There are many, many, many arguments around upgrading Enterprise Vault or not. In fact the same is true of any application or Operating System.  I am a fan of upgrading quite soon after a release of a new version or service pack. There are numerous benefits.

Of course I would always suggest that you do adequate testing in your own lab environment first - and yes, it's hard to get a lab environment which matches your production in environment in terms of scale, and throughput. I wrote an article about why you should have a lab, take a look here. One of the key reasons for upgrading though is all those 'little' fixes that help clean up your Enterprise Vault event logs.  Issues like the one described in this technote:

Hello!

The Symantec System Recovery and Experience Design team is inviting you to get involved in shaping the product.

The purpose of this study is to gain insights from our customers and partners, and get their feedback on the creation of System Recovery Disk (SRD) in their environments. We are looking for customers who have experience using 2013, 2011 versions of SSR or customers of Norton Ghost.

Here are the details of the study

• During the remote 90 minute session, you would walk through few tasks using a build offering your feedback along the way
• You will interact with the team designing the product
• As thanks for participation, we will offer you a $110 gift card redeemable at a host of online vendors.  Please inform in advance if this is not permissible by your company policy.

To participate, you need

• A willingness to share your constructive feedback
• A telephone and an internet connection
• To fill out a Usability Agreement for informed consent and non-disclosure purposes since we will be sharing confidential ideas that are still in design

If you are interested in participating in a usability session, please check out the session dates I have for you:

https://www.timetrade.com/book/MPZPL

If you have any questions about this, feel free to leave a comment here or send me an email directly at Muzayun_Mukhtar@symantec.com.

Regards,

Muzayun

Hi everyone,

I've recently fixed a simple problem and I would like to share it with you.

We have one huge package on the notification server which recently started to time out before update distribution points finished.

The solution is simple!

You need to increase the http timeout, which is by default set to 10 minutes.

Locate C:\Program Files\Altiris\Notification Server\Web\web.config and find a line which contains "httpRuntime executionTimeout". Change the value from 600 (in seconds) to something larger like 900.

Restart the Symantec and IIS services or just simply reboot and voila :)

This worked for me.

This is a great venue to stir the imagination but the hills of San Francisco take a toll.  I was listening to the lunch session yesterday from the Hang Space.  One of the speakers said something to the effect of “as an IT guy, when you buy your first Tesla, it’s really a transforming experience.”  He…when you buy your first Tesla.  But what he was talking about was pretty interesting point.  In a Tesla, apparently, you are sitting on top of a whole bunch of laptop batteries.  The dashboard is a huge, web enabled LCD monitor.  Music is provided by whatever Internet radio stations you want.  You almost become Tron when you drive it.

But it also got me thinking about a conversation I had earlier in the day with a Network Admin about Trust.  With a car like the Tesla, there are fewer mechanical parts than we are used to with a traditional combustion engine driven car.  A lot of what is happening is esoteric interaction among computerized parts. 

When I was speaking with…we’ll call him Steve…about his job, he related a story about how his data center had been fractured by a lack of trust among the different departments who had equipment in there.  It took two years for the departments to really coalesce into a unit that trusted each other and worked together for the greater good.  His next task was to build that with the team at his company’s other data center at their suburban location.

If it’s that hard to trust the people you work with every day, what does it take to have that kind of trust in your data center and applications?  That question has really stuck in my head this week.  Do you trust what you have in place to secure your data?  Does upper management trust you to keep the company in compliance with state and federal laws regarding your records?  Do you trust that, should you need to failover to your DR site, your data will be there and you won’t skip a beat?

Symantec is the only company at VMWorld who offers solutions that run the full gamut of protection for the Software Defined Data Center.

• Security
• Compliance
• Business Continuity

We’ve got to earn your trust and then we have to keep it.  Nobody want’s to be in that “hold onto your butts” moment and watch nothing happen when you flip the switch.  Check us out on @Symantec and see what we can do to put your mind at ease.

(Reuters) - The Obama administration has delayed a step crucial to the launch of the new healthcare law, the signing of final agreements with insurance plans to be sold on federal health insurance exchanges starting October 1.

The U.S. Department of Health and Human Services (HHS) notified insurance companies on Tuesday that it would not sign final agreements with the plans between September 5 and 9, as originally anticipated, but would wait until mid-September instead, according to insurance industry sources.

Nevertheless, Joanne Peters, a spokeswoman for HHS, said the department remains "on track to open" the marketplaces on time on October 1.

The reason for the hold-up was unclear. Sources attributed it to technology problems involving the display of insurance products within the federal information technology system.

