Hi 

One of our customer wants to give UNC Path in storage Unit in Netbackup,in absolute path name as shown in below screen shot.

So after giving the UNC path for eg \\<server name>\<Folder name>  , when we ran the policy we got error as follows

Error reading Volume information.STS API failed. 
Status 2060013
no more entries.

He also share a TECH Note with us which i will also share in this forum , which ver helpful for Symantec Netbackup Users

http://www.symantec.com/business/support/index?page=content&id=TECH130506&actp=search&viewlocale=en_US

With nearly 12 million customers paying their bills each month, having 24x7 availability of its billing systems is paramount for Hubei Unicom. To ensure these systems are highly available, Hubei Unicom turned to a number of storage solutions from Symantec. Results include 60% improvement in I/O performance for Oracle database, 24-fold faster failover for application and Web servers, CN¥8 million (US$1,286,000) in hardware costs avoided with active-active mirroring of cluster volumes to DR site, CN¥1.5 million (US$241,000) saved by using open-source software for virtual environment, CN¥400,000 (US$64,300) projected savings when call center applications are clustered, and finally 100% payback on Symantec solutions. To learn more about Hubei Unicom’s implementation of Symantec storage products, check out this customer success story http://bit.ly/WtZVX6  

Last year, we talked about scams and spam circulating on Facebook in our whitepaper. Social networking scammers often reuse common lures to trick users, such as offering free products or additional features that are not available on their network of choice. What these scammers do differently is find new ways to get more eyeballs to view their specific links. Whether it is likejacking or even convincing users to paste code (an external JavaScript file) into the browser address bar, these scammers are relentless.

Just recently, we published a blog about the Facebook Black scam that has been spreading. While that scam continued to spread, we found two old lures being reused, and also two identical Google Chrome extensions being pushed onto the end user.
 

"Additional feature" lure

Users of social networks have often requested certain features and wondered whether they would ever be implemented on their favorite sites. One of the most commonly requested features across all social networks has been a way to see who has visited one's profile. This feature has never been available, yet this lure has been used in scams across many of the most popular social networks over the years.
 

Figure 1. Photo-tagging spam claiming additional feature
 

In fact, this lure—commonly found on social networks—is identical to the one used in the Facebook Black scam we posted about recently. Users are redirected through an iFrame on a Facebook page and then taken to a website where they are enticed to install a Google Chrome extension.
 

Figure 2. Browser extension claiming additional feature
 

Installing the extension does nothing—except present the user with a set of surveys to fill out in order to unlock the additional feature. The feature never gets unlocked. The only thing that happens is the scammers make money off of every survey completed successfully.
 

Figure 3. Scammer survey
 

"Get something free" lure

Let’s face it: people like free stuff. But free stuff on social networks is not really free. The newest products are the most valued by users and scammers know this. This is why they continue to reuse this lure.
 

Figure 4. Web page claiming to get something free
 

For instance, in February Sony announced their new video game console, PS4. It is not scheduled to arrive in stores until the year-end holiday season. However, that has not stopped scammers from attempting to trick users by offering a free PS4 test unit that they can keep.
 

Figure 5. Browser extension claiming to get something free
 

The Web page for this scam claims that users can get a voucher for a free PS4. In reality, there is no voucher. There is just a browser extension created by scammers.

When users install this browser extension, JavaScript files are downloaded onto the user's computers. These files then perform various actions in the user's Facebook account, like creating a Facebook page with an iFrame and posting a photo the user's friends are subsequently tagged in (see previous Figure 1). And this is how the scam spreads.
 

Protection

Symantec customers are protected against these types of attacks by our Web Attack: Fake Facebook Application 3 IPS signature.

Be cautious when you see offers for free products on social networks, especially products that are highly sought after. Also, if a feature is not currently available on a social network, chances are there is a reason that it is not available. Do not install browser extensions from unverified sources—even if they offer free products or access to an unavailable feature—and be especially suspicious of anything that is promoted aggressively on your social networks.

Google, for their part, removes malicious Chrome extensions as they find them and are improving their automated systems to help them detect items containing malware.

