2015 User Summit held March 2-5 in Salt Lake City, UT.

• Session: Extending the Reach of IT Analytics (Lab)

• Presenter: Brian Sheedy

2015 User Summit held March 2-5 in Salt Lake City, UT.

• Session: pcAnywhere Solution and Bomgar (Presentation)

• Presenter: Sean Waddell (Symantec), Russ Duffey and Brian Bates (Bomgar)

There is little doubt the Internet of Things has now become top of mind for many enterprises and the reasons aren’t that hard to see. IoT has delivered a unique opportunity to enhance digital business in a way that goes far beyond anything previously experienced – enabling enterprises to connect their people, processes, devices and other assets in a manner that was never previously possible, right across their operations.

At the same time, as the impact of IoT gathers pace, those enterprises have to deal with a multitude of challenges that all of this rapid change brings with it. For its part, Symantec is fully engaged in making sure that industry and our customers – whether in financial, retail, manufacturing, automotive or health care – understand the fundamental differences between IT and IoT, and the particular challenges these bring.

What are they? Let me deal with just a few:

• IT is ‘Open’ and easy to install – IoT is ‘Closed’ to new software once the device leaves the factory
• IT has 3 protocols effectively: UDP, TCP, IP – IoT has thousands of protocols many of them being proprietary (hundreds in each vertical)
• IT has 5 Operating Systems: mostly Windows, Linux, OSX, iOS, Android – IoT has dozens, heavily fragmented by vertical.

There are many more such challenges to be overcome, but you get the picture.

With IoT systems closed, what impact does that have on IoT manufacturers? Above all, they will have to take on a greater burden of security than ever before. Specifically, security will need to be designed in at the manufacturing stage. Key to Symantec’s strategy in delivering against that is Symantec Embedded Security: Critical System Protection, a lightweight security client designed to secure the IoT by protecting the endpoint and embedded devices. Crucially, what SES:CSP offers manufacturers and asset owners of embedded systems is powerful signature-less, host-based protection when dealing with both managed and unmanaged scenarios – and all without compromising device performance.  Symantec also has certificates to identify and authenticate the devices that have already been deployed in a billion IoT devices worldwide, as well as a code signing platform to sign software to ensure code can be trusted. Of course, manufacturers must also design their devices so that they can be updated or patched later, if required.

Meanwhile, when it comes to existing legacy networks, while customers need to see if they can retro-fit their devices with solutions like SES:CSP, certificates and code signing; in some legacy networks, it might not be possible to retro-fit  all of the existing devices. So, at the minimum, customers must monitor their networks to analyze the data, in order to understand what is happening and detect any misbehavior. Such a solution will need to work across the myriad of protocols mentioned above. The good news is that advanced machine learning techniques can enable this to happen.  In general, such security analytics should be used across all networks (even with newer devices) to provide insight into the networks. Of course, network protection techniques like gateways and firewalls are also valuable here.

At the same time, having spoken to (and by working with) customers across different industries, we realize that each industry has its own approach to IoT. For financial (ATM), securing the device is paramount. For industrial, the priority is analyzing the data and understanding what is happening in their network. Each and every go-to-market strategy has to reflect these differences and, with that objective in mind, Symantec is committed to delivering what is right for the customer in any given vertical.

Specifically, the Symantec approach addresses each industry uniquely, making the appropriate changes on our side to meet customer needs. We are also working closely with manufacturers and systems integrators who will play a major day-to-day role out in the field securing legacy environments, whether their focus is one specific vertical sector or whether they play horizontally across the ecosystem. In partnership with them, our aim is to make the entire ecosystem secure. Ultimately, whatever the primary focus of the customer might be, they all require one thing: the most comprehensive and robust solution to secure the IoT, which we are engaged in providing.

Global standards like Industrial Internet Consortium (IIC) and AllSeen Alliance also play a key role in shaping the future of the industry where we are participating – and we are committed to moving those standards forward.  Finally, we believe that IoT will be yet another pillar that will bring value to the enterprise, along with cloud, mobile and traditional endpoint. And that makes it even more crucial that security is sufficiently thought through to ensure all enterprises are able to get one common security view across their entire organizations.

Check out our new website for more details, case studies and examples of how Symantec protects IoT today: http://www.symantec.com/iot.

A couple days ago, a colleage brought our SQL Server to it's knees using a the RMV_Installed_File_Inventory view. He just wanted to look at some file versions and paths, so wrote something rather innocent looking,

SELECT vc.Name

      ,vif.[File Name]

      ,vif.[File Version]

      ,vif.[Path]

FROM [RMV_Installed_File_Inventory] vif

JOIN vComputer vc

   ON vc.Guid = vif._ResourceGuid

WHERE LOWER(vif.[File Name]) IN ('oracleadnettest.exe')

ORDEAA BY vc.Name

All he wanted to do was to see where a specific executable 'oracleadnettest.exe' was located and what its version was. Once he'd realised the Altiris Console report window had gotten sulky, he gave me a call.

I was rather surprised to find that the SQL Server was hitting 99% CPU and it didn't give any indication of finishing any time soon. As it was already late afternoon, I decided to let it be and look at it again the next day when things were better.

So, the next day I went in the SQL Server, and went into SQL Server management studio. I thought that before I'd try anything fancy, I'd just do a simple row count. As I couldn't believe what happened next, I took a screenshot....