Peters said only that the government was responding to "feedback" from the companies, "providing additional flexibility and time to handle technical requests."

Coming at a time when state and federal officials are still working to overcome challenges to the information technology systems necessary to make the exchanges work, some experts say that even a small delay could jeopardize the start of the six-month open enrollment period.

U.S. officials have said repeatedly that the marketplaces, which are the centerpiece of President Barack Obama's signature healthcare reform law, would begin on time.

But the October 1 deadline has already begun to falter at the state level, with Oregon announcing plans to scale back the launch of its own marketplace and California saying it would consider a similar move.

Tuesday's notification by the Centers for Medicare and Medicaid Services, the HHS agency spearheading marketplace development, affects insurance plans that would be sold in federal exchanges that the administration is setting up in 34 of the 50 U.S. states. The remaining 16 states, including Oregon and California, are setting up their own marketplaces.

"It makes me wonder if open enrollment can start on October 1," said a former administration official who worked to implement Obama's healthcare reform.

"But having everything ready on October 1 is not a critical issue. What matters to people is January 1, which is when the coverage is supposed to start. If that were delayed, it would be a substantive setback."

Obama's Patient Protection and Affordable Care Act is expected to extend federally subsidized health coverage to an estimated 7 million uninsured Americans in 2014 through the marketplaces.

But insurance plans must be qualified to meet specific standards if they are to be sold on the exchanges. And each insurer must sign a contract with the federal government.

The new timetable for qualified plan agreements is the latest in a series of delays for Obamacare.

The most significant came in early July when the White House and the Treasury Department announced a one-year delay in a major Obamacare provision that would have required employers with at least 50 full-time workers to provide health insurance or pay a penalty beginning in 2014.

Legal and political opposition from Republicans and their conservative allies have already fragmented Obamacare's original vision.

Only about half the states have opted to expand Medicaid program for the poor to uninsured families living below the poverty level, and Republicans in Congress have denied nearly $1 billion in new implementation funding this year alone.

The Government Accountability Office cautioned in June that the law known as Obamacare could miss the October 1 enrollment deadline because of missed deadlines and delays in several areas including the certification of health plans for sale on the exchanges.

Another U.S. watchdog, the HHS Office of the Inspector General, warned earlier this month that the government was months behind testing data security for the federal data hub that represents the information technology backbone of the new marketplaces.

The state of Oregon has already scaled back the October 1 debut of its own healthcare exchange by preventing state residents from signing up for coverage on their own until mid-October. California said last week that it, too, would consider a soft launch of its exchange if tests show it is not ready to accommodate wide public access.

(This story was refiled to remove extraneous words in tenth paragraph)

(Editing by Fred Barbash, Michele Gershberg and Ken Wills)

http://www.reuters.com/article/2013/08/28/us-usa-h...

Internet data centers represent up to two percent of electricity in the U.S., and the internet is responsible for nearly ten percent of U.S. electricity use.

As part of our efforts to support industry-wide solutions to environmental sustainability, Symantec recently joined Business for Social Responsibility’s (BSR's) The Future of Internet Power initiative. This new leadership initiative includes the world’s leading IT companies such as Adobe, eBay, Facebook, HP, salesforce.com, and now Symantec, and will identify and publicize best practices around low-carbon power sourcing for data centers in the United States, as well as helping Internet companies work more effectively with key policymakers and utilities.

Today we are happy to feature Ryan Schuchard, Manager, Climate and Energy for BSR, sharing his recent article on the initiative. This article can also be found on BSR's website at http://www.bsr.org/en/our-insights/bsr-insight-article/the-future-of-internet-power.

The Future of Internet Power

Author: Ryan Schuchard, Manager, Climate and Energy, Business for Social Responsibility (BSR)

While the internet can provide us with sustainability solutions—such as by making greenhouse-gas management more intelligent—it is also a significant cause of carbon emissions and other impacts. As Stanford University researcher Jon Koomey noted at a recent forum hosted by Google, the internet is responsible for nearly 10 percent of U.S. electricity use.

Data centers contribute a major part of internet companies’ footprints (the other two contributors are end-user equipment and access networks)—representing 1 to 2 percent of total electricity use in the United States. As a result, data center sustainability has received a lot of attention in recent months and is a key area of interest among organized activists.