However, in the next post we provide instructions on how to remove these scammer browser extensions yourself, and how to clean up your Facebook timeline from all the spam left by scammers.

During recent weeks, I have seen different scams on Facebook attempt to convince users to install Google Chrome extensions. I have noticed some conversations taking place around the scams; people not sure how to get rid of the scammer photos or how to prevent the scams from spreading further. Some users have unfortunately  gone as far as creating new Facebook profiles for themselves. This is not necessary.

If you have been tricked by one of these scams, here is how you can clean up your browser and Facebook timeline:
 

Remove bad browser extensions

If you have installed the Chrome extension for Facebook Black, Profile Spy ("See Your Profile Viewers"), or Free PS4, you will need to uninstall it from your browser:

1. Open the Google Chrome browser.
    
2. Type chrome://extensions into the browser address bar.
    
   
    
3. Click the trash can icon to delete bad extensions
    
   
    
4. Click Remove at the confirmation dialog
    
   
    

The Google Chrome extension page can help you identify any bad extensions that you have installed. In this preceding example you can see both the "Get PS4" and "See Your Profile Viewers" extensions that have been installed.

To delete a bad browser extension, just click the trash can icon and confirm.
 

Remove unwanted Facebook pages

The preceding Chrome extensions may be responsible for creating Facebook pages using your profile. Now you should confirm whether or not scammer Facebook pages were created in your account and then remove them:

1. Click the gear icon at the top right corner of your Facebook profile and select the page you wish to modify.
    
   
    
2. Once the Facebook page has loaded, click Edit Page at the top.
    
3. Select Manage Permissions.
    
   
    
4. Click Permanently delete [NAME OF PAGE] at the bottom.
    
   
    
5. Click Delete to permanently remove the Facebook page.
    
   
    

As you can see in this preceding example, a randomly created Facebook page was found being used by scammers. You can prevent friends from being photo-tagged with scammer spam by permanently deleting these scammer Facebook pages.

After page deletion you should arrive back at your main Facebook profile.
 

Remove scammer posts from your Facebook timeline

In order to keep the scam in circulation, the previously mentioned Chrome extensions have downloaded JavaScript files. These files were responsible for performing scammer activity, including tagging your friends in photos to promote the scam in news feeds.

The last step is to remove the photos the scam extension has posted on your behalf and get a clean Facebook timeline:

1. Go to your profile timeline.
    
2. Scroll through your timeline to check for photos published by the scam.
    
3. Hover over the timeline story item and click the pencil icon.
    
4. Select Delete Photo.
    
   
    

Deleting the photos left by scammers on your timeline helps stop promotion of the scam.

However, in another scenario, you may be the one who is tagged by a scammer photo in a timeline. In that case, you should report the scam to Facebook:

1. Hover over the timeline story item and click the pencil icon.
    
2. Select Report/Remove Tag.
    
   
    
3. Check I want to untag myself and I want this photo removed from Facebook and select It’s spam.
    
   
    
4. Click Continue to confirm.
    

And now that you have removed bad extensions from your browser, cleaned up your Facebook profile timeline, and reported scammer spam, point your friends to this blog post so that they can clean up their own browsers and Facebook timelines.
 

Don't forget to stay vigilant

These clean-up instructions will help you remove scams circulating on Facebook that involve Google Chrome extensions. But, as mentioned before, scammers are relentless; they are likely to change their tactics again and again. Proceed with caution on social networks and avoid installing any browser extensions in exchange for free products or special features.

Symantec customers are protected against these types of attacks by our Web Attack: Fake Facebook Application 3 IPS signature.

Is it naïve of us to think we can ever be perfectly secure? Whether it’s physically or digitally there is always a risk that something bad is going to happen. To protect ourselves physically we install alarms, locks, buy safe cars, have automatic lights, cameras, firearms, etc. These don’t eliminate risks but give us a reasonable sense of safety and we go about our normal daily business. For digital security we install endpoint protection, anti-spam, anti-malware, firewalls, IDS, IDP, and DLP, etc. and go about our normal daily business.

