Symantec updates Management console product

Symantec, the global giant in cyber-security, had recently updated its Console product so that it can patch a vulnerability which is believed to leave users susceptible to a directory traversal exploit.

The exploit can be leveraged when there is insufficient security validation of user-supplied input file names, such that characters representing " traverse to parent directory" are passed through to the file APIs, according to a Nov. 20 security update.

The goal of the attack would be to use an affected application to gain unauthorized access to the file system. The flaw affects Management console products prior to ITMS 8.1 RU4 and those affected are urged to update to the latest version as soon as possible.

Patches are available to customers through normal support channels and researchers are unaware of any exploits in the wild. In order to minimize the risk of vulnerability being exploited, researchers recommend users restrict access to administrative or management systems to authorized privileged users and Restrict remote access to trusted/authorized systems only.

Tag : Linux
FAQ
Q
How do I re-enroll an OS X device?
A
If you try to re-enroll an already enrolled OS X device, the enrollment in Symantec Endpoint Management Cloud fails. A device is allowed to use only one management profile and security application.

To re-enroll an OS X device, you must unenroll the device from the Symantec Endpoint Protection Cloud portal.

Users can unenroll their OS X devices by manually removing the management profile, uninstalling the security application, and then restarting the devices. Now, users can re-enroll these devices.
Q
How do I temporarily suspend background activities and suppress alerts from the Symantec Endpoint Protection Cloud security application?
A
Symantec Endpoint Protection Cloud provides a Silent Mode option on the right-click of the security application icon. You can find this icon on your taskbar or in the notification area. Turning on this option prevents any interruptions due to alerts, notifications, or background activities for a specified duration. The security application icon in the notification area changes from the yellow outer circle to gray to display the turn-on status of Silent Mode.
After completion of the specified period, the security application turns off Silent Mode. You can also manually turn off Silent Mode at any time. The activities that are suspended when Silent Mode is turned on the run after Silent Mode is turned off.
Q
Can I initiate a scan of my servers through the management console?
A
Yes. You can create a policy which has a scan scheduled for only servers.

See Configuring security policy settings.
Q
Is there a way to prevent Symantec Endpoint Protection Cloud from scanning our databases and home grown applications?
A
Yes. You can exclude individual files, file types, and folders from security scans to improve scan performance and prevent false positive detections. Scan exclusions apply to all devices in the group(s) that the security policy is applied to.
Q
We want to try out Symantec Endpoint Protection Cloud. How can we do that?
A
Anyone can start a free 60-days trial from the Symantec Endpoint Protection Cloud home page. You can use the Buy Now option on the Subscriptions page to convert your subscription from trial to paid.