Today, data center operators are addressing their impacts by making serious investments in energy efficiency, especially in the areas of computing equipment and infrastructure. Beyond this, it is critical that internet companies address the source of electricity that powers data centers, which can multiply or undermine climate gains made through efficiency. This is because the mix of renewables, natural gas, and coal from a local grid determines the level of climate impact that results from generating a kilowatt-hour of electricity. And as data centers expand, operators are building sites in new locations where the electricity grid mix has a higher carbon footprint.

For that reason, more data center operators rightfully see the sourcing of sustainable, low-carbon electricity as a growing priority, and some leaders have started to take action. Facebook has developed a data center siting policy that states a preference for access to clean, renewable energy. Salesforce.com plans to encourage its data center energy providers to increase their supply of renewable energy.

In some cases, companies are already based in, or moving to, areas powered mostly by low-carbon sources such as hydropower and nuclear (e.g. large parts of the West Coast and New England). In other cases, companies are operating in areas with higher-carbon intensity, typically where coal is a major source (e.g. much of the South and Midwest). In these places, the opportunity for leadership is to promote the development of power sources that have lower climate impacts.

Yet leading companies have found that there are several hurdles in pursuing this in the United States:

1. Infrastructure requirements: While data centers can generate power on-site through solar, wind, and geothermal energy production, meeting a meaningful percentage of a facility’s energy demand usually requires generating power off-site. This means there will be a physical separation between power generation and use, and therefore, data center operators need to collaborate with those who manage electricity transmission and distribution, which are typically utilities.

2. Cost premiums: While renewable energy is already cost competitive in communities with sufficient natural wind and hydro resources, more carbon-intensive coal power is still cheaper in much of the country. For that reason, companies that want to choose low-carbon electricity in places where it isn’t already online will generally face additional costs.

3. Conditions and technicalities: For a company to make the most progress in advancing low-carbon power, its investments need to be additional (the power wouldn’t have been generated by a utility or developer anyway), accountable (it conforms to standard reporting), and scalable (it is easily capable of being expanded). Furthermore, for it to be seen as sustainable, it needs to minimize additional ecological impacts and avoid negative effects on communities. While many low-carbon energy initiatives have one or more of these traits, establishing them all is difficult.

4. Operational complexity: While taking on greater ownership of low-carbon energy sourcing can drive real results, the actual operation of power plants requires technical expertise and ongoing maintenance. This might be a fit for some companies, but others feel it is more economically efficient to focus on their core business and outsource management to others.

5. Regulatory environment: The ability to produce, transmit, distribute, and sell electric power is affected significantly by regulation. This regulation varies by state, and typically is aimed at ensuring a safe and reliable network and providing affordable costs to ratepayers. While regulation may have sustainability objectives—as are found in renewable portfolio standards and “decoupling”—they typically don’t encourage the kind of innovative partnerships that companies need to form in order to address the full set of challenges described here. In 2012, because of obstacles to acquiring power from low-carbon sources, eBay invested its support in the passing of Senate Bill 12 in Utah, which allows companies to buy and transmit power directly from sources of renewable energy.

These challenges add to a list of specifications that data center operators already have to consider when constructing new facilities, and the need to do so in the face of emerging technologies, policies, and standards. These factors make the sourcing of low-carbon power difficult for individual companies to manage alone.

To address these issues, BSR has formed Future of Internet Power, a new leadership initiative with Adobe, eBay, Facebook, HP, salesforce.com, and Symantec that will identify and publicize best practices around low-carbon power sourcing for data centers in the United States, and it will help internet companies work more effectively with key policymakers and utilities. As we move forward, we will be considering opportunities to expand these insights for additional regions and sectors.

What are the possiable ways to check what's wrong the application if application is not launching?

How to set UAC not be displayed for Installing MSI

As the international community coordinates its response to the deepening crisis in Syria, scammers have once again demonstrated their skill at using current, high-profile events to their advantage. We have previously covered these methods in regards to Egypt, Libya, and the Rugby World Cup.

We recently identified a scam message that claimed to be from The Red Cross. The message explains how the conflict is creating a humanitarian crisis and urges people to support The Red Cross and The Red Crescent.

Curiously, the email includes a link to the actual British Red Cross website, but urges that donations over £500 GBP ($775 USD) be sent through MoneyGram or Western Union money transfer services.

The British Red Cross does currently have an appeal for donations for victims of the conflict in Syria but it does not use these payment services.

Anyone considering supporting charities should be cautious and make sure that they are using the charity’s official website.

We have also seen other scams claiming to be from people in Syria, looking for help in moving money out of the country, ostensibly to protect their wealth or to start up a business. These scams promise a share of the sender's vast fortune and use the seriousness of the situation to try to solicit a prompt reply. Remember, if an offer sounds too good to be true, it usually is.

