The database space reclamation utility lets you reclaim unused incident LOB space in your Symantec Data Loss Prevention Oracle 11g Standard database. This can use the database space reclamation utility after migrating incident attachments to external storage, or after deleting a large number of incidents.
↧
Reclaiming space in the Symantec Data Loss Database
↧
CWP TestDrive using AWS Cloud Formation Template (CFT)
This Page has information on AWS Cloud formation Template (CFT) based test drive that can be used by CWP users to validate CWP features. This template automates the creation of instances, subnets, VPC's etc.
Multi-tier Organisation Setup
ABC Trade Corporation is a leading multi-national company. It has typical N-tier architecture, separating front-end and back-end of the organisation. Each tier has restricted access policy to keep it safe. For example, application tier will serve requests coming from the web tier only. Web servers are publicly accessible through a load balancer. Web servers can scale dynamically as per the incoming load. The complete setup is shown in the figure below.
Different server configurations of the organisation are,
Web Server - RHEL7.0 OS running Apache HTTP Server
Application Server - AmazonLinux OS running Tomcat Server
Database Server - AmazonLinux OS running MySQL Server
Additional Notes
Please refer to the attached "Demo_CFT.pdf" for test drive of few sample use cases.
Attachment details
1. Demo_CFT.pdf - This document provides detailed step by step instructions for creation of Demo stack and few sample use cases.
2. Test Drive.zip - This zip file contains the cloud formation template (CFT) JSON file that can be used for creation of demo stack. It also has the key for CWP Agent (referenced in Demo_CFT.pdf)
3. CreatingDemoSetup_V2.mp4 - This recorded video provides step by step process for creation of demo stack
Please Note- In reference to Page 30 of Demo_CFT.pdf, please reach out to deepak_dalvi@symantec.com for getting agent key.
↧
↧
Defent enterprise apps from running malicious scripts - application control rule
This application control rule is protecting you from:
Adobe products running powershell
Office products running cmd or powershell
CMD from running powershell or VB scripts
VB script from using documents on pc
cscript or wscript from running powershell or cmd
↧
Prevent deleting shadow copies - application control rule
This application control rule prevents process from using *vssadmin.exe to delete shadow copies
blocks vssadmin.exe with the folowing argument:
.*delete[^\]*shadows[^\]*\/all[^\]*\/quiet.*
↧
Prevent Enterprise APPS from running CMD or POWERSHELL- application control rule
This rule prevents from different malicious activity:
* OFFICE, ADOBE, CSCRIPT, WSCRIPT and BROWSERS products from launching CMD or POWERSHELL
* scripts from accessing DOCUMENTS (ransomeware protection)
↧
↧
Custom Block page for ProxySG/ASG
Attached html code of custom block page and below is screenshot of block page,
Follow KB article to apply on ProxySG. https://support.symantec.com/en_US/article.DOC9820...
↧
ETR Template-Developing Threat
↧
ETR Template-Research
↧
ETR Template-Security Industry News
↧
↧
ETR Template-Threat Landscape Update
↧
Symantec™ Endpoint Protection Updating Content Best Practices
This guide describes a process to test engine updates and security content before you implement the updates on all client computers.
Reference link: http://www.symantec.com/docs/DOC10649
↧
Fixed checks for CIS Microsoft Windows Server 2012 R2 v2.2.0/v2.2.1
Attached is CCS standard containing fixed checks from CIS Microsoft Windows Server 2012 R2 v2.2.0/v2.2.1:
- 1.2.3 Is the 'Reset account lockout counter after' parameter set to '15 or more minute(s)'?
- 18.4.13.1 (18.4.14.1) Is the 'Hardened UNC Paths' parameter set to 'Enabled, with "Require Mutual Authentication" and "Require Integrity" set for all NETLOGON and SYSVOL shares'?
- 18.9.22.3 (18.9.24.3) Is the 'Default Protections for Internet Explorer' parameter set to 'Enabled'?
- 18.9.22.4 (18.9.24.4) Is the 'Default Protections for Popular Software' parameter set to 'Enabled'?
- 18.9.22.5 (18.9.24.5) Is the 'Default Protections for Recommended Software' parameter set to 'Enabled'?
