When we look at the statistics, it is still very clear that women are extremely underrepresented in Science, Technology and Math (STEM) careers. Half of the U.S. workforce is female, and half of the college population, however, only 28% are in STEM fields[1] and only 39% of chemists and material scientists, 28 percent of environmental scientists and geoscientists, 16 percent of chemical engineers and 12 percent of civil engineers are female[2]. Additionally, research shows that women who complete STEM degrees are less likely than males to actually pursue a STEM career.

There are many reasons that experts site for this – societal influence, lack of opportunity, lack of interest, stereotypes, explicit and implicit bias. For example, according to a paper by the White House - STEM Depiction Opportunities– in depictions of STEM professionals in family films, men outpace women 5 to 1, and in portrayals of computer scientists and engineers, men outpace women 14.25 to 1. 

Additionally, President Obama speaking at the 2015 White House Science Fair emphasized"Part of the problem is we don’t tell the stories enough of the incredible scientists and inventors along the way who are women, or people of color, and as a consequence, people don’t see themselves as potential scientists."

In many ways, we are often caught teaching our girls out of STEM.

Changing the status quo, closing this gender gap, and talking our girls into STEM is a key focus of Symantec's and a cause we are deeply committed to.

We recently set a goal to excite, engage, and educate one million students in STEM education by 2020, including a focus on female students. To do this we work with a variety of partners that have leading STEM programs tapping into the passions of young girls and providing an opportunity to channel current strengths or uncover future ones.

Two of these partners are targeting females 12-14 years of age, the age that research shows is a critical period for influencing a female's belief in her capabilities and future opportunities.  

• Mentoring for the Nation's Largest Computer Science Competition

Through our partnership and grant with Project CS Girls, a nonprofit working to close the technology gender gap, we support the organization's annual nationwide computer science competition, the largest computer science competition for middle school students in the United States. Symantec employees mentor students through the competition, which challenges girls to develop a computer science/technology based solution to a societal problem.

The 2016 competition winners definitely speak for themselves and would have most second-guessing these solutions came from teenagers. They included a wearable device to support dementia patients and caregivers, a hunger and obesity prevention app, an app to help teens with mental illness, an environmentally friendly device to reduce barnacle growth on marine vessels and more – all solutions extremely impressive at any age.

• STEM Camp for Rising Students

Through our partnership with the American Association of University Women (AAUW), we support the organization's national Tech Trek Program, week-long camps that expose leading American 8th graders (13-14 years of age) to how STEM careers solve some of the world's largest problems as well as providing them with valuable STEM training and skills. Topics range from robotics to engineering to aerospace to cybersecurity. Click here to read one Tech Trekker's experience!

Founded in 1881, AAUW "the nation’s leading voice promoting equity and education for women and girls" and has been recognized by the White House for its cutting edge programs to close the STEM gender gap.

This year we will again support Tech Trek through a $100K grant, however, our involvement will help expand cybersecurity curriculum developed last year to additional camps, as well as refining the curriculum to engage and excite students.

AAUW Tech Trek Stanford, CA campers see cybersecurity in action at Symantec's headquarters.

Symantec cybersecurity leader Meg Layton inspires girls in STEM at Project CS Girls National Gala.

In a recent article in the Philadelphia Inquirer on the Project CS Girls national competition, 14-yr old Baheen Huzan, a STEM achiever who recently placed second in the competition, is quoted saying "It's pretty hard to be a girl and say I want to do computer science, because I've gotten those weird looks from people before." Alternatively she says in the article, girls are often focused on Justin Bieber or following their favorite pop star or TV shows. 

While the latest Bieber fever is likely here to stay, we will continue to join our partners in creating a world where among a young girl's many interests and passions – an interest and career in STEM is most often one of them.

Questions? Contact Community_Relations@Symantec.com.

According to the Pew Research Center 92% of teens in the United States go online daily and nearly 88% have access to cell phones or smart phones[1]. By the time children in the UK have completed their compulsory education (age 16), most have regularly accessed the internet and computers for multiple purposes. And we see similar trends across the world.

Additionally, according to Symantec's 2016 Internet Security Threat Report (ISTR), there were over one million web attacks worldwide against people each day in 2015 and nearly 75 percent of all legitimate websites have unpatched vulnerabilities.

Compound this with the growing risks that children face online, 42% of child sexual exploitation victims in the United States have met their perpetrators online[2], bullying is on the rise across the world and possible via a growing number of games and social media. Additionally, some children are becoming tech savvier than their parents, able to "outsmart" them and hide online activity. 

