Solution For
Hi guys,
more over this is not a virus file.its is a system file.
Go to my computer-------------------->click on organize-------------------->folder and search options--------------------->view----------------->tick mark the check box i.e HIDE PROTECTED OPERATING SYSTEM FILES--------------------->apply.
So now ur problem is solved.
Thank You,
Harry.
I'm not an expert in AV software or terminology, so this may be a very simple question.
I want to deploy a virus checker at the staging end of a secure file transfer capability running on AIX. On Windows, I would use SEP, but there isn't an AIX version.
Based on this forum thread ( http://www.symantec.com/connect/forums/antivirus-i... ), the only AIX option that isn't a Domino email product is Symantec Critical System Protection. Does this product allow me to run a customised scan on a single file/directory via a command line prompt, or is it just intrusion detection software?
Does Symantec have a product that runs on AIX that could do what I want?
Hi everyone,
I will like to check if I happened to forgot my password for my SCSPM console, is there any other ways to reset the password and allow me to logon to the console?
Dear all,
I am going to apply prevention policy in enable mode.
by default what will be blocked, when scsp prevention is enabled?
We are in the process of trying to estimate the size of the file share storage that we will be storing our bulk logs onto. We are unsure about what size of storage or disk space is needed to store our bulk logs. We are planning to deploy agents to 10,500 devices. The logs will be rolled up every 24 hours and brought back to the server. We are planning to keep a 3 months of current logs on the server and 10 months onto tape for PCI compliance and investigative purposes. We need help in trying to find out the size of the storage. Any help would be appreciated.
I was curious to know if it was possible to obtain specific IDS policy info via the backend of the CSP SQL database. For example, we have many IDS_File_Tampering policies applied to groups throughout our CSP Console and there doesn't seem to be an easy way to obtain this data.
Using the query wizard within the Reports tab of the Console, I see a new query for policies can be created, but that query does not give any specifics as far as which files and directories are being monitored. Ultimately, we'd like to know if the items in the IDS_File_Tampering policies can be obtained from the backend using more specific SQL strings, or if there is another way..
Thanks,
Dan
Is the limited execution policy the only policy that will stop most applications running by default and require you to whitelist all services/applications that you want to run? Is that the only difference between it and the strict policy?
Hi there.
Has anyone faced an annoying error message when you try to launch the LiveUpdate from the CSP console? The description says that the file cannot be accessed/the system cannot find the path specified (screenshot attached); basic troubleshooting, verify file/folder exists: checked. Although some config files were not in the specified folders I copied them from another CSP server but not sucessful results. It looks to me that Java has something to do with this, but I haven't figure out exactly how to solve it.
Any input, much much appreciated.
Thanks.
SCSP server upgrade from v5.2.8 to v.5.2.9_MP2_EN, error message "Unable to determine the Database population status".
The upgrade cannot be proceeded.
Hey folks,
I could not find any scoping questionnaires for Symatnec Critical System Protection. Can anyone here please share the same?
Is there anyway to configure CSP to not interfere with standard Windows operation while also enabling us to choose what we want to run i.e., a whitelist?
I get what CSP does, but it shouldn't come at the cost of proper OS operation.
I've just setup the CSP agent on a 2012 machine and with the limited execution policy its blocks a lot of legitimate stuff, stuff we're going to have to add to enable Windows to actually work properly.
Is there anyway to make it act more like AppLocker in this sense where it will just blocks applications from running rather than blocking legitimate Windows processes from needing to do what they need to do?
Do we need to disable prevention while up gradation scsp agent from 5.2.8 to 5.2.9.2 ? if have any kb artical plz share.
It appears that upgraded agent software versions cannot be pushed or pulled from the console to existing agents. Are we saying that an admin would have to log into each server, push the newer agent software, install, reboot if necessary? I thought the SEP tool would pull down new agent software, if available. We have over 150 servers, Redhat and Windows that we need to upgrade agents from 5.2.8 to 5.2.9. I realize that we don't have to upgrade the agents to 5.2.9, but it would be nice to have the latest running. Does CSP have a solution to remotely upgrade the agents on each server?
Is it possible to detect in scsp who is accessing my shared folders or whom did changes ?I
I have applied prevention policy "allow but log modifications to these files" check attached screen shot
for testing i have accessed shared folder and created one text file form other computers, scsp agent genreat log but not showing who is created this file , what is system ip address or what is user name who is created this file.
what i need to do changes in policy, so i can detect who created file, ip and user name in local network?
below log has been genreated
SOURCE
Agent Name avadmin
Host Name avadmin
Host IP Address 192.168.42.250
Agent Version 5.2.9.670
OS Type Windows
OS Version Server 2008 R2
Agent Type CSP Native Agent
EVENT
Event Type File Access
Event Category Real Time - Prevention
Operation IoCreateFile
Event Severity Notice
Event Priority 25
Event Date 10-Jul-2013 01:13:56 PDT
Post Date 10-Jul-2013 01:14:49 PDT
Post Delay 00:00:53
Event Duration 00:00:00
Event Count 1
Event ID 194951
DETAILS
Description File Write Allowed for LanManager on C:\Symantec RU3\New Text Document.txt
Policy Name sym_win_protection_strict_sbp for AVADMIN
Process LanManager
File Name C:\Symantec RU3\New Text Document.txt
Disposition Allow
Process Set remote_file_ps
Operation IoCreateFile
OS Result 00000000 (SUCCESS)
SCSP Result 00000000 (SUCCESS)
Permissions Requested 00110080 (delete, synch, read_attr)
Process ID 4
Thread ID 3216
I am geting error while applying policy to scsp agents. i think this releated to SCSP database.what i need to do?
could not allocate space for object dbo.optionsetting optionsetting_pk in database scspdb because the primary filegroup is full create disk space by deleting unneeded files, dropping objects in the filegroup,or setting autogrouth on for existing files in the filegroup
how to block interactive logon for local users ?
i have tride to do this with limting acsses to winlogon.exe but with no success
SCSP 5.2.9 MP3 is being released today.
The main focus on this build is getting a certified SCSP build and policies for Windows Core. Note that you will need to use the 5.2.9 MP3 version of polices alongside the MP3 agent for Core installs.
We have also added SUSE 11 MP3 support for IPS and IDS.
There are various fixes also. I have attached the release notes for reading while you download the package, which have all the details about this build.
Please use your usual channel to download the package, or contact your Sales Rep for download information.
Hi,
how to update Symantec Critical system Protection 5.2.0.493 to 5.2.9 version.
and how to download latest prevention/detection policy packs for scsp.
Can you help me.
With regards,
Mahesh