Why are the jdb file unsigned without digital signature? How could we be sure if the file is not tamper or fake when downloading?

Hi:

We are currently using the ESM(Enterprise Security Manager) product to ensure the server setting compliance.

I would like to verify some technical questions on the auditing standpoint.

- Is it possible that after restarting the ESM server, some of the registered server agents will be disappeared from the ESM console. 
In other words, when performing the restart second time, the server will appear registered with the ESM agent.?

We are performing the server list export from the ESM to verify the completeness of the server with ESM agent registered.

Appreciate your helps.

Best Regards;

Hi, Is there an Event Viewer like in SEPM where we can see the logs of the issue that already occur

eg. scenario

we have found out that the SEPM has missing moniker (we already know that symantec releases updates 3 times a day every weekdays and once a day on the weekend) there are two to three days with missing moniker that supposed to have 3 update.

what we did is to run luall.exe but unsuccesful then we downloaded the exact missing moniker (.jdb) later on uploaded on sepm and the problem was resolve

we try to collect symdiag logs after the issue and reported it to a symantec support to analyze, unfortunately the support unable to see what have caused the issue of missing the moniker since we already uploaded it using .jdb and now they are saying that the issue have to REOCCUR for them to see the exact reason why we are encountering such an issue.

now the real concern here is how can we avoid this issue to re occur if the support unable to see the real reason and give us recomendation or suggestion on what to do

is there a tool to help us to take a look on what happen after we have uploaded the .jdb and to see what have caused of missing out the moniker

Thank you

This is something I get confused. Upon completion of the system full scan it says "Risk found: 1" but the Full scan result box did not display or show what risk is detected. Does anyone have an idea why this occur?

Thanks.

Hi everybody,

I'm with a customer here in Germany and we've just installed SEE 11.1.1 and deployed the agent to a few test machines.
We've registered some AD users on the test machines by loging on in Windows and everything's working fine.

Here's my question:
When I look into the server's admin console I only see the clien administrator that we configured in the MSI. All other users are not displayed. We tried to manually check in the client to the server, which was successful (timestamp in the server's console is updated) but nevertheless the users aren't displayed.

Since the console has columns for "domain" and "user type" and the help explicitly states that AD users shall be displayed, I'm wondering why I don't see these users here.

Any ideas?

Thanks,
Caroline

Hi everybody,

I wonder, whether there's a possibility to display a tray icon for the SEE Management Agent on the client?

I know, there was one in previious versions but I can't find it in SEE 11.

Thanks,
Caroline

Hi everyone,

There seems to be an issue when using nested groups for SEE server roles.

When I select a group that does not contain users but other groups that themselves include the users (as best practices from MS) the permissions within the server console is denied.
If I select the user directly, the permissions are set correctly.

Any idea?

Thanks,
Caroline

Hi dear friends ,

I faced with this common issue at customer site while implementing SEP Manager. They are using MSSQL 2014 pool and we implemented SEPM to this remote SQL pool. By the way we configure SEPM DB properly and i can log on to SEPM interface but during the logon process we are getting Unexpected Server Error Code : 0x10010000 and we could not see Home, Monitor and Reports section.

I want to share scm-server0.log with you. It looks there is server connectivity problem but i need your comments and suggestions. SEP version is 12.1.6 MP4. By the way i have all SEPM logs. Do you need to check anyother log pls tell me.

Best regards.  

Hi all,

Does somebody have an information, whether and how the Windows Passwort Reset Utility works, when there are multiple users registered to a computer with SEE installed?

Actually we're testing this feature here and see that after a helpdesk-assisted PBA bypass, the logon process stops at the Windows logon screen and asks for username and password instead of providing single sign-on.

I could unterstand, if this feature doesn't work with multiple users registered in SEE, but can't find any information somewhere.

Any help is appreciated,

Caroline

Commonly we'll assign a temporary PC name during PC configuration, then rename the PC when it gets deployed, but the alias still shows the temporary name instead of the correct computer name. In our managed environments, the computer name is far more important than the alias assigned at the time of SEP.cloud installation. 