Children may be tech-savvy, but they don’t always make the best decisions or know how to use devices safely and responsibly. Protecting our devices, products and services is one critical piece of this puzzle however, education and advocacy plays an equally important role and is a powerful piece we must not ignore.

We believe that in the same way that we educate our children about other risks, it is imperative that we educate them about avoiding online dangers. Online safety is a key strategic area of our corporate responsibility and philanthropy strategy. We dedicate monetary and volunteer resources every year to strengthening our youth's and adult's ability to stay safe online.

For example, since 2010, Symantec has partnered with Common Sense a leading online safety non-profit, to empower our employees, educators and parents to become ambassadors for online safety. We do this through helping Common Sense expand and improve their offerings as well as leveraging their tools to join Common Sense's growing community of online safety advocates.

Leveraging Common Sense’s resources, Symantec's Online Safety in the Community Programprovides employees with all the materials and information needed to work with local schools and other organizations to help students and their families navigate online challenges and harness technology for learning and life.

Additionally, in FY15 and FY16, we supported Common Sense’s K–12 Digital Citizenship Curriculum, which teaches students how to make safe, smart, and ethical decisions in the digital world.  The core digital citizenship curriculum includes over 65 lesson plans tailored to each grade level and is based on the research of Dr. Howard Gardner and the GoodPlay Project at the Harvard Graduate School of Education. Additionally, the curriculum includes lesson plans, family education materials, interactive activities, and professional development for teachers. Topics include internet security, privacy and security, cyber bullying, self image and identity, and more.

Our FY16 grant helped Common Sense expand this program into Australia and parts of Asia. 2,300 Australian and South East Asia schoolsand 3,445 educators have registered to use CSM’s online digital literacy and citizenship resources. Additionally, in the United States 90,000 K-12 schools and 300,000 K-12 educators have registered on the website.

Just as media and technology develop at a rapid pace, so do the risks that come along with them. We must continue to teach our tech savvy youth the what, why and how of a digital common sense that allows them to safely enjoy the richness today's media and technology offer. 

Symantec employees teach Online Safety to Jean Parker Elementary School in San Francisco, CA.

If you’d like to learn more about how a Symantec employee volunteer can teach online safety in your local school or classroom, contact us at Community_Relations@symantec.com.

Jaime Barclay is Symantec’s Corporate Philanthropy Program Manager

I work in a larger company and I was tasked with managing several thousand endpoints and a daunting list of exclusions that hadn't been updated in years. Managing SEP had been passed from admin to admin like a hot potato, and by the time I received it, the exception list was a mess of over 3,000 exceptions of dubious relevance and serious negative effects on our security.

So the first part to fixing the problem was reporting on it, and in spite of years and years of forum posts by quite a few users, I really hadn't seen a good solution. PowerShell has been my tool of choice for managing our systems, so I wanted to build something that fit into our mangement module.

Step 1: Find the right table

I really can't take credt for this - our Symantec support rep (thank you Tony) was able to point me to the right table, BASIC_METADATA. I would never have found this on my own.

Step 2: Query the table and convert it to something I can actually read

The table BASIC_METADATA stores binary data. It's not hard to convert with basic TSQL, but you have to know the data is there in the first place (thanks again Tony). Once you've converted it from binary, you're left with an XML you can actually read.

Step 3: Parse the XML file

I'm a fan of PowerShell, but use your XML reader of choice. If I were able, I would do this within the TSQL query itself. Each excption type has different properties, and you may prefer to group or view them in a different format than I have provided. If you've gotten this far enough to get the XML file, you'll almost definitely be able to find a way to parse it that presents the data in a way that's meaningful to you.

The script:

Hopefully this works for you. You'll need to provide credentials that both have access to the server via WinRM (for Invoke-Command) and which have access to the database. You may find it easier to query the database directly rather than with WinRM, or you may wan to modify it to take two sets of credentials. If you have a unique connection situation, feel free to respond and I'll try to update it to work for you.

