Monthly Archives: November 2013

On July 5, 2011 Symantec Endpoint Protection 11.x and Symantec Endpoint Protection Small Business Edition 12.0 reached End-of-Life and have currently been running in Limited Support. If you are still on these older product versions, we strongly encourage you to upgrade to version 12.1 free of charge as part of your maintenance/support subscription.

Running Mac OS X?

Upgrade to 12.1.4 with IPS and Antivirus for Mac OS X 10.9 (or lower), better   Mac management and all the protection and performance capabilities for your   Windows and Virtual Machines in a single solution.

Download   Here

Versions 11.x and 12.0 of Symantec Endpoint Protection will move to partial support on January 5, 2014 and End-of-Support-Life on January 5, 2015. Any customers on these product versions will stop receiving technical support, including fixes, patches, workarounds, maintenance packs, and content updates.

To ensure all Symantec Endpoint Protection customers maintain the most advanced protection available, this notification is sent to ALL customers on ANY version of Symantec Endpoint Protection. We encourage you to upgrade all Symantec Endpoint Protection clients in your environment and use the full protection technologies available in version 12.1.

Powered by Insight, Symantec Endpoint Protection 12.1 provides fast, powerful defense-in-depth security technologies for endpoints. It offers advanced defenses against known and unknown threats for both physical and virtual systems and is as easy to roll out as a standard Release Update.

Symantec recently released version 12.1.4 of Symantec Endpoint Protection, which includes support for Windows 8.1 and Mac OS X 10.9, Mac IPS and enhanced management. Upgrade today by downloading Symantec Endpoint Protection 12.1.4 from FileConnect.

For helpful tips, tricks and links for upgrading and optimizing Symantec Endpoint Protection 12.1, visit one of the following sites:

Still running version 11.x or 12.0? Visit: http://www.symantec.com/page.jsp?id=sep12-migration

Already using version 12.1? Visit: http://www.symantec.com/page.jsp?id=sep12-protection

End of Limited Support: On January 5, 2014, these products will transition from Limited Support to Partial Support. Our technical support engineers may provide you with known fixes/patches/workarounds, existing maintenance packs or information from our Technical Knowledge Base in response to requests for assistance. As a courtesy, Symantec will continue to provide content updates and definitions for versions 11.x and 12.0 during this time. For details, see here. Customers are encouraged to have COMPLETED, or be well on their way toward completing the migration of all clients to version 12.1. Best practices for migrating can be found here.

End of Support Life: January 5, 2015 marks the official end of the product life cycle for versions 11.x and 12.0 of Symantec Endpoint Protection. As of this date, Symantec will cease providing any and all levels of standard or partial support, including content updates and virus definitions, for these versions of the products.

Symantec Product

Version

End of Limited Support

End of Support Life

Symantec Endpoint Protection

11.x

January 5, 2014

January 5, 2015

Symantec Endpoint Protection Small Business Edition

12.0

January 5, 2014

January 5, 2015

Symantec Endpoint Protection 12.1 includes in-product licensing, allowing you to use the License Activation Wizard on the Symantec Endpoint Protection Manager (link available on the Home Page or from the Admin page) to activate your license(s). You will only need serial numbers to complete the process.

The following serial number(s) may be used to activate your product:

Product

Qty

Activation Serial   Number

SYMC   ENDPOINT PROTECTION 12.1 PER USER I/O BASIC 12 MONTHS

5

M1810543270


Additional Resources

For more information regarding the services provided through Support, please refer to the Symantec Enterprise Technical Support Policy at the link below or contact your Symantec Account Manager.

http://www.symantec.com/content/en/us/enterprise/other_resources/b-symantec-enterprise-technical-support-policy.en-us.pdf

We also recommend that you periodically check our website for End-of-Life and End-of-Support-Life information for your specific Licensed Software:

http://www.symantec.com/content/en/us/enterprise/other_resources/b-end_of_life_policy_for_business_products.en-us.pdf


How to get more information

Symantec is committed to helping customers achieve success with their Symantec solutions. If you have any questions regarding this notice, please contact your Symantec Partner or your Symantec Corporation Account Manager.

LabTech Software, the only powerful, robust-featured remote monitoring and management (RMM) platform developed by a managed service provider (MSP) for managed service providers, is partnering with Webroot to make it easier for partners to deploy and manage endpoint security solutions for their customers. The integration is part of an ongoing effort to help partners access new sources of revenue using the LabTech platform.