We would like the ability to have the ALIAS automatically change in the portal to match the PC name as it gets changed instead of manually having to change every PC as it gets deployed. This could be implemented as a checkbox or as a part of the Symantec Policy for a given client or group perhaps.

As of SCU2016-1 there is only “CIS Microsoft Windows Server 2012 V 1.0.0” standard in Predefined folder which is currently few years old and lagging behind latest CIS benchmarks:

CIS Microsoft Windows Server 2012 non-R2 Benchmark v2.0.0
CIS Microsoft Windows Server 2012 R2 Benchmark v2.2.0

In this article I’ll focus on implementing following checks from above CIS benchmarks which can extend existing predefined standard:

• 19.1.3.1 (L1) Ensure 'Enable screen saver' is set to 'Enabled' (Scored)

• 19.1.3.2 (L1) Ensure 'Force specific screen saver: Screen saver executable name' is set to 'Enabled: scrnsave.scr' (Scored)

• 19.1.3.3 (L1) Ensure 'Password protect the screen saver' is set to 'Enabled' (Scored)

• 19.1.3.4 (L1) Ensure 'Screen saver timeout' is set to 'Enabled: 900 seconds or fewer, but not 0' (Scored)

• 19.7.4.1 (L1) Ensure 'Do not preserve zone information in file attachments' is set to 'Disabled' (Scored)

• 19.7.4.2 (L1) Ensure 'Notify antivirus programs when opening attachments' is set to 'Enabled' (Scored)

• 19.7.37.1 (L1) Ensure 'Always install with elevated privileges' is set to 'Disabled' (Scored)

Common for above controls is that they are all related to GPO User Configuration settings which pose some specific challenges due the way Windows registry and CCS works. Since the GPO settings apply to User object, after enabling/setting it, corresponding registry key will be placed under HKEY_USERS\<SID>\ hive and loaded also under HKCU hive. In my testing I was not able to get CCS to scan HKCU so I focused on how to scan HKEY_USERS\<SID>\ for specific registry key and I’ve accomplished this with “Key/Value Name Matches Pattern” filter statement.

So let’s start with the technical details:

1. Here is the summary of the GPO settings and corresponding keys we want to check
   

   Check id	Policy	Policy value	GPO path	Registry path	Registry value
   19.1.3.1	Enable screen saver	Enabled	User Configuration/Administrative Templates/Control Panel/Personalization	HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ ScreenSaveActive	REG_SZ=1
   19.1.3.2	Force specific screen saver	Enabled: scrnsave.scr	User Configuration/Administrative Templates/Control Panel/Personalization	HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ SCRNSAVE.EXE	REG_SZ=scrnsave.scr
   19.1.3.3	Password protect screen saver	Enabled	User Configuration/Administrative Templates/Control Panel/Personalization	HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ ScreenSaverIsSecure	REG_SZ=1
   19.1.3.4	Screen saver timeout	900 or less but not 0	User Configuration/Administrative Templates/Control Panel/Personalization	HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveTimeOut	REG_SZ=900 or less but not 0
   19.7.37.1	Do not preserve zone information in file attachments	Disabled or Not Configured	User Configuration/Administrative Templates/Windows Components/ Attachment Manager	HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\ SaveZoneInformation	REG_DWORD=2
   19.7.4.1	Notify antivirus programs when opening attachments	Enabled	User Configuration/Administrative Templates/Windows Components/ Attachment Manager	HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\ ScanWithAntiVirus	REG_DWORD=3
   19.7.4.2	Always install with elevated privileges	Disabled or Not Configured	User Configuration/Administrative Templates/Windows Components/ Windows Installer Computer Configuration/Administrative Templates/Windows Components/Windows Installer	HKCU\Software\Policies\Microsoft\Windows\Installer\ AlwaysInstallElevated HKLM\Software\Policies\Microsoft\Windows\Installer	REG_DWORD=0

2. Below is information necessary to create the checks together with description and remediation info.
   One challenge here is how to configure check in case of missing data item (registry key does not exist). I’ve opted for Unknown (Manual review required) since if key does not exist it could be due to fact that no user is logged at the time CCS was performing the scan, so no key was loaded, which does not mean the settings are not configured at the GPO level. Another problem with this solution is in case there is stalled user (or user that never logs off) registry hive loaded under HKEY_USERS which might have different settings than expected and also conflicting settings with the GPO. We will leave that as room for improving the current solution.