Function Get-SEPMExclusions {

param (
    
    [Parameter(Mandatory=$true)]
    [Alias('Name','ComputerName')]
	[string]$ServerName,

    [Parameter(Mandatory=$true)]
    [System.Management.Automation.PSCredential]
    [System.Management.Automation.Credential()]
    $Credential

)

    begin{
    
        $Parm += @{ComputerName = $ServerName;Credential = $Credential}

        $query = @"
SELECT e.NAME
    ,CONVERT(varchar(max),CONVERT(varbinary(max),e.CONTENT)) as XML
    ,e.DESCRIPTION
    ,s.NAME as DOMAIN

FROM BASIC_METADATA e WITH(NOLOCK) 

INNER JOIN IDENTITY_MAP s

ON s.DOMAIN_ID=e.DOMAIN_ID

WHERE e.TYPE = 'PolicyOverride' AND E.DELETED = 1 AND s.TYPE = 'SemDomain'"@

        $connectionString = "Server=LocalHost;Database=sem5;Trusted_Connection=True;"

    }

Process{}

    End{

        $table = Invoke-Command -HideComputerName @Parm -ArgumentList $Query,$connectionString{
    
            param($query,$connectionString)

            if (!($connection)){

                $connection = New-Object System.Data.SqlClient.SqlConnection

            }

            $connection.ConnectionString = $connectionString
            $connection.Open()


            $command = $connection.CreateCommand()
            $command.CommandText = $query

            $result = $command.ExecuteReader()

            $table = New-Object “System.Data.DataTable”
            $table.Load($result) 
            $connection.Close()

            $table

        }

        foreach ($item in $table){

            ([xml]($item.XML)).PolicyOverride.OverrideItem.SecurityRiskOverride | ForEach-Object {

                if ($PSItem.InnerXML -eq $null) { return }                                

                New-Object PSObject -Property @{

                    Domain = $item.DOMAIN
                    Name = $item.Name
                    ExclusionType = ($PSItem.innerxml -split "" -replace "<")[0]
                    XML = $PSItem.InnerXML
                    Path = $PSItem.DirectoryOverride.DirectoryPath,$PSItem.FileOverride.FilePath -join $null
                    ExcludeSubDirectories = $PSItem.DirectoryOverride.ExcludeSubDirectories,$PSItem.FilePath -join $null
                    Prefix = $PSItem.DirectoryOverride.PrefixVariable
                    ScanType = ( $PSItem.FileOverride.ProtectionTechnology.ScanType,$PSItem.DirectoryOverride.ScanType,$PSItem.Extension.ScanType | Where-Object {$_ -ne $null} ) -join ","                    
                    Extension = $PSItem.InnerText

                } | %{ $PSItem.PSObject.TypeNames.Insert(0,"SEP.Exclusion");$PSItem } 

            }

        }




    }


<#
.SYNOPSIS

Queries a Symantec Endpoint Protection Manager for exceptions.
.DESCRIPTION

Queries a Symantec Endpoint Protection Manager for exceptions. To format output, you can update formatdata for "SEP.Exclusion"
.PARAMETER ServerName

The name of the SEPM you want to query.
.PARAMETER filePath

A credential object with credentials with both remote access to the server and read access to the SEP database
.EXAMPLE


Get-SEPMExclusions <your sepm hostname> -Credential <credential object>

Connect with a credential object.
.EXAMPLE


Get-SEPMExclusions <your sepm hostname>

Connect with prompt for credentials.
#>


}

Just the SQL query:

SELECT e.NAME
    ,CONVERT(varchar(max),CONVERT(varbinary(max),e.CONTENT)) as XML
    ,e.DESCRIPTION
    ,s.NAME as DOMAIN

FROM BASIC_METADATA e WITH(NOLOCK) 

INNER JOIN IDENTITY_MAP s

ON s.DOMAIN_ID=e.DOMAIN_ID

WHERE e.TYPE = 'PolicyOverride' AND E.DELETED = 1 AND s.TYPE = 'SemDomain'

Blog Feature Image: 

ISTR image for VIP blog.jpg

As threats continue to rise and attackers implement increasingly clever methods for stealing data, you need a trusted security plan for your consumer-facing applications, especially if sensitive information, such as banking, payment, or healthcare data, is involved. Your customers trust you to protect their information which makes it critical to apply strong levels of security to your website and mobile apps.

But how do you implement this type of security so it’s cost-effective, easy to manage and use, and doesn’t negatively affect the customer experience? Symantec™ VIP (Validation and ID Protection) offers exactly that – strong authentication for all your apps on all devices that’s user-friendly, controls costs, and reduces IT complexity. This article describes five steps for building a strong layer of security into your business-to-consumer (B2C) web and mobile apps.