2013 年 4 月、フランスに本拠を置く多国籍企業のバイスプレジデント秘書の元に 1 通のメールが届きました。メールには、大手のファイル共有サービスにアップロードされている請求書へのリンクがありました。数分後、同じ秘書に別のバイスプレジデントから電話がかかり、その請求書を調べて処理するよう指示がありました。バイスプレジデントは毅然とした口調で完璧なフランス語を話しましたが、実はこの請求書は偽物で、バイスプレジデントと名乗って電話をかけてきた人物が攻撃者でした。

請求書と言われたファイルの正体はリモートアクセス型のトロイの木馬（RAT）で、ウクライナにあるコマンド & コントロール（C&C）サーバーにアクセスするように設定されていました。攻撃者は RAT を使ってこの秘書のコンピュータに侵入し、キーストロークを記録する、デスクトップをのぞき見る、ファイルを参照して手に入れるといった直接制御に成功したことになります。

電子メールを送りつけた直後に流暢なフランス語で電話をかけるという今回の戦術はきわめて異例であり、ソーシャルエンジニアリングの先鋭化が見てとれます。シマンテックセキュリティレスポンスが、ヨーロッパの組織を標的にするこのタイプの攻撃について初めての例を詳しくお伝えしたのは、2013 年 5 月のことでした。その後の調べで、この攻撃の詳細な手口がわかってきました。動機は金銭の詐取で、攻撃は今もなお続いています。

大胆な手口

多くの企業と、その取引先である銀行は、不正な送金を防ぐための防御手段を講じています。しかし攻撃者は、その防御ラインをひとつひとつ打破するために、さらに大胆なソーシャルエンジニアリングの手口を繰り出すようになりました。たとえば、ある手口は以下のように実行されました。

• 攻撃者はまず、RAT を使って企業内のシステムに侵入します。
• システムが RAT に感染すると、攻撃者は企業の取引先銀行や通信プロバイダを特定できる情報（ディザスタリカバリ計画を含む）、プロバイダと銀行の担当者の連絡先やアカウントデータを取得します。
• このデータを使うと攻撃者は企業の担当者に偽装することができ、契約先の通信プロバイダに電話します。攻撃者は通信プロバイダに身元を証明し、物理的な災害が発生したと説明して自社の電話番号をすべて転送するよう依頼しますが、その転送先は攻撃者の管理下にある電話です。
• 電話番号の転送に続いてすぐ、攻撃者は企業の取引先銀行に FAX を送り、多数の海外口座への高額な電信送金をいくつも依頼します。
• この取引が異常であることから、銀行の担当者は記録にある企業の番号に電話をかけ、取引を確認します。この電話も攻撃者に転送され、攻撃者は取引を承認します。
• 複数の海外口座への電子送金が実行され、その資金は他の口座や金融機関を経てロンダリングされます。

別の例では、攻撃者は送金のために社内の専用システムを使う必要がありました。2 段階認証としてドングルが使われているためです。この攻撃の手順は以下のとおりです。

• 攻撃者は、IT スタッフに偽装して被害者に電話をかけ、送金システムの一部でシステムメンテナンスが必要になったと連絡します。
• このとき攻撃者は、顧客の個人情報保護を盾にとって、メンテナンスの実行中はコンピュータの画面をオフにしておく必要があると説明します。
• モニターがオフになっている間に、攻撃者は被害者の持つ有効なアクセス権を使って社内システムを操作し、海外口座への高額な送金を実行します。

また別の例では、攻撃者はマルウェアをまったく使いませんでした。この攻撃の手順は以下のとおりです。

• 攻撃者は行員の 1 人に偽装して実際の行員に電子メールを送信し、銀行のコンピュータシステムがアップグレードされると連絡します。このメールは申し分のないフランス語で書かれています。
• 翌日、攻撃者は電子メールを送信した相手に電話をかけ、同じ銀行の同僚であると名乗ったうえで電信送金の「テスト」を依頼します。
• 「テスト」と称された電信送金で、実際には海外口座に資金が送られてしまいます。

被害状況

攻撃に関する調査によると、被害を受けたのはフランスに拠点を置く数社の企業でした。攻撃者の目的は、企業の会計部門または同等の部門から海外口座に電信送金させることにありました。

図 1.フランス語話者による金銭詐取攻撃の標的となった業種

ほとんどの場合、最初の被害者は企業内の秘書または会計士でした。最初の被害者が送金の権限を持たない場合、攻撃者はその被害者の資格情報を使って、会計部門の中で送金の権限を持つ従業員を探し出します。攻撃者は、さらに次のソーシャルエンジニアリング行為によって、個人のコンピュータに侵入を果たしていました。