But what happens when these controls fail and we are attacked or injured? For our physical side we have police, fire, ambulatory services, hospitals and doctors that are there to help us after the incident. We buy health, life, and disability insurance, we pre-prepare for what happens post incident. We create an entire support system to back us up.

For our digital side shouldn’t we do the same? Yes, there are public organizations and pay for organizations available for us to get notifications and assistance on a large scale, like US-CERT, FBI, NSA, FS-ISAC etc. but these are either notification or criminal reactionary. For other incidents we should have a type of “insurance” that provides us with the “health care” professionals we need in the event of a digital incident. A team people experts that can assist with triaging and remediating both during and post incident.

I think we can all agree that we do a better job protecting our physical security than our digital security. If so, don’t we need stronger incident response protection for our digital life?

Getting the right endpoint management solution in place is analogous to architecting and erecting a building. So where do you start?

Read this interesting article by Patrick Spencer in the latest issue of CIODigest http://bit.ly/10xDpJq

User Facing: Desktop

• Added a Workflow tab that authors can use to move their submissions through Connect's workflow states. This new feature also gives authors and Community Managers the ability to attach notes to each step of a submission's workflow. See the attached workflow image for an example.
• Enhanced navigation in the forum area of the site by adding dropdown capability to the forum name in the main navigation. Hovering over the forum name now presents the user with links to the other forums in the current community.
• Added a facet to the search results page that allows you to filter your search results by language.
• Hyperlinked the community names in the main navigation so users can more quickly navigate to a target community's overview page.
• Added new drop down filters to Video list pages to help users find videos based on their category; e.g. Demo, How-to, Overview.
• Added code that hides the machine translation UI options (on Articles) when we detect that the machine translation service is down and/or not responding.
• Improved Badgeville integration code to detect Connect users who are registered with the Badgeville system and to give those users the ability to select and display earned badges.
• Added the ability to submit Known Issues in languages other than English.
• Modified the timestamp format on Security Response blogs to align with their requirements.
• Fixed an issue that was causing Internet Explorer to display security warnings on certain pages.
• Fixed a problem (expired client SSL certificate) with the VeriSign VIP developer download program.

Admin Facing

• Added the ability for admins to bypass (for minor revisions) the code that automatically sets the "updated" timestamp. The new code lets admins update a submission (fix typos, for example) without changing the updated date.

SUNY’s Upstate Medical University is both a medical center and education institution. With a goal to improve its community through education, patient care, and research, the medical center’s 8,900 employees rely on an electronic medical record (EMR) system that helps manage and streamline patient records. With an EMR system in place, a solution that helps maintain an extremely high level of availability is imperative. To facilitate this, SUNY Upstate Medical University turned to Symantec. In the 16 months since deploying the high availability solution from Symantec, SUNY reports 99.9994% availability. Additional results include performing automated failover in less than one minute, reducing time to detect failure of a host system by up to 95 percent, and reducing time to apply operating system patches by up to 92 percent. To read more about how Symantec’s high availability solutions are helping SUNY Upstate Medical University, check out this customer success story: http://bit.ly/X7vJP6   

シマンテックは昨年、Facebook で流行している詐欺とスパムについてのホワイトペーパー（英語）を公開しました。ソーシャルネットワーク詐欺では、ユーザーを欺くために、使い古されたワナが再利用されることも少なくありません。無料商品の広告や、ソーシャルネットワークにまだ実装されていない機能の追加などが定番ですが、違う点は、特定のリンクに注目を集める新しい方法が使われていることです。「いいね」機能の悪用でも、ユーザーを誘導してブラウザのアドレスバーにコード（外部の JavaScript ファイル）を貼り付けさせる手口でも、詐欺師は執拗です。

ごく最近も、Facebook Black 詐欺の拡散についてこのブログでご報告したばかりです。この詐欺の拡散が続くなか、シマンテックは古いワナが 2 つ再利用されていることを確認しました。また、エンドユーザーにインストールを促す 2 つの Google Chrome 拡張機能が同一であることも判明しています。
 