Step 1: Realize the Threats

Threats to your web and mobile applications are real and only relying on passwords is no longer sufficient. Hackers can easily uncover passwords, users forget them, and they often share their passwords with others. In fact, more than a third of U.S. consumers say they’ve given their online banking account passwords to someone else.[1]

Industries that store critical data are more likely to be targeted by cyber thieves so they need to take special precautions to ensure sensitive information is protected. The 2016 Symantec Internet Security Threat Report found that the finance, insurance, and real estate industries are the most highly targeted in spear-phishing attacks with an average of 4.1 attacks per organization (see Figure 1)[2]. In the face of challenges like these, you need secure and simple protection using two-factor authentication (2FA) technology such as Symantec VIP.

1 Figure: Top Industries Targeted in Spear-Phishing Attacks

Step 2: Secure the App

Start by securing the foundation − the app itself. Both web and mobile apps are vulnerable to a host of tactics that attackers employ to steal data including man-in-the-middle attack, account take over, password stolen, reverse engineering, malware, debugging, and more.

By integrating Symantec VIP’s back-end APIs and Credential Development Kit (CDK) into your web and mobile apps, you’ll have built-in security layers while still retaining your brand’s unique look and feel. Symantec VIP gives you the choice of broad authentication options – as easy as a one-tap push or a fingerprint – so you can select the option that works best for your organization and customers.

Step 3: Secure the Mobile Environment

The next step is getting visibility into the device environment and the threats surrounding your app. Symantec VIP invisibly collects anonymous data about threats on the devices where your app is running without compromising your customer’s privacy. Using Symantec VIP’s single console (see Figure 2), you can instantly understand how many of your apps are running on devices that are rooted, jailbroken, or exposed to malware. You can also change an app’s behavior, without redeploying it, by programming contingent actions beforehand and activating them later through a simple console interface.

Figure 2: User Symantec VIP's Mobile Apps Risk Detection console to view threat data on devices that are running your mobile apps.

Step 4: Secure the Transaction

High-risk transactions, such as money transfers, stock exchanges, or password resets, can be compromised through account takeovers or man-in-the-middle attacks. These types of attacks are frequent in online activities and can compromise sensitive information and result in financial losses for both your customers and your organization.

It’s critical to secure transactions with Symantec VIP’s risk analysis, which can trigger two-factor authentication based on user, device, and location factors. For instance, if a banking customer lives in California but their mobile device is suddenly located in New York and used to withdraw money, risk analysis can note the change in location and activate two-factor authentication to request additional verification for the transaction.

Step 5: Secure the Data

The final step is protecting valuable information from loss and theft with encryption and data loss prevention. While outside breaches are significant threats, unintentional actions by insiders can also result in sensitive information being shared on unprotected devices and applications. Consider the recent example of an insider breach at the FDIC that resulted in sensitive information for 44,000 individuals being unintentionally copied to a thumb drive by a former employee. In this case, the data was quickly recovered, but other organizations might not be so lucky. This where Symantec Data Loss Prevention, can play a key role in detecting data that’s left (or is in danger of leaving) your organization and Symantec encryption can ensure sensitive data is protected no matter where it’s located.

Next Steps: Secure Your Apps from Threats

Don’t wait until an attack occurs: take the next step and secure your consumer web and mobile applications with Symantec VIP. Get trusted security that your customers will love and that you can be confident will protect your web and mobile apps from threats.

Try Symantec VIP for free in your environment

Learn more about Symantec VIP

[1] Symantec 2016 Internet Security and Threat Report.
[2] Ibid.

I wanted to post this publicly in case others start seeing weird freezing issues when patching Acrobat Pro, maybe we can share information.  I've been patching the app now for almost a year and have only seen freezing issue on 2 machines, but it is very frustrating to troubleshoot as it freezes the whole machine.  It appears to be more of an Adobe issue than a Symantec issue, but it presents itself during the Symantec patch cycle.

First time I saw this was a few months ago my boss' computer was freezing every hour or so, to the point that task manager wouldn't launch and his only recourse was to power off his PC.   Because it seemed to be happening on a schedule, I thought immediately about patch and that I had sent out an Adobe Acrobat DC Pro and Reader bulletin that day.  I disabled the update, and his freezing stopped.

The rest of our production fleet upgraded the same patch via Patch Management without issue, so we wrote it off to a corrupted install and/or some specialized software that is running on his machine.  Reader had patched OK, it was Acrobat DC that was causing issues.

When I was able to get his machine in front of me, here are some troubleshooting steps I took on his machine 

- I logged in locally and left all other programs closed and ran the updater manually out of C:\Program Files\Altiris\Altiris Agent\Agents\SoftwareManagement\Software Delivery\{guid}\cache.  If you aren't familiar with this folder, it's where Symantec stores all software you push.  To easily find the updater - sort by most recent, if it tried recently, it should be one of the top.