移動しながらの攻撃

電子メールと C&C のトラフィックを調べたところ、攻撃者はイスラエルに拠点を置いている、またはイスラエルを経由して攻撃を行っていることが判明しました。しかし、発信元 IP アドレスがイスラエルにあるというのは普通ではありません。イスラエル国内通信会社の携帯電話加入者のネットブロック内にあるからです。そして、この攻撃が実際にはモバイルネットワークから発信されていること、しかも攻撃者が MiFi カードを使っているという重大な事実も、トラフィック解析で確認されました。

図 2.フランス語話者による金銭詐取攻撃の C&C トラフィック

MiFi カードは、GSM セルラー無線機（GSM 電話と同等）であり、携帯電話ネットワークを通じてコンピュータシステムにインターネットアクセスすることができます。そのため、MiFi カード用の GSM SIM カードをバザーや個人販売で現金購入すれば、攻撃者は匿名性を確保できることになります。全世界の 3G プロバイダの多くは、プリペイド方式のデータ通信プランを用意しており、購入するとき身元証明が不要です。したがって、通信記録から個人を特定されることはありません。

さらに驚くべきことに、トラフィック解析からは、この攻撃者が攻撃を実行しながら常に移動していたことまで判明しています。このような防衛技術を利用されてしまうと、攻撃者の追跡はきわめて難しくなります。サイバー犯罪にこのような技術が使われるというのは、攻撃者が用いる手口がますます巧妙になっていることの表れです。移動中の MiFi カードを発見するには、特殊な機器を使う常駐の人物が待機する必要があり、通信プロバイダからも情報の援助を受けて MiFi カードの位置を検算しながら特定しなければなりません。

フランス語話者による金銭詐取は、サイバー犯罪者の活動がさらに高度になりつつあることを示す好例であり、この傾向は今後も続くと見込まれます。

今回の調査にご協力くださった Computer Emergency Response Team of Ukraine（CERT-UA）に感謝の意を表します。

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

In its fiscal year 2013, Symantec contributed more than $24 million in cash and software to nonprofits working within its four philanthropic focus areas: science, technology, engineering, and math (STEM) education; online safety; diversity; and environmental responsibility. Over the next few weeks, we will hear from several of our partners on various projects and programs that Symantec is helping to support. Today, we hear from Alex Von Feldt, program director at Acterra, an environmental nonprofit serving Silicon Valley.

Symantec Corporation and Acterra, a Palo Alto-based environmental nonprofit, are teaming up to install a California native plant garden at Symantec’s Mountain View campus.

The purpose of the project is to provide a lovely garden that provides quality habitat for local wildlife while demonstrating sustainable landscaping practices. Sustainable landscaping is a term used to describe an attractive environment that is in balance with the local climate and requires minimal resource inputs, such as fertilizer, pesticides, gasoline, time, and water.

In the garden we will use several species of locally native plants.  Plants that have adapted to our climate over thousands of years require minimal human intervention to keep them alive and healthy.  Once established, these plants need little to no additional water, no fertilizers or pesticides and only periodic maintenance. Oftentimes, garden chemicals applied to the landscape run off into our storm sewers and find their way into our local creeks, which harms aquatic life. 

Native plants are an essential part of the ecological food web. These plants provide the food for our locally adapted insects that in turn feed our birds and invertebrates. When we use these types of plants and landscaping practices in our developed areas, we help mitigate our impact on the local ecosystem.

The plants that we will be using in the project are local to the San Francisco Bay Area and are grown at Acterra’s Native Plant Nursery, which grows plants for habitat restoration projects throughout the Silicon Valley.  We will install groundcovers, grasses, perennials and shrubs that can provide flowers or berries throughout the year.

Symantec Volunteers

Symantec's Mountain View Green Team has volunteered their time to help create the native garden. With Acterra providing guidance, tools and plants, the Symantec team will prepare the planting area with organic compost, install the native plants and then add wood chips (mulch) to the garden to improve soil quality and retain moisture. In addition to helping improve the campus, the Symantec volunteers will learn about how to create a healthy urban ecosystem and can assist with periodic maintenance of the native garden. 

Native Garden Coming Soon!