「追加機能」のワナ

ソーシャルネットワークのユーザーは、新規機能の追加を要求することが多く、お気に入りのサイトに機能が実装されるかどうかを気にします。さまざまなソーシャルネットワークで特に要求の多かった機能のひとつに、自分のプロフィールにアクセスした人を知る方法があります。そういった機能が実装されていない場合も多く、それだけに、人気のあるソーシャルネットワークではこれまでに何度も詐欺に利用されています。
 

図 1.機能の追加を謳う、写真タグ付けスパム
 

実際、このワナはソーシャルネットワークで頻繁に見かけるもので、先日お伝えした Facebook Black 詐欺で使われたものと同一です。ユーザーは Facebook ページ上の iFrame を介してリダイレクトされ、Google Chrome の拡張機能をインストールするよう促す Web サイトに誘導されます。
 

図 2.新機能を追加すると称するブラウザの拡張機能
 

この拡張機能をインストールしても何も起こりません。新機能を使えるようにするためにはアンケートに答えるよう促すフォームが表示されるだけで、回答しても、その機能が使えるようになることはありません。アンケートの回答があるたびに、詐欺師の手元に儲けが転がり込むだけです。
 

図 3.詐欺アンケート
 

「無料提供」のワナ

本音を言えば、誰しも「無料」には弱いものですが、ソーシャルネットワークで見かける「無料提供」が実際に無料だったためしはありません。ユーザーが欲しがるのは、きまって最新の商品であり、詐欺師もそれをよく知っています。古いワナが何度でも再利用される理由も、まさにここにあります。
 

図 4. 無料で商品を提供すると称する Web ページ
 

たとえば、ソニー社が 2 月に新型ゲーム機「PS4」を発表しました。PS4 が店頭に並ぶのは早くとも今年の年末商戦ですが、詐欺師はすかさず、PS4 のテストに参加すればテスト機をそのまま無料で提供するという煽りでユーザーを欺こうとしています。
 

図 5. 無料で商品を獲得できると称するブラウザ拡張機能
 

この詐欺の Web ページでは、PS4 を無料で手に入れるためのクーポン券をもらえると宣伝されています。そんなクーポン券はもちろん存在せず、詐欺師が作成したブラウザ拡張機能があるだけです。

この拡張機能をインストールすると、JavaScript ファイルがユーザーのコンピュータにダウンロードされます。複数の JavaScript ファイルによって、ユーザーの Facebook アカウントでさまざま操作が実行されてしまいます。iFrame を使った Facebook ページを作成したり、写真を投稿してユーザーの友達をタグ付けしたり（最初に挙げた図 1）といった手口です。こうして、この詐欺は拡散していきます。
 

保護対策

シマンテック製品をお使いのお客様は、IPS シグネチャ Web Attack: Fake Facebook Application 3によってこの手の攻撃から保護されています。

ソーシャルネットワークで無料を謳う商品を見かけたら、特にそれが人気の高い商品であるほど、十分に注意してください。ソーシャルネットワークで現在利用できない機能があるとしたら、利用できないそれなりの理由があるのです。発行元が検証されていないブラウザ拡張機能はインストールしないようにしてください。無料商品の提供や、未実装の機能の追加を謳ったりしている場合は言うまでもなく、ソーシャルネットワークで盛んに宣伝されている場合には特に疑ってかかりましょう。

Google 社でも、悪質な Chrome 拡張機能は見つけしだい削除しており、マルウェアを含んだ項目を検出する自動システムの改良にも取り組んでいます。

次回のブログでは、こういった詐欺に関連したブラウザ拡張機能を削除する方法について説明し、Facebook のタイムラインから詐欺師の残したスパムをすべて削除する方法について解説します。

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

この数週間に、Google Chrome の拡張機能をインストールするようユーザーを誘う詐欺が Facebook 上でいくつも確認されています。このような詐欺は、あちこちで話題になっているようですが、詐欺師の投稿した写真を削除する方法や、詐欺の拡散を食い止める方法は知られていません。なかには、あきらめて Facebook プロフィールを作り直してしまうユーザーもいますが、そこまでする必要はありません。