- 18.9.24.4.2 (18.9.26.4.2) Is the 'System: Specify the maximum log file size (KB)' parameter set to 'Enabled: 32,768 or greater'?
Download the zip file, extract the xml and import into CCS and view/use the updated checks.
DISCLAIMER: Attached checks are provided AS IS without warranty of any kind, do not use them in production environment without proper testing.
↧
PGP Agent clean wipe tool
The below tool is used to clean unistall the PGP 10.4 agent from laptop which removes the PGP entries from Registry, system 32 & .dll files.
This tools clean wipes the files as shown in the below arcticle which is required to completely uninstall the product
https://support.symantec.com/en_US/article.TECH225...
↧
↧
vbs Script to Run as Logon Group Policy. It will list all machines login to domain and give status of SEP service if installed or is running. It will log details like hostname, IP, SEP/CMS service status, is login user local admin
It will list all machines login to domain and give status of SEP service if installed or is running on login machine.
1. Script is vbs will easily work on any winndows client Windows 7, 8, 8.1, 10
2. It can check any service like Symantec Endpoint Protection, Symantec Altris Client Management Suite or any service you want to track
3. Script will log result centrally at a location. Each day a new log file will be created. Replace server ip/hostname in script. Create a folder '\servicelog'.
4. Incase SEP/ CMS (or any service under consideration) not present on user machine or is not running, Script will also show pop up message on screen to contact IT helpdesk.
5. All machines login to domain are target machines for script using group policy
6. Permission Required: create a shared folder centrally available to all users to read/write logs.
7. Incase shared folder not available script will catch the exception and won't generate any error message to enduser.
8. Script can be automated by Group Policy or any tool which support remote execution
9. Script have delay of 1000000ms to not to cause any start up delay in execution.
10. Logfile will contain, hostname, IP, machine serial number, SEP or CMS status, is Login user local admin
Comment and ideas are most welcome to further improve.
↧
Initial configuration of ProxySG with SSL Interception
Hi,
Initial Configuration of ProxySG with SSL Interception and Enabling default setting while doing setup.
↧
ProxySG Upgradation
Hi,
ProxySG upgrade step with Backup and SSL backup step
↧
ebook: Cloud Workload Protection
New Ebook: Cloud Workload Protection
How Snapper protects customer data on AWS with Cloud Workload Protection for Storage.
Protecting data stored in Amazon Simple Storage Service (Amazon S3) buckets from malware and advanced threats can be a daunting task, as hackers develop new ways to infiltrate cloud environments. Symantec Cloud Workload Protection for Storage (CWP for Storage) helps discover malware and prevent the infection of cloud applications and services.
Learn why Snapper, a New Zealand based mobile payment provider, chose Symantec Cloud Workload Protection for Storage.
↧
↧
Updating CCS Agent Name or IP
Ever had the CCS Agent registered with wrong name or agent IP changed? In some situations it can be pain to fix this as it requires going to agent and running the registration again (imaging you do not have access to agent server and you have to raise ticket to 3rd party supplier and he asks you to raise a change request).
Well with these two simple scripts, you can change both agent name and IP directly in CCS. All you need is little windows batch skill, sql skill and account that has permissions to modify few records in CCS_DB.
DISCLAMER: the script is performing modification of records directly in CCS_DB. Scripts are provided as is, use them at our own risk, author is not bearing any responsibility for any damage done.
↧
DLP 15 update readiness tool - pre checker
↧
Custom report to see different Policies with Audit information
This custom report provides ability to choose required state of policy and also choose exact type of policy.
For example I want to see only Patch Management Solution related policies and only for Windows
From this report on mouse right click menu for selected policy, you can perform different actions from context menu
(Picture below is taken from 8.5 RU1 release, so if you have 8.0.x, or 8.1.x ITMS, you will don't see "Push Policy", "Re-Target" actions).
To import this custom report:
- Download attached "Existing different policies in database.xml"
- Open Symantec Management Console -> Reports -> All Reports -> Mouse right click menu on root "Reports" folder -> Import
This report created in ITMS 8.5 RU1 release and checked in 8.1 RU7, so it should work also on older ITMS releases as well.
↧