"We continue to provide our partners with best-in-class solutions that further add value and automation to their LabTech platform," said Matt Nachtrab, LabTech Software CEO. "Partnering with Webroot allows us to further deliver on integrated solutions that can be managed through the single-pane-of-glass within LabTech. I'm excited to have Webroot as part of our security portfolio and look forward to helping our partners and MSP businesses succeed."

Unlike traditional antivirus solutions, the cloud-based Webroot SecureAnywhere portfolio includes the industry’s lightest and fastest endpoint security solutions, allowing LabTech partners to achieve exceptional threat protection and faster scans without bulky patches and signature updates. Webroot places the burden of malware protection in the cloud, freeing up operating systems and hardware resources – saving MSPs time and money, and increasing customer satisfaction.

"We're thrilled to be partnering with LabTech Software," said Charlie Tomeo, vice president of channel and technical sales at Webroot. "Their industry-leading services have fostered a loyal and rapidly-growing following within the MSP community. We recognize that traditional endpoint security has created many challenges for MSPs. With Webroot's cloud-based security solution, MSPs will be able to not only gain additional profits, but also significantly reduce the complexities and inefficiencies normally associated with managing a security solution."

Webroot’s cloud-based security solutions require no hardware, can be installed instantly and can be managed anywhere, anytime. This significantly reduces the amount of management required from MSP partners to deploy and manage endpoint security for all their customers. The solutions are lightweight and fast, with no impact on end-user productivity. Webroot takes an innovative and powerful approach to endpoint security that utilizes cloud-based big data, delivering maximum protection to MSPs. The security solutions feature instant rollback and remote remediation with no need to re-image machines, improving productivity, saving MSPs time and money and lowering total cost of ownership.

To learn more about the LabTech-Webroot integration, please visit www.labtechsoftware.com/webroot.

Trend Miicro CryptoLocker Ransomware Official communication was sent out a couple of weeks ago by Trend Micro warning its customers against Ransomware gaining momentum. The alarm was sounded that the vicious malware Cryptolocker which encrypts your files until you pay a  ransom is spreading its Ransomware wings and infecting dozens of computers lately. So how do you prevent falling victim to this malicious software?

The best form of defence against TROJ_CRILOCK is prevention. Keeping antivirus software up to date is crucial and as stated by Trend Micro It is “highly recommended to enable Behavioral Monitoring and Web Reputation in the environment to prevent the spread and protect those that are not yet infected, as well as attachment blocking to reduce the introduction of the malware within the environment” It has been proved that computers that are already infected by malware are more prone to infection by Cryptolocker. To read more about best practices in configuring OfficeScan and Worry-Free for this threat, please see here: http://esupport.trendmicro.com/solution/en-US/1099423.aspx

Aside from not getting infected in the first place, the next best thing to mitigate the effects of CryptoLocker ransomware is to create backups of important files. Backup drives that are physically connected to the infected computer or via the local network may get encrypted as well so isolated backups are recommended. Cloud Solutions such as Datafortress http://www.bluesolutions.co.uk/datafortress will ensure that you can retrieve your files if you happen to get infected.

Once your data has been encrypted with Cryptolocker, nothing can be done aside from you paying the ‘ransom’ to the attackers or reinstall your entire machine from scratch or a pre-infected backup. The reason for this is that CrytoLocker generates an extremely large 2048-bit RSA public and private key pair which is impossible to decrypt. It is uploaded to the server after attempting to connect to a command-and-control server. The public key is stored on the computer, the private key is stored on the command-and-control server. Ransom is demanded to recover the key and decrypt files with a threat to destroy the private key and lose your data forever if not paid in a specified time frame.

Prevention is better than cure! The choice between paying the cyber criminals (who knows what they will come up next once they have the money to ‘fund’ their ‘R&D’) or re-installing your computer should not be an ethical dilemma. If you have the right software in place you can prevent infection and should the worst happen a cloud backup solution will give you the ability to restore the computer and retrieve your data from an off-site server.

 

Screenshot of spam with malicious attachment
Screenshot of spam with malicious attachment
Once this attachment is executed, it downloads another file which is saved as cjkienn.exe (detected as TSPY_ZBOT.VNA). This malware then downloads the actual CryptoLocker malware (detected as TROJ_CRILOCK.NS).