万一こうした詐欺に引っかかってしまった場合のために、ブラウザと Facebook のタイムラインを正常な状態に戻す方法をご紹介しておきます。
 

不正なブラウザ拡張機能を削除する

Facebook Blackやプロフィールスパイ（「See Your Profile Viewers（プロフィールを表示した人がわかる）」という名前です）、「無料 PS4」といった Chrome 拡張機能をインストールしてしまった場合には、ブラウザからアンインストールする必要があります。

1. Google Chrome を開きます。
    
2. ブラウザのアドレスバーに「chrome://extensions」と入力します。
    
   
    
3. ごみ箱アイコンをクリックして不正な拡張機能を削除します。
    
   
    
4. 確認ダイアログボックスで［削除］をクリックします。
    
   
    

Google Chrome の［拡張機能］ページを見れば、インストールされている不正な拡張機能を判別できます。上図の例では、「Get PS4」と「See Your Profile Viewers」という拡張機能がインストールされていることがわかります。

不正な拡張機能を削除するには、ごみ箱アイコンをクリックして確定するだけです。
 

不要な Facebook ページを削除する

問題の Chrome 拡張機能は、ユーザーのプロフィールを使って Facebook ページを作成する場合があります。詐欺 Facebook ページが自分のアカウントで作成されたものかどうかを確認し、削除する必要があります。

1. 自分の Facebook プロフィールで、右上の歯車アイコンをクリックし、変更したいページを選択します。
    
   
    
2. Facebook ページが表示されたら、一番上の［Facebook ページを編集］をクリックします。
    
3. ［権限の管理］を選択します。
    
   
    
4. 一番下の［（ページ名）を完全に削除する］をクリックします。
    
   
    
5. ［削除］をクリックして Facebook ページを完全に削除します。
    
   
    

上の例でもわかるように、ランダムに作成された Facebook ページが詐欺師によって使われていることが確認されています。詐欺 Facebook ページを完全に削除してしまえば、友達を詐欺師によってタグ付けされるのを防ぐことができます。

ページを削除すると、メインの Facebook プロフィールに戻ります。
 

詐欺師による投稿を Facebook タイムラインから削除する

詐欺の拡散を続けるために、問題の Chrome 拡張機能は JavaScript ファイルをダウンロードしています。これらのファイルが、友達を写真にタグ付けしてニュースフィードで広めるなど、詐欺師の活動の実行に関与しています。

最後の手順では、不正な拡張機能によってなりすまし投稿された写真を削除して、Facebook のタイムラインを正常な状態に戻します。

1. 自分のプロフィールのタイムラインに移動します。
    
2. タイムラインを下にスクロールして、詐欺師が投稿した写真がないか確認します。
    
3. 該当するタイムラインの記事で、鉛筆アイコンをクリックします。
    
4. ［写真を削除］を選択します。
    
   
    

詐欺師によって投稿された写真をタイムライン上で削除すると、詐欺の拡散防止につながります。

ところで、タイムライン上に詐欺師が投稿した写真に、自分がタグ付けされている場合もあります。その場合は、詐欺として Facebook に報告してください。

1. 該当するタイムラインの記事で、鉛筆アイコンをクリックします。
    
2. ［タグを報告または削除］を選択します。
    
   
    
3. ［タグの削除を希望します］と［Facebookからの削除を希望します］のチェックボックスにチェックマークを付け、［スパムです］を選択します。
    
   
    
4. ［続行］をクリックして確定します。
    

以上の手順で、ブラウザから不正な拡張機能を削除し、Facebook プロフィールのタイムラインを正常な状態に戻して、詐欺師による投稿をスパムとして報告できましたので、友達も同じようにブラウザと Facebook タイムラインを掃除できるように、このブログのことを教えてあげてください。
 