On the face of it it doesn't seem so bad. The view returned got just under 5million rows.  Notice however the execution time. I didn't take this screenshot a few minutes after executing the query. I took it the next day when it completed. This query took a whopping 1 day, 1 hour and 28 minutes to execute.

So... anyone else seeing this?

For posterity, here is the revsion I made to the original console report query to avoid this view,

SELECT 
vc.Name,
Inv_Installed_File_Details.Path AS [ Name],
Inv_Windows_File.ProductVersion AS [Version]
FROM dbo.vComputer vc  
JOIN Inv_Installed_File_Details ON vc.Guid = Inv_Installed_File_Details._ResourceGuid 
JOIN Inv_Windows_File ON Inv_Installed_File_Details.FileResourceGuid = Inv_Windows_File._ResourceGuid
WHERE Inv_Installed_File_Details.Name = N'oracleadnettest.exe'
ORDER BY vc.Name

And below is the T-SQL for the RMV_Installed_File_Inventory view which seems to be misbehaving.....

[dbo].[RMV_Installed_File_Inventory]

CREATE VIEW [dbo].[RMV_Installed_File_Inventory]
      AS
      SELECT DISTINCT
      iifd._ResourceGuid,
      ISNULL (ISNULL (sc.[Name],wf.ProductName), sp.Name) [Product Name],
      ISNULL (ISNULL (ap.Publisher,wf.Manufacturer), vc.Name) [Manufacturer],
      ISNULL (isc.Version,wf.ProductVersion) [Product Version],
      ISNULL (wf.FileVersionString,'') [File Version],
      f.[Name] [File Name],
      ISNULL (CAST (CAST (ifd.FileSize / (1024.0 * 1024.0) AS DECIMAL (10,2)) AS NVARCHAR (MAX)),'') [File Size (MB)],
      f.ModifiedDate [Modification Date],
      iifd.Path [Path],
      wf.InternalName [Internal name],
      CASE WHEN ISNULL (CAST (iifd.VirtualSoftwareGuid AS NVARCHAR (MAX)),'00000000-0000-0000-0000-000000000000') = '00000000-0000-0000-0000-000000000000' THEN 'N' ELSE 'Y' END [Virtualized (Y/N)],
      wf.Description [File Description],
      ifd.FileExtension [File Extension]
      FROM dbo.Inv_Installed_File_Details iifd
      LEFT JOIN (dbo.ResourceAssociation ra
          JOIN dbo.vSoftwareComponent sc
              ON sc.Guid = ra.ParentResourceGuid
              AND ra.ResourceAssociationTypeGuid = 'EABE86D3-AAFD-487A-AF63-5C95D7511AF6'
          LEFT JOIN (dbo.ResourceAssociation ra2
                  JOIN dbo.vSoftwareProduct sp
                      ON sp.Guid = ra2.ParentResourceGuid
                      AND ra2.ResourceAssociationTypeGuid = '9D67B0C6-BEFF-4FCD-86C1-4A40028FE483')
                  ON ra2.ChildResourceGuid = ra.ParentResourceGuid
          LEFT JOIN (dbo.ResourceAssociation ra1
                  JOIN dbo.vCompany vc
                      ON vc._ResourceGuid = ra1.ChildResourceGuid)
                  ON (ra1.ParentResourceGuid = ra.ParentResourceGuid
                  AND ra1.ResourceAssociationTypeGuid = '292DBD81-1526-423A-AE6D-F44EB46C5B16') OR
                  (ra1.ParentResourceGuid = ra2.ParentResourceGuid
                  AND ra1.ResourceAssociationTypeGuid = 'D5C66D5A-7686-4CA2-B7C1-AC980576CE1D'))
              ON ra.ChildResourceGuid = iifd.FileResourceGuid        
        LEFT JOIN dbo.Inv_AddRemoveProgram ap
            On ap._SoftwareComponentGuid = sc.Guid
          AND ap.InstallFlag = 1
        LEFT JOIN vWindowsFile wf
            ON wf.Guid = iifd.FileResourceGuid
        LEFT JOIN dbo.Inv_Software_Component isc
            ON isc._ResourceGuid = sc.Guid
        LEFT JOIN dbo.vFile f
            ON f.Guid = iifd.FileResourceGuid
        LEFT JOIN dbo.Inv_File_Details ifd
            ON ifd._ResourceGuid = f.Guid

Hello,

Symantec Data Center Security: Server Advanced (DCS:SA) is a flexible, multi-layer security solution for servers that detects abnormal system activities. It prevents and blocks viruses and worms, hacking attacks, and zero-day vulnerability attacks. DCS:SA also hardens systems, enforcing behavior-based security policies on clients and servers.

DCS:SA includes a management console, server components, and agent components that enforce policies on computers. The management server and management console run on Windows operating systems. The agent runs on Windows and UNIX operating systems.

DCS:S entitles customers to agentless anti-malware protection for VMware guest VMs, via integration with the VMware NSX platform, as well as monitoring and hardening VMware infrastructure. In addition, DCS:S orchestrates security using Operations Director. By using the intelligence of Operations Director, customers can provision a vApp/VM with the right security policies.

DCS:SA extends DCS:S and allows customers to monitor and protect physical and virtual data centers using a combination of host-based intrusion detection (HIDS), intrusion prevention (HIPS), and least privilege access control. Fully instrumented REST API provides corresponding API for all console actions to enable full internal and external Cloud automation.