   Check name	Description	Formula	Remediation
   19.1.3.1 Ensure 'Enable screen saver' is set to 'Enabled'	This check passes if registry value data "HKU\<SID>\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveActive" is set to 1	[Value as String Equal To '1' Where Key/Value Name Matches Pattern '/HKU\\.*\\Software\\Policies\\Microsoft\\Windows\\Control Panel\\Desktop\\ScreenSaveActive/' with Missing Data Outcome being 'Manual Review' and Multiple Data Operator being 'AND' ]	1. Click Start ; Run. 2. At the command prompt, execute gpedit.msc. 3. Click User Configuration; Administrative Templates; Control Panel; Personalization. 4. Open the Enable screen saver policy. 5. In the Properties dialog box, on the Setting tab, click Enabled. 6. Click Ok. Alternatively, do the following: 1. Click Start -> Run. 2. In the Run dialog box, type regedit and click Ok. 3. In the Registry Editor, navigate to HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop 4. If the ScreenSaveActive does not exist, do the following: * Right-click the Desktop key and click New -> String. * Name as ScreenSaveActive. 5. Right-click ScreenSaveActive and click Modify. 6. In the Value data box, type 1 and click Ok. 7. Close the Registry Editor. Warning: The system may be damaged severely if the registry is edited incorrectly. Back up any valued data before editing the registry.
   19.1.3.2 Ensure 'Force specific screen saver: Screen saver executable name' is set to 'Enabled: scrnsave.scr'	This check passes if registry value data "HKU\<SID>\Software\Policies\Microsoft\Windows\Control Panel\Desktop\SCRNSAVE.EXE" is set to scrnsave.scr	[Value as String Matches Pattern '/scrnsave.scr/' Where Key/Value Name Matches Pattern '/HKU\\.*\\Software\\Policies\\Microsoft\\Windows\\Control Panel\\Desktop\\SCRNSAVE.EXE/i' with Missing Data Outcome being 'Manual Review' and Multiple Data Operator being 'AND' ]	1. Click Start ; Run. 2. At the command prompt, execute gpedit.msc. 3. Click User Configuration; Administrative Templates; Control Panel; Personalization. 4. Open the Force specific screen saver policy. 5. In the Properties dialog box, on the Setting tab, click Enabled. 6. in the Screen saver executable name field: type scrnsave.scr 7. Click Ok. Alternatively, do the following: 1. Click Start -> Run. 2. In the Run dialog box, type regedit and click Ok. 3. In the Registry Editor, navigate to HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop 4. If the scrnsave.exe does not exist, do the following: * Right-click the Desktop key and click New -> String. * Name as scrnsave.exe. 5. Right-click scrnsave.exe and click Modify. 6. In the Value data box, type scrnsave.scr and click Ok. 7. Close the Registry Editor. Warning: The system may be damaged severely if the registry is edited incorrectly. Back up any valued data before editing the registry.
   19.1.3.3 Ensure 'Password protect the screen saver' is set to 'Enabled'	This check passes if registry value data "HKU\<SID>\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaverIsSecure" is set to 1	[Value as String Equal To '1' Where Key/Value Name Matches Pattern '/HKU\\.*\\Software\\Policies\\Microsoft\\Windows\\Control Panel\\Desktop\\ScreenSaverIsSecure/' with Missing Data Outcome being 'Manual Review' and Multiple Data Operator being 'AND' ]	1. Click Start ; Run. 2. At the command prompt, execute gpedit.msc. 3. Click User Configuration; Administrative Templates; Control Panel; Personalization. 4. Open the Password protect screen saver policy. 5. In the Properties dialog box, on the Setting tab, click Enabled. 