今後も油断は禁物

以上の正常化の手順は、Google Chrome 拡張機能を悪用して Facebook 上で拡散している詐欺の削除に有効です。しかし、前回も指摘したように、詐欺師は執拗です。手を変え品を変え、同様の行為は続くことでしょう。ソーシャルネットワークでは今後も注意を怠らず、無料商品や特別機能につられてブラウザ拡張機能をインストールすることのないようにしてください。

シマンテック製品をお使いのお客様は、IPS シグネチャ Web Attack: Fake Facebook Application 3によってこの手の攻撃から保護されています。

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

Le Cyber Readiness Challenge s’est déroulé à Paris le 27 mars dernier au Palais Maillot. L'évènement a été un succés et nous espèrons que vous vous êtes autant amusés, informés sur cet évènement que nous avons eu de plaisir à le préparer.

Félicitations aux vainqueurs de ce 1er Cyber Readiness Challenge à Paris

1er  - MrTchuss avec 6,275 pts

2ème - olivier avec 6,150 pts

3ème - newsoft avec 5900 pts

La compétition a été extrêment serrée et le podium n'a été établi que dans les dernières secondes du jeu.

La session générale nous a permi d'aborder les thèmes suivants:

Cyber-attaques : actualité et tendances par Laurent Heslault, Security Stratégist chez Symantec

Stratégie de réponse à une cyberattaque par Marc Ayadi, Associé IT Advisory chez Deloitte

Les 5 phases d'une cyber attaque par Hervé Doreau, Reponsable des offres sécurité chez Symantec.

Les présentations sont attachées à cet article.

Pour les 5 phases d'une cyber-attaque, vous pouvez retrouver les articles et présentations correspondants sur les liens suivants:

Les cinq phases d’une attaque

La reconnaissance

L’incursion

La découverte

La capture

L’exfiltration

Parole à la défense

La présentation correspondante est ici.

Puis la session générale s'est poursuivie avec deux tables rondes sur les thèmes suivants:

• Supervision pour une Cyber Vision où les participants ont débattu sur le périmètre et les besoins en terme de supervision de la sécurité des systèmes d'information, des avantages ou des risques liés à l'internalisation ou l'externalisation de cette supevsion
• Hardening de systèmes ou comment diminuer vos cyber risques où les participants ont discuté de leur définition des systèmes critiques, des risques associés et des solution pour apporter une protection effective.

L'ensemble des vidéos diffusées pendant le jeu est disponible sur www.symantec.tv

Nous espérons de nouveau que cet évènement vous a plu et nous vous donnons rendez vous sur les prochains évènements Symantec.

The increased use in the workplace of user-owned devices such as smartphones and tablets, often referred to as bring your own device (BYOD), provides businesses with significant productivity and cost benefits. However, it also presents a number of complex challenges related to security.

Due to the rise of smart media devices like smartphones, tablets and ultrabooks, it is estimated that potentially, as many as 30-35%* of endpoints connected to a company’s network could be unmanaged. These are more at risk than managed endpoints which are typically subject to software patching and endpoint security policies.

Of course unmanaged endpoints are still protected by your perimeter security, such as secure web gateways. However, these have typically evolved from caching proxies and URL filters. What you need is an additional layer of security that provides the best possible levels of protection for unmanaged endpoints.

Symantec Web Gateway (SWG) will unobtrusively co-exist alongside existing web proxies and block zero-day threats in real-time using technologies such as Symantec Insight. It will also monitor outbound traffic for signs of infected endpoint devices, helping you to identify and quickly remediate security events.

If you have SPS EE you already have a license to deploy SWG. See the guide here: http://www.symantec.com/business/support/index?page=content&id=DOC6298&key=57894&actp=LIST 

* Kevin Bailey, Research Director, European Security Software - Market Analysis & Strategies, IDC