The work on the garden will begin this fall and end by December.  While it may seem unusual to plant at this time of the year, it is actually the perfect time to do so with California native plants.  Installing plants in fall allows them to take advantage of the winter rains and send their extensive root structure deep into the ground.  Planting in fall also allows the plants to avoid the summer heat when they are young.  By the time spring rolls around, the plants should be growing strong and beginning their natural cycles of growth, bloom, seeding and senescence.

Stay tuned for more communications about the upcoming planting days and pictures of the work in progress. 

Thank you to Symantec for your culture of volunteerism and respect for the community in which you work!

If you are interested in participating in upcoming planting days or ongoing garden maintenance, please contact Symantec Corporate Responsibility.

About Acterra

Acterra is a 501(c)3 non-profit whose mission is to bring people together to create local solutions for a healthy planet.  Acterra’s programs include Green@Home, which reduces tons of carbon each year by improving residential energy efficiency, Business Environmental Awards that highlights corporate leaders in the environment, and Stewardship that involves, educates and inspires the public to create healthy ecosystems in our urban communities and our natural lands.

Symantec is a past recipient of Acterra’s Business Environmental Award.

Facebook announced on July 31st that they have implemented https as default for all of their users. This means that almost all traffic to www.facebook.com and 80% of traffic to m.facebook.com will be using a secure connection. This is both a significant accomplishment for Facebook, who first made the option of using https available two years ago, but it is also great news for their users. When users log into Facebook and see https in the URL, the information they share is encrypted by a Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate. One of the most significant challenges Facebook faced in the implementation of default https was the impact on performance. Moving from http to https is much more complex than it might appear, and it is not simply re-rerouting from http to the https. SSL encryption requires extra round trips to complete the handshake that secures the session and depending on the user’s location and connection speed, there can be noticeable delays. However, Facebook has utilized abbreviated handshakes and have also upgraded their infrastructure to avoid this inconvenience.

Facebook is also working on additional upgrades that will be available this fall. They have already migrated from 1024-bit to 2048-bit RSA keys in compliance with the industry move at the end of the year. Facebook is also testing to Elliptic Curve Cryptography (ECC) as a more efficient but just as secure alternative to the industry-standard RSA. A 256-bit ECC certificate’s improved server performance and the increased number of simultaneous users provides real opportunities to improve on the performance challenges of the larger RSA certificates mandated by the end of this year. There are many other upgrades that Facebook is looking to in order to better secure their users. Click here to learn more. 

“This security roadmap represents a solid gesture from Facebook on their continuing commitment to the privacy and security of their users,” says Craig Spiezle, executive director and president of the Online Trust Alliance (OTA). “Their commitment to always on SSL is commensurate with the values of our entire organization, for the betterment of the security ecosystem.”

If you encounter the above-mentioned error, the first thing to check is client's ncflbc log. To obtain it, simply run:

<install dir>\Veritas\NetBackup\bin\vxlogview -p 51216 -i 351 -t 01:00:00 > C:\temp\ncflbc.log

Change -t value to how far back you want to grab the log for. In this case it's up to 1 hour ago.

Then see if you get this error:

24/07/2013 11:08:13.574 [[fsys\jet] ] <from Producer> STARTING RESTORE MAP: ! SOURCE PATH: C:\Program Files\Veritas\NetBackup\Temp\IMG000001! TARGET PATH: C:\Program Files\Veritas\NetBackup\Temp\IMG000001! (../BEDSContext.cpp:164)
24/07/2013 11:08:13.574 [[fsys\jet] ] <from Producer> RSTMAP[0] - >>>> C:\Program Files\Veritas\NetBackup\Temp\IMG000001\Mailbox Database.edb! (../BEDSContext.cpp:164)
24/07/2013 11:08:24.808 [[fsys\jet] ] <from Producer> ### [DbInstance::RecoverDb] - JetInit3 ... (-582) (../BEDSContext.cpp:164)
24/07/2013 11:08:24.840 [[fsys\jet] ] <from Producer> Recovery FAILED - ERROR::RC = -582 - <n/a>! (../BEDSContext.cpp:164)
24/07/2013 11:08:24.855 [[fsys\mb2] ] <from Producer> using EDB Provider for Browse/Backup.! (../BEDSContext.cpp:164)
24/07/2013 11:08:24.855 [[fsys\mb2] ] <from Producer> m_lpMAPISession->Logon returned 80004005 (../BEDSContext.cpp:164)
24/07/2013 11:08:24.855 [[fsys\mb2] ] <from Producer> OPEN DATABASE FAILED: <n/a> (../BEDSContext.cpp:164)
24/07/2013 11:08:24.855 [[fsys\mb2] ] <from Producer> MB2_Chgdir:Logon returned e000fea9 (../BEDSContext.cpp:164)
24/07/2013 11:08:24.855 [Folder::start()] FS_ChangeIntoDDB() Failure! (0xE000FEA9:The Backup Exec data store encountered a problem during the operation. See the job log for details.) (../Folder.cpp:331)
 