What’s New in SDCS:S & SDCS:SA 6.5:

Added Features:

IDS (Intrusion Detection)

• Ability to monitor and harden OpenStack servers.
• Monitoring of extended file attributes and Access Control List (ACL) changes
• Real-Time File Integrity Monitoring (RT-FIM) support for Veritas File Systems (VxFS)
• Windows and Linux agent support on AWS Virtual systems
• Security-Enhanced Linux (SELinux)/AppArmor support
• Red Hat Enterprise Linux 7.0

IPS (Intrusion Prevention)

• Application Centric Hardening (database schema changes)
• Linux Apache MySQL PHP (LAMP) support on UNIX (new sandboxes for MySQL and PHP in Unix policy)
• Upgraded third-party components (OpenSSL, cURL, FIPSOPENSSL )
• Prevention policy now supports no run exception list
• Execution of files with non-executable extensions is blocked
• Red Hat Enterprise Linux 7.0 and CentOS 7 support
• ACL changes on Windows and UNIX

Unified Management Console (UMC) - UMC is a console appliance that is used to register and configure various features and products in Symantec™ Data Center Security (DCS).

Security orchestration using Operations Director (OD) - Security orchestration feature powered by Operations Director is intended to:

• Automate security provisioning workflow.
• Provide application-centric security service.
• Seamlessly integrate with VMware NSX.
• Provide out-of-box security product integration.

Additional Platform Support:

IDS and IPS support for SDCS:SA agents on

• Security-Enhanced Linux (SELinux)
• Red Hat Enterprise Linux 7
• OpenStack

Hypervisor Support

• Kernel-based Virtual Machine (KVM)
• Amazon Web Services (AWS)

Resolved Issues:

DCS:SA resolved issues

• Windows 2012 R2 agents used to display the OS version and type as Windows 2012 on the console.
• In case of a policy in prevention disabled state, if the prevention ON/OFF slider control is used for enabling an individual sandbox or a group of sandboxes, it overrides the disabled state in the global policy level.
• Policy used to take long time to load in a console when predefined applications are added in trusted updaters or in application rules.
• Management server upgrade used to fail with custom SQL named instance listening on custom port with SQL browser service OFF.
• In a specific scenario, CPU utilization of SQL Server was high when application data was fetched from agents.
• 'Superuser_Group_Created' event used to get generated when the user password was changed in a specific scenario.
• UNIX Baseline Detection Policy failed to apply on UNIX agents when Root Logon Failure option was not selected in the policy.
• In a specific scenario, translation used to fail when any IPS policy other than null policy was applied on the agent.
• Installation of the agent used to fail on Win XP embedded SP3.

What are 5 things customers look for in a DRaaS Provider? Read our @thevarguy blog by @DrewMeyerSYMC to find out: http://bit.ly/1G6Tmjt

Symantec Data Center Security: Server Advanced (DCS:SA)

Symantec Data Center Security: Server Advanced (DCS:SA) provides a policy-based approach to endpoint security and compliance. The intrusion prevention and detection features of DCS:SA operate across a broad range of platforms and applications. It provides:

• A policy-based host security agent for monitoring and protection.
• Proactive attack prevention using the least privilege containment approach.
• A centralized management environment for enterprise systems that contain Windows, UNIX, and Linux computers.

The major features of DCS:SA are as follows:

1) Intrusion detection facility for compliance auditing

• Real-time file integrity monitoring
• Granular change detection of registry values, file contents, and attributes
• Operating system and application log monitoring
• Local event correlation and smart response actions

2) Intrusion Prevention facility for malware prevention and system lockdown

• Sandbox containment of operating system and application processes by an in-kernel reference monitor
• Granular access control of network, file systems, registry, process-to-process memory access, system calls, and application and child process launches
• Privileged user and program behavior

3) Anti-malware security

DCS:SA Security Virtual Appliance (SVA) provides agentless anti-malware security services for the virtualized network through integration with the VMware Network and Security Virtualization (NSX) platform. SVA provides two types of policies: Antivirus policies, and configuration policies.

• Comprehensive out-of-the-box policies for complete system monitoring and protection of physical and virtual systems
• Security orchestration using Operations Director. Operations Director is intended to:
  
  • Automate security provisioning workflow.
  • Provide application-centric security service.
  • Seamlessly integrate with VMware NSX.
  • Provide out-of-box security product integration.

• Centralized management environment for administering agents, policies, and events
• Integration with Security Information and Event Management (SIEM) and other security tools, as well as enterprise infrastructure components such as Active Directory, SMTP, and SNMP
• Broad platform support across Windows, Linux, UNIX and virtual environments for critical servers, workstations, laptops, and standalone systems

The major benefits of DCS:SA are as follows:

• Reduces emergency patching and minimizes patch-related downtime and IT expenses through proactive protection that does not require continuous updates.
• Reduces incidents and remediation costs with continuous security. Once the agent has a policy, it enforces the policy even when the computer is not connected to the corporate network. And even if a computer is unable to obtain the latest patches in a timely fashion, DCS:SA continues to block attacks so that the computer is always protected.
• Provides visibility and control over the security posture of business-critical enterprise assets.
• Uses predefined compliance and hardening policies to provide efficient security management, reporting, alerting, and auditing of activities. Also provides compensating controls for compliance failures.