6. Click Ok. Alternatively, do the following: 1. Click Start -> Run. 2. In the Run dialog box, type regedit and click Ok. 3. In the Registry Editor, navigate to HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop 4. If the ScreenSaverIsSecure does not exist, do the following: * Right-click the Desktop key and click New -> String. * Name as ScreenSaverIsSecure. 5. Right-click ScreenSaveActive and click Modify. 6. In the Value data box, type 1 and click Ok. 7. Close the Registry Editor. Warning: The system may be damaged severely if the registry is edited incorrectly. Back up any valued data before editing the registry.
   19.1.3.4 Ensure 'Screen saver timeout' is set to 'Enabled: 900 seconds or fewer, but not 0'	This check passes if registry value data "HKU\<SID>\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveTimeOut" is set to 900 or less, but not 0 (zero)	[Value as String Matches Pattern '/^([1-9]|[1-9][0-9]|[1-8][0-9][0-9]|900)$/' Where Key/Value Name Matches Pattern '/HKU\\.*\\Software\\Policies\\Microsoft\\Windows\\Control Panel\\Desktop\\ScreenSaveTimeOut/' with Missing Data Outcome being 'Manual Review' and Multiple Data Operator being 'AND' ]	1. Click Start ; Run. 2. At the command prompt, execute gpedit.msc. 3. Click User Configuration ; Administrative Templates; Control Panel; Personalization. 4. Open the Screen saver timeout policy. 5. In the Properties dialog box, on the Setting tab, click Enabled. 6. In the Seconds field, ensure value is 900 or less, but not 0 (zero) 7. Click Ok. Alternatively, do the following: 1. Click Start -> Run. 2. In the Run dialog box, type regedit and click Ok. 3. In the Registry Editor, navigate to HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop 4. If the ScreenSaveTimeOut does not exist, do the following: * Right-click the Desktop key and click New -> String. * Name as ScreenSaveTimeOut 5. Right-click ScreenSaveTimeOut and click Modify. 6. In the Value data box, type 900 or less, but not 0 (zero), and click Ok. 7. Close the Registry Editor. Warning: The system may be damaged severely if the registry is edited incorrectly. Back up any valued data before editing the registry.
   19.7.4.1 Ensure 'Do not preserve zone information in file attachments' is set to 'Disabled'	This check passes if registry value data "HKU\<SID>\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\SaveZoneInformation" is not configured or set to 2	[Value as DWORD Equal To '2' Where Key/Value Name Matches Pattern '/HKU\\.*\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Attachments\\SaveZoneInformation/' with Missing Data Outcome being 'Manual Review' and Multiple Data Operator being 'AND' ]	1. Click Start ; Run. 2. At the command prompt, execute gpedit.msc. 3. Click User Configuration; Administrative Templates; Windows Components; Attachment Manager. 4. Open the Do not preserve zone information in file attachments policy. 5. In the Properties dialog box, on the Setting tab, click Disabled or Not Configured. 6. Click Ok. Alternatively, do the following: 1. Click Start -> Run. 2. In the Run dialog box, type regedit and click Ok. 3. In the Registry Editor, navigate to HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments 4. If the SaveZoneInformation does exist, do the following: 5. Right-click SaveZoneInformation and click Modify. 6. In the Value data box, type 2 and click Ok. 7. Close the Registry Editor. Warning: The system may be damaged severely if the registry is edited incorrectly. Back up any valued data before editing the registry.
