, editing, and sharing corporate content, and set policies to prevent opening or copying into unmanaged apps.

Access internal websites and web applications. Use a safe internet browser that connects securely to the corporate network for quick access to internal websites and applications, without requiring a VPN.

With Symantec Mobility: Workforce Apps, companies can leverage our secure productivity apps and secure everything that’s related: data in-transit, as it goes from the corporate network to the app on the device, and between apps (block copy/paste to a non-managed app, for example), encrypting attachments and where they are stored, and enforcing passwords and two-factor authentication on the apps. Crucially, it also empowers enterprises simply to wipe each app, if the data needs to be removed.

These business apps are sleek and sophisticated, too. Symantec Work Mail, for example, recently redesigned, has a fresh UI and swipe-friendly gestures, as well as almost all the features of desktop email clients – in other words, this is a highly advanced solution that meets an enterprise’s security issues, delivering the additional capabilities their existing solutions may lack.

PROTECTION IN ACTION

Here’s a couple of real-world examples of mobile security challenges:

1. The IT director needs to be able to explain to the C-level that secure apps are for the business benefit, not an IT restriction. When the CEO puts a new personal phone or gadget on his desk and wants to use it for work, the IT director needs a way to secure the corporate data, without the risk of wiping out the CEO's personal data.
2. Likewise, if a manager loses his or her mobile device (or leaves the company), IT needs the ability to wipe the corporate data/apps off of the device before it can be compromised, leaving personal data untouched  - which is especially relevant for BYOD usage.

Deploying managed productivity apps can help corporate IT to tackle these challenges. In a nutshell, what the Symantec Mobility Suite does is ensure your security policies are enforced without impacting mobile worker productivity.

Infographic: Security precautions to take when delivering content through mobile apps

Do you have a third-party productivity tool that you want to be secured and managed with other apps in a secure workspace? Check out the the Symantec Sealed Program which partners with over 150 third-party mobile apps to help companies meeting data security requirements.

I hear you are going to see a customer today?

Your sales pitch needs to be carefully constructed, finely tuned and in perfect shape. It’s not something to leave to chance. Improving it and adapting it continueally is key.

For the all-new NetBackup 5330 appliance we developed several short-videos that can help you in getting READY for your next customer conversation.

• IT World is Converging – So Should your Backup Watch

• Why are you still Engineering a Backup Platform Watch

• Just Because it Works does not make it Economical Watch
• Storage Toasters with Tiny Brains just can’t Perform Watch
• NBU 5330 - The NEW King of Scale Watch
• Tech Refresh Simplified Watch

Arjan van Proosdij

@arjanvp

The monthly intelligence report provides the latest analysis of cyber security threats, trends, and insights from the Symantec intelligence team concerning malware, spam, and other potentially harmful business risks.

Highlights from February 2015 Intelligence Report

Hoje, a versão beta do Google Cloud Storage Nearline foi anunciada. A nova oferta foi criada para fornecer às empresas uma rápida recuperação de dados de backup, capacidade de armazenamento ilimitada e acesso simplificado a informações, a um custo extremamente baixo. Na Veritas (divisão planejada para os negócios de Gerenciamento de Informações da Symantec), nós estamos felizes de trabalhar com a plataforma de nuvem do Google para trazer casos de uso de gerenciamento de informações-chave para os clientes.

O NetBackup 7.7 da Veritas (versão beta, GA planejado para o segundo semestre) * - nossa próxima versão da plataforma de Backup e Recuperação líder de mercado - terá suporte nativo do Google Cloud Storage Nearline como alvo de backup. Conforme nossos clientes passam a adotar mais o modelo de nuvem híbrida, nosso suporte programado para o novo serviço da Plataforma de Nuvem do Google permitirá que as organizações otimizem a agilidade de seus negócios e a disponibilidade das informações.

As soluções Veritas estão presentes em 90% das empresas da Fortune 500, e nos sentimos incentivados ao ver a demanda por suporte do NetBackup no Google Cloud Storage Nearline. A oferta é atrativa para clientes NetBackup pelos seguintes motivos:

• Permite o uso de armazenamento em nuvem como uma alternativa à fita ao escolher o armazenamento de longo prazo para dados de backup
• Permite o backup de grandes volumes de dados a um baixo custo, e acesso a qualquer momento
• Nossa integração, através da exclusiva camada OST do NetBackup, permite que a solução continue a monitorar e gerenciar todas as informações de backup, independentemente do local – disco, fita ou nuvem
• As capacidades de gerenciamento de ciclo de vida do NetBackup também gerenciam quando e como as informações são movidas de um disco online para o Google Cloud Storage Nearline
• O NetBackup grava todos os metadados das informações que protege, incluindo dados armazenados no Google Cloud Storage Nearline