Prevention Strategies for Physical and Virtual Servers

• Application Whitelisting and Protected Whitelisting: Discover applications via system inspection for creating default-deny policies, or allow applications to run in a restricted sandbox.
• Targeted Prevention Policies: Respond to server incursion or compromise immediately with quickly customizable hardening policies.
• Granular Intrusion Prevention Policies: Protect against zero day threats and restrict the behavior of approved applications even after they are allowed to run with least privilege access controls.
• File, System and Admin Lockdown: Harden virtual and physical servers to maximize system uptime and avoid ongoing support costs for legacy operating systems.

Detection Strategies for Physical and Virtual Servers

• File Integrity Monitoring: Identify changes to files in real-time, including who made the change and what changed within the file.
• Configuration Monitoring: Identify policy violations, suspicious administrators or intruder activity in real-time.

Key Benefits

• Enforce server protection strategies without requiring foreknowledge of complex server applications.
• Stop zero-day exploits and targeted attacks on servers with targeted prevention policies.
• Secure legacy systems and mitigate patching requirements by hardening the OS and sandboxing applications.
• Make security responsive to new software defined data center architectures — controls and policies follow servers across the virtual infrastructure.
• Provide real-time visibility and control into compliance, in a single real-time monitoring and prevention solution.
• Achieve complete protection for vSphere leveraging out-of-the-box policies based on the latest vSphere hardening guidelines.

Symantec Endpoint Protection 12.1

Symantec Endpoint Protection Enterprise Edition 12.1 - Symantec Endpoint Protection is a client-server solution that protects laptops, desktops, Mac computers, and servers in your network against malware such as viruses, worms, Trojan horses, spyware, and adware.

Additionally it is able to provide protection against even the more sophisticated attacks that evade traditional security measures such as rootkits and zero-day attacks.

The suite comprises of Antivirus / Antimalware protection, Firewall, IPS and Application and Device Control.

In Symantec Endpoint Protection 12.1 version, SEP is built on multiple additional layers of protection, including Symantec Insight and SONAR both of which provide protection against new and unknown threats. The most recent Symantec Endpoint Protection version is 12.1 RU6.

The Symantec Endpoint Protection Manager now supports Linux clients, allowing administrators to configure antivirus policies the same way they would for Windows and Macs.

Power Eraser has been fully integrated into Symantec Endpoint Protection, allowing administrators to remotely scan an infected endpoint and remediate the infection remotely from the management console.

Administrators can remotely install Mac clients from the Symantec Endpoint Protection Manager.

Removes over 300 products from more than 60 vendors, ensuring endpoint safety during any update.

The layers of protection that are integrated into Symantec Endpoint Protection

Difference between

Symantec Data Center Security : Server Advanced

and

Symantec Endpoint Protection (Antivirus)

Conclusion:

• If no prevention policy or a 'disabled' prevention policy is in use, full 'real-time' anti-virus is still definitely recommended.

• With the 'core' prevention policy in full prevention mode, 'real-time'anti-virus becomes less important, but still a good idea. The 'core' policy locks down the main attack points that viruses and hacking attacks use, but any application that is not specifically called out by the policy operates as a 'safe' application - i.e. it can still modify executables and infect a system.

• With a 'strict' or 'limited execution', the system is significantly protected against threats, so 'real-time'AV protection is not needed as much. No application can be changed or modified without either user intervention or modification by a privileged app (i.e. software distribution tool). Turning off SEP AutoProtect ('real-time' protection) would improve file access performance and reduce memory impact.

• For 'core', 'strict' and 'limited execution'I would still recommend AV with at least regular file scans (scheduled or manual scan), just to make sure no infected files linger around on a system. Otherwise infected files could be dropped on the system in lesser protected locations (assuming they are not executable files) and end up being 'distributed' to other users download these files - a particularly likely case for sharepoint, file servers and web servers. Office files would be good examples of files that could be infected but would not be controlled/blocked by SDCS, but would be caught by AV.

Also consider the following benefits that SEP provides when installed on the same system as SDCS:

1. Cleans systems regardless of how they’ve been infected once the signatures are up to date.

2. Protects against the types of attacks that are “normal behaviors” in SDCS’s various Behavior Controls. One example is a Word macro virus that just wants to be malicious and delete all of the files on your system.

You may also like to check this below article:

Symantec Critical System Protection and how is it different from Symantec Endpoint Protection

https://www-secure.symantec.com/connect/articles/symantec-critical-system-protection-and-how-it-different-symantec-endpoint-protection

Growing up in the 1970s, we were engrained with the Green Cross Code for road safety, so much so, I can still remember the mantra from the TV. For those fortunate enough to be too young to have any idea what I’m talking about, well… you really missed something, because the effect was remarkable. It became a buzzword for millions. I would like to think it also saved lives along the way.

Just like that safety campaign, we now have an opportunity to encode the DNA of our emerging generations in a socio-techno culture of Information Security. But can it work?

I’m not sure when exactly, but I noted with eventual concern the ability my three-old has to grasp the use of internet-connected technology ahead of many non-technical or social skills. As I looked into this more and more, I saw a pattern of behaviours emerging: that he has a priority to use a screen-based device ahead of a ball or traditional children’s toys. As a parent, I have to hold my hand up and state emphatically ‘mea culpa’. I look around when out in the shopping mall, the park or public transport and I see the same thing, a generation of technology-savvy children with sometimes addiction-type behaviours when using devices such as smartphones, tablets etc. Oh, and if you disagree with the word ‘addiction’, then try removing the device and listen to the music!