- This replicated the freezing problem so I knew for sure it was the root of the issue

- User had tried uninstall of Acrobat, but it hadn't fixed the issue.  I forget at this point if it showed up under add/remove programs by the time I got the machine in my hands.

- I downloaded the Acrobat cleaner tool available here: http://labs.adobe.com/downloads/acrobatcleaner.html which reported it removed Acrobat.

- I then used CMS to repush our enterprise Acrobat installer, it finished without issue and installed the latest patch without issue.  He has since received the next few Acrobat DC patches without issue.

The next 2-3 months of Acrobat patches went by without anyone complaining about freezing, so we thought it was a one off issue on boss' machine.  That ended this week, when I was testing latest patches for July 2016, including the latest Acrobat and Reader DC patches, and my machine freezes up - I had to power off the machine to continue working.

- Tried running patch manually and confirmed it was Acrobat DC patch again causing the problem.  I also re-downloaded the Acrobat installer and confirmed same issue was happening (available from https://helpx.adobe.com/acrobat/kb/acrobat-dc-downloads.html ).  Running both installers without the silent switch confirmed that the installer had seen a previous install that failed or was hung.  I got various errors about previous installs, needing to rollback, etc.

- I tried uninstalling and using the Adobe cleaner tool that had solved the issue for my boss' computer, it reported it removed the program from installed apps list in Windows, but, unfortunately, this time the computer continued to freeze when trying to reinstall Acrobat DC.

- When I ran the installers with the silent switch off, I could see it hanging on copying "acroservicesupdater.exe" shortly before the computer froze.

- This adobe thread talks about replacing 2 C++ .dll files for somewhat similar issue, but unfortunately didn't work for me - maybe will help someone else though https://forums.adobe.com/thread/1812402

- Finally I found if I went to %temp% and sorted by most recent, I found a msi.log file that pointed to this file location as one of the last things the installer touched - C:\Windows\Installer\$PatchCache$\Managed\68AB67CA3301FFFF7706C0F070E41400\15.7.20033\acroservicesupdater.exe.  Took a chance and renamed this file to C:\Windows\Installer\$PatchCache$\Managed\68AB67CA3301FFFF7706C0F070E41400\15.7.20033\acroservicesupdaterOLD.exe and ran installer again and the acroservicesupdater.exe file regenerated and install worked, and Acrobat patched OK on next run.

If/when we see this issue again, I think the first thing I'll do is look at that msi.log file and see if renaming a file in the last referenced location helps.  I'd love to crowd source solutions if anyone else runs into this issue.

How confident are you with your current endpoint security? Do you know what’s happening on your endpoints? Are you troubled by numerous random alerts? If you are, you’re not alone because a recent ESG report shows that security staffs spend nearly 40% of their time firefighting. When you’re in a world with over 1.1 million new malware variants created on daily basis, it’s hard to get ahead of the problem. Not only is the amount of threats growing significantly, attack tactics have also become more sophisticated. Blocking threats is simply not enough. When attackers find their way through, you need to be ready to step up against those attacks.

Symantec introduces Intelligent Endpoint solution to empower you to stay ahead of advanced attacks. It blocks the majority of threats, known and unknown, with 99.99% accuracy before endpoint infection. And if anything ever slips past, it can rapidly detect anomalies and prioritize malicious events across endpoint, network and email, cutting through thousands of noises and allowing you to focus on what matters the most. You can then contain and remediate all instances of threats even from a complex attack in minutes. Meantime, it provides you with comprehensive visibility into your risk postures, so that you can make smarter security investment to strengthen vulnerabilities in your IT environment.

Don’t let random alerts hold you late in the office. Learn about the capabilities that a modern endpoint security solution should have. Please join us for an interactive discussion with IDC on August 4th about:

• How emerging security technologies are helping organizations defend against targeted attacks that use zero-days and evasion tactics to evade detection

• What technologies typically make up modern threat protection solutions and how they enable incident responders to quickly identify infected endpoints and determine the scope of an attack

• Why endpoint visibility must be combined with network, web, and messaging security solutions to create a security architecture that works cohesively to reduce the amount of time an attacker has on infected systems 

• How risk assessment plays a role in strengthening your security to preempt future attacks

Hi All,

Can some one help me, in one of our windows 2008 R2 Standard server infected by virus, for more detail refer the attachment.

Risk name: Heur.AdvML.S.C Security Risk

Scan type: DefWatch

SEP version we using 12.1.6 MP5

Thanks & Regards,

Mohan