Hillsborough County Public Schools, located in Southwestern Florida, is one of the largest school districts in America, covering a total area roughly the size of Rhode Island. Over the last 10 years, the school district saw not only an influx in students, but also in the use of technology in schools. With over 267 school sites and more than 85,000 endpoints, it became imperative to select a solution that was not only simplified but also centrally managed. To resolve this issue, Sharon Zulli and the IT department, selected a variety of solutions from Symantec. As a result all 85,000 endpoints are secure and can be remotely managed for convenience to faculty and staff. Risk posture was improved, but most of all management was simplified with automatic updates that deploy quickly and efficiently. To learn more about how Symantec solutions helps simplify endpoint management and security, check out this CIO Digest article http://bit.ly/11ovaPr

Over the years I have talked to literally hundreds of customers about their backup needs. Besides reliability and performance, a key requirement is around flexibility of deployment. Customers don’t want to be locked in. They want the flexibility to choose whatever platform best fits their environment, budget and SLAs. One of the key advantages of Symantec NetBackup is our heterogeneous platform approach. With that said, customers also don’t want to be their own system integrator so it is up to us as vendors to work together to ensure interoperability and support. With that, I am pleased to say that for customers who have standardized on the popular Cisco Unified Computing System (UCS) platform can officially deploy NetBackup with confidence as the first and only backup vendor to achieve Cisco’s official Interoperability Verification Testing (IVT) certification.  Extended further, thanks to the hard work done over the years by Symantec, Cisco and VMware – with the help of partners like NetApp and Datalink – NetBackup has pushed VADP to the limit and proven interoperability and optimized performance with the NetApp Flexpod platform. The environment leveraged the NetBackup 5220 appliance, VMware vSphere 5, Cisco UCS 6248 and the NetApp FAS & V-Series storage and yielded some phenomenal results that included the ability to: 

• Protect up to 4,800 virtual machines in a single backup system
• Backup streaming throughput of 4.8 TB/hour
• Achieve up to 50x reduction in backup storage

The details of which were presented at a breakout at VMworld in August of 2012 and can be seen in this webcast.

For organizations that have chosen the VCE Vblock 700 platform, NetBackup is one of the few backup vendors to have achieved certification there as well. And for customers leveraging SAP HANA for Big Data, the SAP Integration and Certification Center (SAP ICC) has certified that NetBackup integrates with SAP HANA as a third-party backup solution, allowing customers to directly connect their backup agents to the SAP HANA database.

Seeing a common theme here? The above proof points helps to further validate NetBackup’s popularity and reach across the leading reference architecture platforms and is the reason that more organizations have chosen NetBackup as their backup platform of choice.  So backup with confidence. That is if you are using NetBackup.

Related Links:

• Cisco UCS Software Interoperability
• VCE Vblock Ready Certification
• SAP Integration and Certification Center (SAP ICC)

A recording of this webcast is now available here: http://bit.ly/10xFJQP

Learn how to implement a successful Self-Service strategy that benefits both end-users and IT while fulfilling end-user expectations for IT Service Delivery.

Agenda:

•  Evolution of Self-Service automation
•  Key factors for a successful Self-Service strategy
• SymantecTM and BiomniTM Self-Service solutions

Presenters:

•  Jason Short – ServiceDesk Product Mgr.
• Adrian Sakashita – Front Office for Symantec Product Mgr.

I found an old thread titled "The Java Virtual Machine has exited with a code of -1, the service is being stopped." but it was closed and locked.  So I'm posting this new info.

Using SEP 12.1.2015.2015 on XP x32 and 7 x64 clients; SEPM server is running 2008 R2 standard x64; and logging to an external SQL 2012 server.

This morning I found that my SEP clients and server had no green dot, and that I could not launch my local Java SEPM console.  The SEPM console would error with "The application failed to launch" or "Failed to connect to server".  Checked the server services and found the Symantec Endpoint Protection Manager service was stopped.  I started it, but about a minute later it would stop and the Application Event Log said "The Java Virtual Machine has exited with a code of -1, the service is being stopped" with a source of "semsrv", Event ID "4096".  Starting the service again and reboots of the server did not help.

The issue was: the SQL log files were full.

The resolution: I had my SQL Administrator truncate the SQL logs for SEP and expand them.  After that, the service started and kept running OK.

Regards, Tom.

How to enable Windows firewall setting in Windows 7 machine.