So, have we exposed our children to risk our parents would never have fathomed? Well, let’s look at the facts. Smartphones, tablets and pervasive access to the internet is a relatively new phenomenon, even by our standards. If I were to use the analogy of aircraft and air travel safety, I can plainly see the safety considerations were an afterthought. Similarly, cars were around a long time before legislation enforced the introduction of seat belts.

Can’t we just use technology to resolve this?

Let’s look at the dynamics of this for one moment – at that juncture, I believe the analogies mentioned previously grow threadbare. Any device that can access the internet (or, just as importantly, be accessed from the internet) is exposed to the risk of the actors and use case examples we see in the media on a daily basis. I do not believe technology will truly overcome a human problem. If I look at the education systems of the modern world, there is a common thread of learning mechanisms for the various disciplines, language, numerology, science etc. Is it a big ask to use these trusted vehicles of education to align a code of principles of ‘Online Safety for the Community’? It has to start somewhere – why not here?

How long will it take to see if this approach has worked?

The proof is in the pudding; might it take a generation to bear fruition? Can you imagine my three-year-old, having come through an education system that engrains an Online Safety program in school curriculum, starting a job as a school leaver or graduate where the principles of Online Safety are second nature? Would that benefit the enterprise as a whole?

Surely we have other options?

Having been working in ICT for almost 20 years and information security for nigh on 14 years of those, I am at pains to come up with alternatives. However, I would be the first to listen to these, should they indeed surface, as I believe it will stimulate constructive and healthy discussion.

Should we also reboot our safe cross code?

Looking at a new generation of teens and early adults, and how attentive they are to their smartphones as they walk, my attention is drawn to the walk lanes that appeared in North East Asia in 2014. There are ‘smartphone’ walking lanes and ‘smartphone-forbidden’ walking lanes. Does this address the issue of walking while not paying attention to the surroundings or is it a symptom? Do we need to reboot the green cross code? In fact, the safe walk code? And is Corporate Responsibility a vehicle to achieve this?

Happily, many global organisations are now taking their Corporate Responsibility practice very seriously and leveraging the workforce to engage with schools, delivering Online Safety workshops and presentations. To use the Green Cross Code analogy, it’s a step in the right direction.

Symantec in action: Safer Internet Day 2015: Symantec Volunteers Deliver Online Safety Workshops to Students

Overview

Today, Symantec released Symantec Endpoint Protection 12.1.6, which integrates the existing features currently in Symantec Endpoint Protection for Windows XP Embedded 5.1. This release continues the positive momentum of Symantec Endpoint Protection 12.1- Unrivaled Security, Blazing Performance, and Smarter Management.

With this latest release, Symantec Endpoint Protection 12.1 now has features specific to the embedded platform. This change removes the need for the separate Symantec Endpoint Protection for Windows Embedded 5.1 offering. Symantec will cease selling Symantec Endpoint Protection for Windows XP Embedded today, June 1, 2015. The technical support services of the old 5.1 product will close on October 15, 2016. There is no direct migration between Symantec Endpoint Protection 12.1 and the Symantec Endpoint Protection for Windows XP Embedded 5.1. We encourage customers who have embedded systems in their environments to upgrade to this latest version.

Key New Features in Symantec Endpoint Protection 12.1.6

Integration of the existing features in Symantec Endpoint Protection for Windows XP Embedded

• Reduced size client- 80-90% smaller than the standard size client that fits embedded systems, greatly reducing the definition set and improving performance
• Supported OS systems- Windows embedded systems, Win10, RedHat7.0
• Write filters support- File based write filter and registry filter are fully supported on all the supported Windows embedded systems

Feature Enhancements

• Reducing the attack surface using System Lockdown- Integrated workflow for System Lockdown makes it easier to collect File Fingerprint list
• Large content mitigation- Ability to alert the admin when Symantec Endpoint Protection clients request for full content, which mitigates network overload
• Better with Advanced Threat Protection (ATP Integration)- Get a suspicious file from the client to the ATP server for further analysis

Technical Resources

What’s New in Symantec Endpoint Protection 12.1.6

FAQ: Symantec Endpoint Protection for Windows XP Embedded EOL

Upgrade or migrate to Symantec Endpoint Protection 12.1.6

Symantec Endpoint Protection has been released & available to download

Product guides for all versions of Symantec Endpoint Protection and Symantec Endpoint Protection Small Business Edition

I’m extremely happy to announce that NetBackup 7.6.1.2 and NetBackup Appliances 2.6.1.2 are now Generally Available!