If yes, you can try modifying the pre-freeze-script.bat as follows:

Go to the following locations:

C:\Program Files\Symantec\Backup Exec\BE VSS Provider\
C:\Windows\

And make a backup copy of the following file: pre-freeze-script.bat

Edit the original file and add the following switch: -skipprovidercheck

on each occurence of BeVssRequestor.exe" -pre2 -logscreen

For example: Symantec\Backup Exec\RAWS\VSS Provider\BeVssRequestor.exe" -pre2 -logscreen -skipprovidercheck

If in doubt, please contact NetBackup support!

深刻化するシリアの情勢に対して国際社会が対応に苦慮するなか、詐欺師はまたしても、今最も話題になっているニュースを悪用して自分のスキルを誇示しています。同様の手口についてはこれまでにも、エジプトやリビアの政情不安、ラグビーのワールドカップのときにお伝えしました。

最近シマンテックが確認した詐欺メッセージは、赤十字社から送信されたように偽装されていました。メッセージでは、情勢の悪化によってどれほど人道的な危機が差し迫っているかを説明し、赤十字社と赤新月社を支援するよう強く求めています。

不思議なことに、電子メールには実際の英国赤十字社の Web サイトへのリンクがありますが、MoneyGram 社または Western Union 社の送金サービスを使って 500 英ポンド（約 76,000 円）を寄付するよう促しています。

英国赤十字社は現在、シリア危機の犠牲者のための寄付を募っていますが、これらの送信サービスは利用していません。

募金を考えている方は、必ず正規の Web サイトを通じて送金するようご注意ください。

このほか、シリア国内の人が送信したと騙る詐欺メールも確認されています。財産を守るため、あるいは事業を立ち上げるためと称して、資金を国外に持ち出す協力を請うという内容です。この手の詐欺は、送信者の膨大な財産から一部を分け前として提供すると約束し、事態の緊急性を訴えて即時の応答を求めています。ウソのような儲け話は、しょせんはウソだということを忘れないようにしてください。

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

Shortcut files have recently become a common vehicle used in targeted attacks to deliver malware into organizations. Symantec has observed a variety of ways shortcut files are being used to penetrate networks, such as the one described in a previous blog. We recently came across another example of how this file type is being used in an attempt to evade detection by security products and trick email recipients into executing attachments. In this variation, an email with disassembled malware attached is sent to a recipient along with a shortcut file used to reassemble the malware.

The email used for this attack included an archive file as an attachment containing a shortcut file with an icon of a folder along with a real folder containing a Microsoft document file and two hidden files with .dat file extensions.

Figure 1. Inside the attached archive file

Figure 2. Inside the Summit-Report1 folder

For the average user with default explorer settings, the archive file would appear to only contain two folders. Clicking either of the two folders leads the user to the folder containing the document file. If the user attempts to open the folder, which is actually the shortcut file, a copy command runs and combines the two .dat files to create one malicious file. The computer then becomes infected with malware. Please note the structure inside the archive attachment varies, but the archive will always contain multiple broken-up files along with a shortcut file.

Figure 3. Shortcut file properties showing a portion of the script used to assemble the .dat files

Figure 4. Binary data in ~$1.dat

Figure 5. Binary data in ~$2.dat

Figure 6. Binary data in combined executable file

The tactic of disassembling malware before the attack and reassembling it on the victim’s computer may be used by an attacker for several reasons. The main reason may be to avoid the malicious files being detected. If the file is broken up into pieces, security products will have difficulty in determining if these files are malicious. Another reason may be to prevent gateway security products from stripping off executable files. A typical gateway product has the capability to filter by file types and it can be set to strip off executables found in email attachments. This is a common practice carried out by IT departments.

Shortcut files are very simple and cost efficient to use. They do not require the use of exploits, which can be more resource intensive and also requires the victim’s computer to be vulnerable. Icons can easily be made to look like folder or document files. Once an attacker prepares the malicious files, they then only have to write one line of script and the attack is ready.

What can be done to protect against these types of attacks? In normal circumstances, there are no practical reasons for emails to contain shortcut files. If organizations feel shortcut files are not needed in email attachments, they can explore the possibility of filtering out that file type at the gateway of the network.