O armazenamento e os serviços estão mudando rapidamente, e o acesso, compreensão e gerenciamento de dados são mais cruciais do que nunca. Acreditamos que as informações são o que mais importa. Ajudamos nossos clientes corporativos a gerenciar dados em todos os ambientes – nuvem, híbrido e no local – e usar sua força, aproveitando as tecnologias mais recentes para transformar dados em inteligência sobre a qual se pode agir, além da vantagem competitiva.

O modelo de nuvem híbrida é a nova regra dentro da corporação. Determinar o que é valioso se torna mais complicado, conforme organizações de TI empregam diversos hypervisors, plataformas de armazenamento e modelos de nuvem. Nossa abordagem é o foco na nuvem híbrida e o investimento para ajudar a garantir que nossos clientes tenham as ferramentas para gerenciar informações em ambientes cada vez mais complexos.

A disponibilidade das informações – manter dados e sistemas disponíveis onde e quando são necessários, independentemente do local – é fundamental para obter valor de dados corporativos. Nossa integração com o Google Cloud Storage Nearline ajudará a manter essa disponibilidade para clientes NetBackup que utilizarem o serviço.

*Quaisquer planos futuros de produtos são preliminares e todas as datas de lançamentos futuros são projeções e estão sujeitas a mudanças. Qualquer capacidade, funcionalidade ou recurso de produto está sujeita à avaliação contínua da Symantec, e pode ou não ser implementado, não deve ser considerado um compromisso firme da Symantec, e não se deve depender disso para tomar decisões de compra.

Tempedreve Battleplan

Tempedreve is a file infector that attacks files on remote drives and shares.  Without an understanding of how it spreads and the will to put measures in place to stop and eradicate the threat, there will be a constant cycle of attempts to re-infect.  With the need for a stand-alone fixtool to repair these infected files, the cycle is vicious.
 

Vectors of Attack

Once a Tempedreve variant is in memory, it infects files on local and remote drives using “the Pull” and “the Push”

• The Push  An infected machine looks at the list of drives connected to it and systematically attempts to infect files on those drives. If network shares are listed as mapped drives, it will spread to these as well. As the malicious code is injected into the target file and saved to the hard drive, AV detects the write process and attempts to clean the file. In the case of most Tempedreve variants, the file cannot be repaired without a standalone fixtool and the AV will convict the file as Tempedreve.(variant)!inf.  The !inf suffix indicates this is a dangerous infected file that the AV cannot repair.
• The Pull This process is less easily understood. Infected machines now have infected versions of known files sitting on their shares and drives.  If the infected machine has not been quarantined, a user opening an infected file remotely (like a spreadsheet, or an accounting program for example) launches the threat directly into the user machine’s memory. Because file-level antivirus does not scan memory, the threat can now actively attempt to infect files on any remote drives and shares it can see.  Even if the local user’s machine has AV definitions that detect the Tempedreve variant. Files on these other drives are now subject again to The Push, infected in memory and detected as !inf as they are written back to the hard drive.  

Mitigation
The Pull can be mitigated easily, by enabling network scanning or simply quarantining the infected machines until the infected files have been repaired or removed.  This will prevent the threat from launching from a remote host directly into the local memory and therefore skipping the file write process that is essential to AV programs.

The Push can be halted by preventing write access to the shares or by quarantining the infected machines until the infected files have been repaired or removed.

Cleanup
Once you have blocked the vectors, the threat should no longer be spreading. Audit the network environment for not only infected machines, but for machines that are unprotected or under-protected. These machines should be cleaned using the appropriate Tempedreve Fixtool, a reboot to remove the possibility of the threat still running in memory, and a complete AV scan to verify there are no additional detections. Only then should the machine be reintroduced to the network. The sudden appearance of infected files is a quick indicator that a machine that can see the shares is still out there in the network, which underscores the need for a thorough network audit.    
 

If the Tempedreve fixtool is not recognizing or repairing Tempedreve(variant)!inf samples, please submit infected samples through https://submit.symantec.com/retail, follow the instructions for your Support level, and contact technical support to open a case. Those symptoms indicate we may need to update the repair tool. 