NetBackup 7.6.1.2 is our second maintenance release for the NetBackup 7.6.1 release update. This release contains fixes to over 550 issues including resolutions for most commonly downloaded EEBs, customer escalations, and critical internally found defects. 7.6.1.1 also provides several critical security fixes and many high-demand proliferations to our customers. The significant content of this release is:

• Over 100 customer-related defect fixes, including four 7.6.1.1 issues highlighted in the 7.6.1 Late Breaking News
• Proliferations and Features:
  • Red Hat Enterprise Linux 7- Oracle 11g R2 & 12c R2
  • BMR - Windows Server 2012 R2 Client/Boot Server
  • Exchange 2013 CU7
  • SharePoint 2013 support for SQL 2014
  • Windows 2012 R2 Update 3
  • Exchange 2007 SP3 RU16
  • Exchange 2010 SP3 RU8
  • Red Hat Enterprise Linux 7.1 (Client)
  • CentOS 7 (Client)
  • OEL 6.6 (Client)
  • OEL 7 (Client)
  • SUSE 12 (Media Server, MSDP, Cloud)
  • SAP HANA SPS 09 SUSE 11 SP3
  • SAP HANA SPS 09 RHEL 6.5
  • Ubuntu 14.10
  • Domino SLES 12 (Domino 9.0.1 FP3 IF1)

To download 7.6.1.2, please visit the following page:

NetBackup 7.6.1.2 Download Links
 http://symantec.com/docs/TECH230565

This is a MAINTENANCE Release for NetBackup (as opposed to a Release Update) - it can ONLY be applied on top of NetBackup 7.6.1 or 7.6.1.1. (If you are currently running 7.0, 7.0.1, 7.1, 7.1.0.x, 7.5, 7.5.0.x OR 7.6.0.x, you will need to upgrade to 7.6.1 GA before you can apply 7.6.1.2.)

This is a CUMULATIVE release - it contains all previous 7.6.1.1 fixes and you will not need to apply 7.6.1.1 if you intend to apply 7.6.1.2.

To check to see if your particular Etrack is resolved in NetBackup 7.6.1.2, please refer to these Release Notes and our updated EEB guide:

NetBackup 7.6.1.2 Release Notes
 http://symantec.com/docs/DOC8198

Symantec NetBackup 7.6 Emergency Engineering Binary Guide
 http://symantec.com/docs/DOC6085

The NetBackup 7.6 and 7.6.1 Late Breaking News has also been updated to reflect newly released fixes in 7.6.1.2 for some of our highest visibility issues:

NetBackup 7.6.1 Late Breaking News
 http://symantec.com/docs/TECH227580
 Short link: http://bit.ly/761LBN

NetBackup 7.6 Late Breaking News
 http://symantec.com/docs/TECH199999
 Short link: http://bit.ly/76LBN

Bookmark the NetBackup Product Landing Page to have these links and many more useful links handy:

 http://go.symantec.com/nb

NetBackup Appliances 2.6.1.2 is the equivalent patch release for NetBackup 52xx (and new 5330!) Appliances. It can be applied in an upgrade to Appliances running ANY 2.5.x or 2.6.0.x version.

To download 2.6.1.2, please visit the following page:

NetBackup Appliance 2.6.1.2 Release
 http://symantec.com/docs/TECH228624

More information on 2.6.1.2 can be found at the following locations:

NetBackup Appliances 2.6.1.2 Release Notes
 http://symantec.com/docs/DOC8185

Complete Symantec NetBackup Appliance Documentation Set - 2.6.1.2 versions
 http://symantec.com/docs/DOC8194

The NetBackup Appliances Late Breaking News can be found here:

NetBackup 5xxx appliance series Late Breaking News
 http://symantec.com/docs/TECH145136
 Short link: http://bit.ly/APPLBN

Bookmark the NetBackup Appliances Common Topics page to have these and many more useful links handy:

http://go.symantec.com/nba

bit.ly/761LBN | APPLBN | 76LBN

Sometimes you may need to report information based on command line types, you know the 'install', 'uninstall', 'Custom', 'Repair' etc.

But how do you get this information out of the Symantec CMDB. Today we will do excatly that with a short SQL query so you don't have to work it all out yourself.

First, you need to know which table contains the data, and in which form. We have 2 tables that contain all of the interesting data:

• RM_ResourceSoftware_Command_Line
• RM_ResourceCommand_Line_Type

Unlike many relations between items or resources the mapping from command line to command line type is not done in ItemRefernece or ResourceAssociation. Rather the command line type guid is embedded inside the Software Command Line state.

So we need to do the following (pseudo sql):

select * from <cmd line> join <cmd type> on <cmd line>.state(command line guid) = <cmd type>.guid

In order to extract the command line type guid we will be using Microsoft SQL xml 'value' method. The value method takes an xpath query and sql datatype argument pair.

The state xml looks like this:

<item>
    <SomeNode param="valueX" />
    <OtherNode param="valueY">Node Content</OtherNode>
    <commandLineType guid="<guid>" />
    <SomeOtherNode parmaT="reituoer" paramV="orietper">This is the some other node content</SomeOtherNode>
</item>

So the XQuery to access the command line type node is simple: '/item/commandLineType', and extracting the guid parameter is a little more complex, but not by a stretch: '(/item/commandLineType/@guid)[1]'. In English, we access the first entry ([1]) in the guid parameter (@guid) found under the root node item, sub-node commandLineType (/item/commandLineType).

Final SQL query:

select cmd.guid, cmd.name, typ.Name,  cast(cmd.state as xml).value('(/item/commandLineType/@guid)[1]', 'char(36)')
  from RM_ResourceSoftware_Command_Line cmd
  join RM_ResourceCommand_Line_Type typ
    on typ.Guid = cast(cmd.state as xml).value('(/item/commandLineType/@guid)[1]', 'char(36)')

“Tell me and I forget. Teach me and I remember. Involve me and I learn.”