Problem:

SEP Client disabled Windows 7 firewall setting and showing error (This Setting are being managed by vendor application Symantec endpoint protection).

Solution:

How to restore windows firewall setting without uninstall NTP feature and Withdraw FW policy.

1) Open SEPM console.

2) SEPM Clients Group->Policies->Tasks->Edit Policy.

3) Create Non-Shared Policy From Copy -> Windows Integration

4) Change this Setting Disable Once Only to Restore if Disabled.

5) Ok and apply policy group.

6) You can be able to change windows firewall setting policy.

Shylock (a.k.a. The Merchant of Malice) is one of the most sophisticated banking Trojan horse programs presently occupying the financial fraud threat landscape. From its humble beginnings in 2011, it has seen increased infections in the United Kingdom, Italy, and the United States. This is consistent with the increased number of targeted financial institutions over that time period. Shylock is currently targeting over 60 financial institutions with the majority of them operating in the United Kingdom.

The main purpose of Shylock is to perform a man-in-the-browser (MITB) attack against a configured list of target organization websites. The attack is used to steal user credentials and apply social engineering tactics in order to convince the user to perform fraudulent transactions at the target institution.

Additional modules
Recently, Shylock has begun downloading and executing complementary modules in order to beef up its functionality. The following modules have been developed and are being downloaded by the threat.

• Archiver (compresses recorded video files before uploading them to remote servers)
• BackSocks (enables the compromised computer to act as a proxy server)
• DiskSpread (enables Shylock to spread over attached, non-fixed, drives)
• Ftpgrabber (enables the collection of saved passwords from a variety of applications)
• MsgSpread (enables Shylock to spread through Skype instant messages)
• VNC (provides the attacker with a remote desktop connection to the compromised computer)

Infrastructure
The Trojan employs a robust infrastructure that allows for redundancy and load-balancing during periods of high traffic, whereby servers will redirect compromised computers to another server depending on the number of incoming connections.

The first level of servers belonging to this threat has been identified and can be categorized into the following three groups:

1. Central command-and-control (C&C) servers (responsible for botnet control and maintenance)
2. VNC and Backsocks servers (enable remote control during transactions)
3. JavaScript servers (allow remote Webinjects during MITB attacks)

Figure 1. Groups of servers utilized in Shylock’s infrastructure

These are proxy servers that are used to control the main component. The main purpose of these servers is to maintain the Shylock infection base by providing the following updated configuration files and modules to compromised computers:

• Binary files
• A hijackcfg module
• A httpinject module

When a compromised computer performs one of the new, additional modules, it sends a report log to the C&C server. These logs are then redirected to the appropriate server using encrypted communication—the servers act as a secure socket layer (SSL) to each other. The servers use the following protocols when communicating with each other:

• SSH is fingerprinted as ''Debian 6'' (''OpenSSH 5.5p1 Debian 6+squeeze1 (protocol 2.0)'')
• HTTPS response includes ''CentOS'' (''Server: Apache/2.2.15 (CentOS)'')

Five central C&C servers are currently controlling the Shylock botnet. These servers are situated in Germany and the United States at various hosting providers.

Evidence of a strain migration
At first, Shylock was specifically targeting computers located in the United Kingdom but it is now spreading to other countries. Also, as some financial institutions become less desirable as targets, either due to increased security measures or a lack of high-value business accounts, Shylock is refocusing its attacks on those offering potentially larger returns.

Figure 2. Computers infected with Shylock between 2011 and 2013

Figure 3. Targeted sectors

We expect to see new iterations of this threat in the wild and are continuing to monitor the threat landscape.

Symantec Protection

• Trojan.Shylock
• Trojan.Shylock!gen1
• Trojan.Shylock!gen2
• Trojan.Shylock!gen3
• Trojan.Shylock.B
• Trojan.Shylock.B!gen1
• Trojan.Shylock.B!gen2

As always, we recommend that you follow best security practices and ensure that you have the most up-to-date software patches in place, and that you use the latest Symantec technologies and virus definitions to ensure that you have the best protection against threats.