Verifying SEP coverage for threats and vulnerabilities
search cancel

Verifying SEP coverage for threats and vulnerabilities

book

Article ID: 218648

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Need to determine whether Symantec Endpoint Protection (SEP) or Symantec Endpoint Security (SES) offers protection for a specific vulnerability or threat.  There are a number of resources available for checking existing coverage for known threats.

Environment

Release : SEP 14.x

 

Resolution

Refer to these resources when investigating SEP coverage for vulnerabilities and threats:

  • Detections for Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Bulletins: Symantec Endpoint Response to Microsoft Monthly Security Bulletin. Symantec Endpoint Response to Microsoft Monthly Security Bulletins

  • Stay informed on emerging risks by checking the Protection Bulletins for updated coverage details: Protection Bulletins

  • The Symantec Security Center contains numerous links to other Security resources such as the submission portal, (for either false positives or negatives), signature listings and software documentation. Symantec Security Center

  • If you are looking for IPS coverage related to a CVE, the attack signatures listing found in the Symantec Security Center is a good place to search.  Refer to the Intrusion Detection Signatures section, click on 'Listing of Attack Signatures'.  In the search bar on the next page, do a search for the CVE (example: CVE-2021-26084).  Often there will be corresponding IPS signatures that have the CVE in the name of the signature as illustrated below:

  • Check Virus Total to see if Symantec currently detects a specific file hash. Keep in mind that a 'clean' result isn't a guarantee of safety, as signature updates may take time to populate. Additionally, Virus Total only tracks known hashes; if your search yields no results, the file may not have been analyzed by the platform yet.

  • For verification of an IP address that is suspected to be malicious, enter the IP address at Symantec Site Review to verify if it has been categorized as malicious.

  • Customers should always ensure all vendor-provided security updates are implemented to address product vulnerabilities.

     

Other Resources:
How Symantec Endpoint Protection technologies protect your computers
Ransomware mitigation and protection with Symantec Endpoint Protection and Symantec Endpoint Security
Best practices for Symantec Endpoint Protection
How to submit suspicious files via the online submission form that have been quarantined by Symantec Endpoint Protection
Does Symantec have coverage for a specific hash

Powered by Wolken Software