In this Information Age where everything changes with the speed of light, Benjamin Franklin’s words are more relevant than ever before. Teachers are the heroes shaping our future innovators and for the 13th year in a row, Symantec will recognize a few of the influential educators out there – and you can play a part.

Honoring Innovators for 13 Years

In 2003, Symantec and Teach For America launched the [link] Symantec Innovation in Teaching Awards, recognizing outstanding Teach for America teachers who demonstrate original thinking and teamwork in the service of increasing student learning.

The awards were created to elevate innovative classroom practices that add value to students’ lives and help them reach their full potential. They are open to the more than 21,000 Teach for America corps members and alumni teachers. Educators submitted their innovations via an online application form and video.

Five outstanding teachers will receive a $1,000 personal award and a $1,500 resource grant to help scale their innovation, as well as an all-expenses paid trip to Teach For America's Alumni Educators Conference in July. Vote for your favorite! Our finalists include:

1. Blair Mishleau (Twin Cities ‘12) - Aggregating Diverse Data to Drive Success
Blair, a technology specialist, created the Student Success Snapshot, a student and family-friendly report which translates the vast and often complex data his current school in Washington, D.C. collects on student achievement. The report breaks down and transforms this data into conversation-starters for students and families around a student's goals and enables students to be empowered to take control of their learning.

2. Bobby Moore (Baltimore ’11) - Students Secure Funding to Further their Passions

Bobby created the online platform, Student Opportunities & Academic Resources (SOAR), to teach students the web-based communication and presentation skills that are paramount to their future success. SOAR enables students to showcase their talents, interests, and needs on the internet with new networks of people who can support and fund their ideas. The program officially launches late this spring, but has already engaged teachers and students through a series of beta-tests and partnerships. 

3. Brittany Daley (Bay Area ‘13) - 3D Printer Powers Blended Learning

Through the implementation of a blended learning program, students in Brittany's second grade class are being exposed to new technology such as 3D printers to create their own innovations to improve the quality of life for others. This curriculum is empowering students to take control of their own learning and demonstrate how they can use their knowledge to create a better world. 

4. Corbin McGhee (Arkansas ‘13) - Students Support Students through Mobile Apps

Corbin's ninth graders are creating cutting-edge apps that are more than just fun and games. These entrepreneurial students are partnering with teachers in other classrooms to create apps that are having a real impact on their schoolmates by aiding them with subjects they are struggling in. 

5. David Gillis (New Jersey ’13) - Google Survey Turned into Engaging Interactive Worksheet

By combining Google Survey with his coding skills, David has created an interactive classroom worksheet system for his lessons that provides immediate feedback on student work and tracks their progress in real-time. The worksheet is already having a strong impact; since David started using it with his students, learning objective mastery has increased by 20 percent.

6. Hilah Barbot (New Orleans ’09) - College Writing Buddies Close Writing Achievement Gap

A partnership with freshman at Tulane University has Hilah's fifth- through eighth-grade students improving their writing skills in a fun and interactive way. Her program, College Writing Buddies (CWB), physically and virtually pairs her students and university students to bridge the writing achievement gap. Through CWB, students are increasing their writing ability, academic confidence, and digital communication skills.

7. Lauren Fine (St. Louis ‘05) - Students Create Social Impact Solutions

Lauren's program, Little People, BIG Changes, empowers youth to make changes both locally at her current school in Colorado, and abroad. Her program cultivates and supports ideas of elementary students and encourages them to be thoughtful, community-minded citizens. Together her children have helped increase literacy rates in their school through partnering with a local Early Childhood Education program, sent shoes to children in Mexico, and helped work on access to education globally through sending children to school in Ghana.  

8. Manas Kulkarni (Bay Area ’13) - Technology Fuels International Student Success

Manas works with international/newcomer students who often have been in the country less than a month, may have no formal education, and speak little-to-no English. To help level the playing field, he uses technology to create a common language for students to work together to solve Algebra problems. His use of technology has not only contributed to academic growth, but also created a positive reinforcement system that is accessible to all students, no matter what their language.

9. Rachel Weislow (Massachusetts ’13) - Storybook Café Pushes ESL Students to Tell Their Story and Increases Language Skills

Storybook Cafe is a unique program created by Rachel where ESL students work to compose their own stories ranging from holiday tales to culturally relevant fairytales, to their own family immigration stories. After crafting these stories, students are joined by staff and family members for a special read-aloud event four times a year. The program has dramatically grown students’ abilities in reading, writing, speaking, and listening, in addition to helping families play a more active role in their student’s learning.

10. Staci Childs (Houston ’13) - Special Camp Creates Behavior Change

EDGE is a daily after school program where students engage in a variety of activities that range from exercise to art, and from cooking and nutrition – in addition to holding discussions centered on social justice. Staci created the program after seeing an increase in the amount of school suspensions within her elementary school. The program creates opportunities for kids to direct their energy into dynamic afterschool activities and thus hopefully increase positive behavior during the school day. Staci’s pilot programs are seeing incredible success - since inception, no participants of the program have been suspended or referred for behavior problems at their respective schools.

Watch the videos and vote for your favorite now!

Share this!

Ask your Facebook friends or Twitter followers to vote with this sample post:

Vote now: select @Symantec and @TeachForAmerica's Most Innovative Teacher http://www.symantecinnovationawards.com/ #CSR #STEM

Symantec’s Longest Standing Non-Profit Partner

Since 1997, Symantec has partnered with Teach for America, a national non-profit that recruits, trains and supports top college graduates and career-changing professionals to commit to teaching in under-resourced urban and rural public schools. The partnership brings together two organizations promoting innovation in teaching, so that all children have access to an excellent education that will help prepare them for opportunities in school and in life.

