Saving Money with IT Security Processes. Example 1/26: Reducing Virus Crises

Article number 1 in a series dedicated to giving examples of the way IT security can help your company save money.

IT services lose a lot of time and money in virus crises. You can save this time and money with a sound Antivirus process.
I'm not talking about software, I'm talking about process. The process is:

• To have a baseline antivirus, make sure it's configured optimally and installed on every workstation and laptop.
• To have a requirement in RFPs that machines your IT service will not maintain will have a running, up-to-date, antivirus, and to ensure service providers do follow this requirement.
• To analyse unusual network-capable hardware (like tablets, old servers, smartphones, CCTV, storage bays, etc.), inventory them and decide whether they deserve an antivirus or not.

Symantec Endpoint Protection v11, Switching a Client PC from Managed to Unmanaged

This procedure is intended only for version 11 of Symantec Endpoint Protection.

This procedure is for a client PC that was configured as "Managed" and, thus, takes its configuration from a server. You may want to make it an "Unmanaged", standalone client for specific reasons, eg testing specific configuration parameters or because the server is no longer available.

If the server is still available to you, you can use the method given by Symantec.

If, as was my case, you cannot access the server and you do not want to reinstall the whole software suite, you can proceed this way:

1. Open regedit and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\LiveUpdate.
2. Set the key named AllowManualLiveUpdate to value 1.
3. In the folder: C:\Program Files\Symantec\Symantec Endpoint Protection backup the four files SyLink.xml and SyLink.xml.bak, serdef.dat and serdef.dat.bak.
4. Kill the Smc.exe process and quickly delete SyLink.xml, SyLink.xml.bak, serdef.dat and serdef.dat.bak before the process respawns.
5. The respawning process will recreate an appropriate default config and let you update everything manually from the Symantec server on the Internet.

Common antivirus products disabled within minutes

It was the subject of a contest organized by the French IT (and other disciplines) engineering school ESIEA. Results are available as slideshows at this address.

Summarizing roughly, the most common antivirus products (McAfee, Norton = Symantec, Kaspersky...) can be disabled within minutes by a clever virus maker.