   19.7.4.2 Ensure 'Notify antivirus programs when opening attachments' is set to 'Enabled'	This check passes if registry value data "HKU\<SID>\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\ScanWithAntiVirus" is set to 3	[Value as DWORD Equal To '3' Where Key/Value Name Matches Pattern '/HKU\\.*\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Attachments\\ScanWithAntiVirus/' with Missing Data Outcome being 'Manual Review' and Multiple Data Operator being 'AND' ]	1. Click Start ; Run. 2. At the command prompt, execute gpedit.msc. 3. Click User Configuration; Administrative Templates; Windows Components; Attachment Manager. 4. Open the Notify antivirus programs when opening attachments policy. 5. In the Properties dialog box, on the Setting tab, click Enabled. 6. Click Ok. Alternatively, do the following: 1. Click Start -> Run. 2. In the Run dialog box, type regedit and click Ok. 3. In the Registry Editor, navigate to HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments 4. If the ScanWithAntiVirus does not exist, do the following: * Right-click the Attachments key and click New -> DWORD (32-bit) Value. * Name as ScanWithAntiVirus 5. Right-click ScanWithAntiVirus and click Modify. 6. In the Value data box, type 3 and click Ok. 7. Close the Registry Editor. Warning: The system may be damaged severely if the registry is edited incorrectly. Back up any valued data before editing the registry.
   19.7.37.1 Ensure 'Always install with elevated privileges' is set to 'Disabled'	This check passes if registry value data "HKLM\Software\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated" is either not configured or set to 0 and if registry key value data "HKU\<SID>\Software\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated" is either not configured or set to 0.	[Windows Installer: Always install with elevated privileges Not Equal To '[Enabled]' with Missing Data Outcome being 'Pass' and Multiple Data Operator being 'AND' ] AND [Value as DWORD Equal To '0' Where Key/Value Name Matches Pattern '/HKU\\.*\\Software\\Policies\\Microsoft\\Windows\\Installer\\AlwaysInstallElevated/' with Missing Data Outcome being 'Manual Review' and Multiple Data Operator being 'AND' ]	1. Click Start ; Run. 2. At the command prompt, execute gpedit.msc. 3. Click User Configuration; Administrative Templates; Windows Components; Windows Installer. 4. Open the Always install with elevated privileges policy. 5. In the Properties dialog box, on the Setting tab, click Disabled or Not Configured. 6. Click Ok. 7. Click Computer Configuration ; Administrative Templates; Windows Components; Windows Installer. 8. Open the Always install with elevated privileges policy. 9.  In the Properties dialog box, on the Setting tab, click Disabled or Not Configured. 10. Click Ok Alternatively, do the following: 1. Click Start -> Run. 2. In the Run dialog box, type regedit and click Ok. 3. In the Registry Editor, navigate to HKCU\Software\Policies\Microsoft\Windows\Installer 4. If the AlwaysInstallElevated does exist, do the following: 5. Right-click AlwaysInstallElevated and click Modify. 6. In the Value data box, type 0 and click Ok. 7. Navigate to HKLM\Software\Policies\Microsoft\Windows\Installer 8. If the AlwaysInstallElevated does exist, do the following: 9. Right-click AlwaysInstallElevated and click Modify. 10. In the Value data box, type 0 and click Ok. 11. Close the Registry Editor. Warning: The system may be damaged severely if the registry is edited incorrectly. Back up any valued data before editing the registry.