“K-12 education plays a powerful role in children’s academic, career, and personal outcomes – and every child deserves access to a high-quality education,” says Cecily Joseph, vice president of Corporate Responsibility at Symantec.  “Across all subjects and disciplines, we believe that effective teaching requires innovation. We’re thrilled to support the 2015 Symantec Innovation in Teaching Awards again, as these teachers work to expand their impact and open doors for their students.”

Supporting diversity in STEM

Symantec and Teach For America are committed to working toward the day when all students will have access to the educational opportunities that will prepare them for success in college and careers. Since 2008, Symantec has been a critical partner in fostering diversity for the program – enabling Teach For America to recruit, train, and support a diverse corps of our nation’s emerging leaders to commit to science, technology, engineering, and math (STEM) education. In 2014, Teach For America welcomed its most diverse corps ever, including 50 percent of incoming teachers who identify as people of color, 47 percent who are Pell Grant recipients (a reliable indicator of low-income background), and one-third who come to the corps with graduate school or professional experience.

Over the course of the relationship, Symantec's support for TFA has surpassed $4 million, helping to empower more than 32,000 TFA teachers and alumni who have positively impacted the academic trajectories for more than 3 million children since 1991.

For more information on Symantec’s support of STEM education, visit the community investment section of the Corporate Responsibility website.  

Symantec is taking data protection to new heights – the cloud. Symantec recently expanded its information protection portfolio with the launch of Data Loss Prevention 14 and a strategic partnership with Box, an online file sharing and personal cloud content management service for businesses. Symantec Data Loss Prevention (DLP) now extends data loss prevention policies to cloud storage apps and gives deep visibility into valuable data stored and shared in Box.

The announcement solidifies Symantec’s commitment to protecting data and identities regardless of where they reside – on premise, in transit, or in the cloud.

The Cloud Creates Data Protection Challenges

It’s a data-driven world today. Data is everywhere – on the network and in the cloud – and it’s always within reach of users. Businesses and consumers are mobile, 24/7, and are often remote. Organizations, from small businesses to enterprise, are moving their information from legacy, on-premises systems and realizing the benefits of cloud storage.

However, as information moves offsite and into the cloud, it raises concerns about security, privacy, and compliance. Before the cloud and mobility, IT teams were able to keep things on-premise such as data, devices, visibility and control. Enterprises now live in a hybrid environment as the cloud adds extra levels of complexity for IT teams.

“Keeping corporate information safe and compliant has never been easy. Today’s cloud and mobile-driven world create new data protection challenges. Sensitive information is no longer within the safety of your corporate network,” said Cheryl Tang, Sr. Product Marketing Manager, Enterprise Security, Symantec. “More employees routinely share files using consumer cloud storage solutions - often without IT knowing about it. That means a lot of data is being created and stored in the cloud – undiscovered, unmonitored and potentially unprotected.”

“As companies seek to move their information to the cloud, they’re looking for security providers who can keep their information protected regardless of where it resides. Data Loss Prevention (DLP) is one of the key technologies to enable anytime, anywhere, any device data protection. DLP is a foundational technology for cloud security,” said Tang.

Learn more about Symantec Data Loss Prevention the market-leading data loss prevention solution.

Symantec is taking data protection to new heights – the cloud. Symantec recently expanded its information protection portfolio with the launch of Data Loss Prevention 14 and a strategic partnership with Box, an online file sharing and personal cloud content management service for businesses. Symantec Data Loss Prevention (DLP) now extends data loss prevention policies to cloud storage apps and gives deep visibility into valuable data stored and shared in Box.

The announcement solidifies Symantec’s commitment to protecting data and identities regardless of where they reside – on premise, in transit, or in the cloud.

The Cloud Creates Data Protection Challenges

It’s a data-driven world today. Data is everywhere – on the network and in the cloud – and it’s always within reach of users. Businesses and consumers are mobile, 24/7, and are often remote. Organizations, from small businesses to enterprise, are moving their information from legacy, on-premises systems and realizing the benefits of cloud storage.

However, as information moves offsite and into the cloud, it raises concerns about security, privacy, and compliance. Before the cloud and mobility, IT teams were able to keep things on-premise such as data, devices, visibility and control. Enterprises now live in a hybrid environment as the cloud adds extra levels of complexity for IT teams.

“Keeping corporate information safe and compliant has never been easy. Today’s cloud and mobile-driven world create new data protection challenges. Sensitive information is no longer within the safety of your corporate network,” said Cheryl Tang, Sr. Product Marketing Manager, Enterprise Security, Symantec. “More employees routinely share files using consumer cloud storage solutions - often without IT knowing about it. That means a lot of data is being created and stored in the cloud – undiscovered, unmonitored and potentially unprotected.”

“As companies seek to move their information to the cloud, they’re looking for security providers who can keep their information protected regardless of where it resides. Data Loss Prevention (DLP) is one of the key technologies to enable anytime, anywhere, any device data protection. DLP is a foundational technology for cloud security,” said Tang.

Learn more about Symantec Data Loss Prevention the market-leading data loss prevention solution.