Symantec detects the malware discussed in this blog as Trojan Horse.

Hi All,

There has been instance with many end clients who are not able to locate Symantec Partners name on https://partnerlocator.symantec.com
Once partners says that they are associated with Symantec there is a chance

There has been instances that end clients are not able to locate partners on Symantec partner net Portal

So have you all checked whether your Company’s name has been listed on https://partnerlocator.symantec.com

It is vital information that a partner needs to check.

It does add value to your business and is essential for all partners and effective for end clients to choose partners.

Partner locator does give information about partner contact details, partner level (Registered, Silver, Gold or Specialist, Distributor & Global Strategic partners) and what specialisation  and master specialisation they have achieved.

Steps for Symantec partner to get Listed on Partner net
 

1         Login to http://partnernet.symantec.com

       2         Enter your Login Credentials.

3         Once logged in, select   Overview (Select the drop down next to your name – top right corner)

4         Under your Company Overview, select Partner Locator Setup

5           Under Partner Locator Settings, there are 4 options that you can select to list your company in Partner Locator Portal – https://partnerlocator.symantec.com

• Display My Company in Partner Locator
• Display All information
• Display Company Image or Logo
• Company Overview Description– Write up on business expertise and solutions expertise or company information. Max 2000 characters

*Unless these options are not ticked, even if you are registered for the partner Program, your company details will not appear in partner locator

I would strongly recommend  all partners to be a part of it and if you are not listed, get yourself enrolled today itself

Regards
Rish

Hey guys,

I am looking for more information on the creation of a flexresponse to use with Titus clasification engine.

Here is the scenario:

Discover or endpoint Discover detects information and an incident is generated (Based on a policy that is able to detect that the data should be clasified as "confidential"). - Then a flex response can be executed to tag the value "confidential" into the document Titus metadata.

I am just not completely sure if Titus has a command line syntax I can use (something similar to the way it is done with Netshare).

Thanks in advance for your help,

-Leo

Working with a large customer on PAtch Management for the last couple of month, and using extensively the Patch Trending SiteBuilder [1] and ZeroDayPatch [2] I had a chance to make some improvments on both tools (and to PatchAutomation [3] as well, given it shares code and features with ZeroDayPatch). Here's the run down from each tool release notes / documentation updates:

Patch Trending SiteBulder:

Release 10

Added two troubleshooting pages to list the top 10 bulletins with most changes up (net increase in installed updates)  and down (net increase in vulnerable count). Also took some times to re-order the html pages generated. In this manner the browser will display the html content before it tries to build up the graphs in javascript. Finally I added page title to all generated html pages for additional clarity on the site.

ZeroDayPatch:

Document version 8:

• Attached version 8
• Updated the command line message to reflect changes
• Added feature /duplicates
• Added automatic creation of the "patchautomation_excluded" table.
• Changed naming scheme to be simpler
• Aligned doc and release versions

PatchAutomation version 8:

Version 1.9: Changed the numbering scheme, so we are now at version 8 and added a "/duplicates" switch. This allows you to generate duplicate policies if you need them, or brand new ones. Any policy created will then be added to the "patchautomation_excluded" table that we generate automatically now. This is useful if you want to transition existing policies to a new target, or as in my case, from hierarchy based to locally generated. Amended the command line /? print out to match those changes.

[1] {CWoc} Patch Trending SiteBuilder

[2] {CWoC} ZeroDayPatch: Patch Automation Tool for PMS 7.1 SP2

[3] {CWoC} Patch Automation - With Full Test Life-cycle

The other day I came across rather an interesting article on the RSS feed which comprises Symantec technotes. The issue relates to the way that data is stored on disk with Enterprise Vault. It seems that 'some' items whilst stored on disk correctly, within the correct date folder, are recorded in the saveset table incorrectly.

It seems that the issue gets worse with Enterprise Vault collections enabled, and worse still the issue doesn't appear to just affect archiving, but also the retrieval of items. On top of all these problems is that there is the word 'some' in front of it all. 'Some' always makes me think about how to identify the 'some' from the 'rest'. The article referenced below does not go in to how you figure out what these items are, nor does it look like EVSVR can fix this problem.

So the article is interesting from a number of aspects, but, of course the biggest to me is that there is no discernible way of identifying the problem items, or fixing them - at least it's not identified in the article at this time. Might well be worth subscribing to the technote to be notified of updates.

Have a read of the technote, and it appears to affect ALL Enterprise Vault 9.0 and 10.0 versions.

http://www.symantec.com/docs/TECH209243