Implemented checks are also attached as separate standard in this article: User Admin templates.Xml

$ md5sum "User Admin templates.zip"
5ac4b5ca545f7db43c401c7c8ce5c4c9 *User Admin templates.zip
 

After nearly four years working with the Partner Management Console, I just realized that there is absolutely NO ability to pull all of the customer information that I have entered for my clients.

I need to get a list of Customer name, first name, last name, address, phone, and email for a review to ensure that everything is current.

Not a single "canned" report can do that.

The only way that I can see to do it in the PMC itself is to list the customers, select the first one to view the profile and then copy and past information into either Word or Excel.  I can then use the drop-down list at the top to go to the next client.  And then do that 50 times!

Guess no one at Symantec thought customer information was important to the MSP...

hi Everyone,

can someone experience BSOD after launching Oracle virtual box. Hope you will help me resolving this issue.

SEP version: SEP 12.1.6 MP3

operating systems: windows 7

PLease see attached file a screen capture.

thanks,

Hello All,

I have a LiveUpdate Administrator that stopped downloading updates about a week ago (its downloading content updates for Linux clients). It had been working previously, but stopped all of a sudden. Another LiveUpdate Server serving a different network is not having any problems.

I don't find the event logs that useful for troubleshooting what went wrong

Looking for some suggestions

Paul

Here's the event logs for a recent download failure:

  6/21/2016 10:37:06 PM EDT Download critical admin Download request 175 started by admin has failed.
  6/21/2016 10:37:04 PM EDT Download informational admin The following updates were found missing on source server Symantec LiveUpdate during download: 1466021561jtun_sav10enn07m25.lin, 1466021561jtun_sav10enn08m25.lin, 1466021561jtun_sav10enn09m25.lin, 1466021561jtun_sav10ennful25.lin. Download request id is 175.
  6/21/2016 10:37:04 PM EDT Download informational admin The following updates were found missing on source server Symantec LiveUpdate during download: 1466021561jtun_sav10enn02m25.lin, 1466021561jtun_sav10enn10m25.lin, 1466021561jtun_sav10enn11m25.lin, 1466021561jtun_sav10enn12m25.lin, 1466021561jtun_sav10enn01m25.lin. Download request id is 175.
  6/21/2016 10:37:04 PM EDT Download informational admin Download job from source server Symantec LiveUpdate has completed successfully. There were 1 product(s) for which updates were found as part of this job.
  6/21/2016 10:36:01 PM EDT Download informational admin Started download of content for request id 175 started by user admin.
  6/21/2016 10:35:58 PM EDT Schedule informational admin Download schedule Linux Content Download Schedule started.

Hi,

I'm trying to find a way to block inbound macro-enabeld .doc and .xls files from passing through SMSMSE.

I have created the following content filtering rule:

However, those files are still coming through.

Does anyone have an idea regarding this? Can SMSMSE even scan inside binary files? When I open this kind of file with a test editor, I can see the strings I'm trying to block.

For example:

Question is, is this the way SMSMSE "sees" the file? And if Yes - why isn't the file being blocked?

The product documentation links of SPE for Cloud Services release are collated and are available in the following pages:

• SPE 7.8.x:   https://support.symantec.com/en_US/article.DOC9246.html

• SPE 7.5.x:   https://support.symantec.com/en_US/article.INFO3798.html

• SPE 7.0.x:  https://support.symantec.com/en_US/article.INFO3800.html?

Do feel free to suggest any changes that you think would help you find information better.

I'm creating this post to see if there is any insight, fixes, suggestions about this issue.
We are rolling out Lenovo T460 laptops to a number of users. With those are commonly received a Lenovo ultra slim combo keyboard and mouse which is a *wireless* set. This does not happen with HP, Lenovo or Microsoft USB wired keyboard.  Also, did not happen with a Microsoft or a Logitech wireless keyboard.
The issue is that once the user hits the backspace key in bootguard, all of the following keys are repeats of the keypress directly ahead of it.
So in bootguard you type in "JIN <backspace> MMY" you would expect to get "JIMMY" and you would actually get "JMM".

This really throws people off when they're trying to authenticate.

On Friday We had a scam where we were to call a number, becuase they blocked us from turning off the computer or moving away from the website. They wanted money ( ransom ) to fix the computer.

We restarted PC with a Hard boot, and when computer came back on, Symantec End Point was on this PC, we can not uninstall nor can we get help from the Tech Support from Symantec over the phone.

Please advice us how to remove End Point version # 12.1.6608.6300.

I retied using Clean Wipe but the version sent to me want work, (ver 12.1.5337.5000)

Webinar 0804: Intelligent Endpoint Security: Why Taking A Modern Approach Matters 



Abstract: 

Endpoint security is a critical component in an organization's security program and is needed to gain the visibility necessary to rapidly detect threats and contain them before criminals gain access to critical resources. 



Join us for an interactive discussion and learn more about 



• How emerging security technologies are helping organizations defend against targeted attacks that use zero-days and evasion tactics to evade detection 

• What technologies typically make up modern threat protection solutions and how they enable incident responders to quickly identify infected endpoints and determine the scope of an attack 

• Why endpoint visibility must be combined with network, web, and messaging security solutions to create a security architecture that works cohesively to reduce the amount of time an attacker has on infected systems 

• How risk assessment plays a role in strengthening your security to preempt future attacks 



Speakers: Robert Westervelt is a Research Manager at IDC Security and Alejandro Borgia, VP Product Management at Symantec 

 

Register Today: http://bit.ly/Symantecblog