ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Verifying SEP coverage for threats and vulnerabilities

book

Article ID: 218648

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Need to determine whether Symantec Endpoint Protection (SEP) offers protection for a specific vulnerability or threat.  There are a number of resources available for checking existing coverage for known threats.

Environment

Release : SEP 14.x

Component :

Resolution

The following resources can be reviewed when researching SEP coverage for vulnerabilities and threats:

Detections for Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Bulletins:

Symantec Endpoint Response to Microsoft Monthly Security Bulletins

For emerging threats, the Protection Bulletin is a good place to start to review existing coverage:

Protection Bulletin

The Symantec Security Center is a hub article with numerous links to other Security resources such as the submission portal (for either false positives or negatives), signature listings and software documentation.

If looking for IPS coverage for a CVE, the attack signatures listing found in the Symantec Security Center is a good place to search.  In the Intrusion Detection Signatures section, click on 'Listing of Attack Signatures'.  In the search bar on the next page, do a search for the CVE (example: CVE-2021-26084).  Often there will be corresponding IPS signatures that have the CVE in the name of the signature as illustrated below:

Symantec Security Center

If you have a file hash and would like to check Symantec coverage for that hash, that can be checked on virustotal.  While an absence of Symantec coverage on virustotal isn't a definitive answer as it can take some time for that information to post, it's a good place to start.  It's also good to keep in mind that when making a hash submission, that it must be an already known hash.  If the hash comes up with results on virustotal, the hash is known.

VIRUSTOTAL

 Other Resources:

How Symantec Endpoint Protection technologies protect your computers

Ransomware mitigation and protection with Symantec Endpoint Protection and Symantec Endpoint Security

Best practices for Symantec Endpoint Protection

How to submit suspicious files via the online submission form that have been quarantined by Symantec Endpoint Protection

Does Symantec have coverage for a specific hash

Attachments