AV Signatures

W32.Tempedreve

W32.Tempedreve!gm

W32.Tempedreve.A!inf

W32.Tempedreve.B!inf

W32.Tempedreve.C!inf

W32.Tempedreve.D!inf

W32.Tempedreve.E!inf

IPS Signatures

System Infected: W32.Tempedreve Activity

Tools

W32.Tempedreve Removal Tool

SYMPTOMS:

In Symantec Deployment Solution 7.6, creating a new WinPE preboot environment for PXE (x86 or x64) will fail.  BootWiz will not launch to create the environment. 

The "Altiris Log Viewer" on the Notification Server will show instances of the following errors:

ERROR::CopyImagingToolsForPXEImages()function have failed.

For x64 - Failed  in CopyFile. source Path=C:\Program Files\Altiris\Altiris Agent\Agents\Deployment\SBS\Imaging\{<GUID>}\cache\Ghost\x64\OmniFs64.exe and dest path = C:\Program Files\Altiris\Altiris Agent\Agents\Deployment\SBS\Bootwiz\{<GUID>}\cache\bootwiz\oem\DS\winpe\x64\Base\Program Files\Symantec\Deployment\Ghost\OmniFs64.exe. Windows Error Code=5

For x86 - Failed  in CopyFile. source Path=C:\Program Files\Altiris\Altiris Agent\Agents\Deployment\SBS\Imaging\{<GUID>}\cache\Ghost\x86\OmniFs32.exe and dest path = C:\Program Files\Altiris\Altiris Agent\Agents\Deployment\SBS\Bootwiz\{<GUID>}\cache\bootwiz\oem\DS\winpe\x86\Base\Program Files\Symantec\Deployment\Ghost\OmniFs32.exe. Windows Error Code=5

ROOT CAUSE:

"Windows Error Code=5" represents an Access Denied error.  This is the result of a "Read-Only" flag being set on the destination OmniFs64.exe and OmniFs32.exe files.

RESOLUTION:

Navigate in Explorer to:

For x64 - C:\Program Files\Altiris\Altiris Agent\Agents\Deployment\SBS\Bootwiz\{<GUID>}\cache\bootwiz\oem\DS\winpe\x64\Base\Program Files\Symantec\Deployment\Ghost\

For x86 - C:\Program Files\Altiris\Altiris Agent\Agents\Deployment\SBS\Bootwiz\{<GUID>}\cache\bootwiz\oem\DS\winpe\x86\Base\Program Files\Symantec\Deployment\Ghost\

Right-click the "OmniFs64.exe" file (for x64) and/or the "OmniFs32.exe" file (for x86) and click Properties.  Remove the check next to "Read-only" in the Attributes section of the General tab.  Click "Apply" and "Ok."

You can then initiate the creation of the PXE Preboot Configuration.

NOTE: This issue was discovered on a fresh installation of Symantec Deployment Solution 7.6 on Windows Server 2008 R2.

Veritas NetBackup 7.7 (in beta, GA planned for the summer)* – our next version of the market leading Backup and Recovery platform – will natively support Google Cloud Storage Nearline as a backup target. As our customers further embrace the hybrid cloud model, our planned support of Google Cloud Platform’s new service will allow enterprises to optimize business agility and information availability.

Learn more here HERE.

*Any forward-looking product plans is preliminary and all future release dates are tentative and subject to change. Any product capability, functionality, or feature are subject to ongoing evaluation by Symantec, may or may not be implemented, should not be considered firm commitments by Symantec, and should not be relied upon in making purchasing decisions.

I am very pleased to announce that NetBackup is ready to support VMware vSphere 6 today, on the first date of general availability. Interested customers can read more about NetBackup 7.6.1.1 here and begin their rollouts knowing they will have an enterprise backup strategy in place. We will continue to enhance our vSphere 6 capabilities in NetBackup 7.7 later this year.

Over the past year we’ve talked a lot about the importance of agility in driving business success, and how the Information Management solutions we provide can help IT accelerate business value.  What we haven’t talked as much about is the agile transformation we have undertaken within our own business.   A year ago, we began transitioning our engineering processes to an Agile development model.  Business process transformations are never easy, but as this announcement shows, our investments are paying off as we deliver support of new workloads well within our 90-day commitment.  We are excited to continue on our transformation journey to accelerate capabilities to market and offer even more business value to you as the new Veritas.

We understand that our backup and recovery solutions enable you to provide increased information access, business agility, and risk management as you enable your business to keep ahead of market demands.   Our team is committed to helping you move faster and take bigger risks knowing your information will be safe. The more agile we are, the more agile you can be. Are you ready to deploy vSphere 6? Go ahead – we’re ready when you are.