- Apr 30, 2020
- 337
Are u sure about max block any unrecognized file by microsoft? Is first time i hear that. Maybe @Andy Ful can confirm this.
Symantec Endpoint Unmanaged without time limit
- Thread starter Vitali Ortzi
- Start date
Disclaimer: We cannot guarantee that all promo codes will remain active. Some offers have a short validation period and expire.
- Dec 12, 2016
- 1,368
Using the Maximum Protection Level
The Max Protection Level blocks anything suspicious via Attack Surface Reduction, Controlled Folder Access, SmartScreen (set to block) and cloud level (set to block) - Defender Security Center is hidden.
- Apr 30, 2020
- 337
K but for what understand are 2 different things, block 100% any file unrecognized means be 100% protected (only way is if windows whitelist malware, like comodo did xD), other thing is block different things with ASR, etc, etc (not sure if give 100% protection).
If is how u tell there is no match vs others av vendors LOL
- Dec 12, 2016
- 1,368
Never said it gives 100% protection .
But so far no malware in the wild to my knowledge was able to bypass the max settings.
About unrecognized files I was a little misleading it's actually every unknown executable by max cloud level blocking.
- Apr 30, 2020
- 337
Yes that was my deduction.
I didnt thought the score was so high, maybe some1 more can confirm if only few/no malware was able to bypass windows defender max settings.
Work only with unknown executables? Or more type of file too?
- Dec 23, 2014
- 8,513
Chri.Mi and Vitali Ortzi,
There were malware samples that could bypass ConfigureDefender MAX Protection Level via scripts, especially .jar (Java) and Python (.py). They were usually mitigated after executing the EXE payloads. Anyway, scripts can rarely bypass the MAX settings.
There were malware samples that could bypass ConfigureDefender MAX Protection Level via scripts, especially .jar (Java) and Python (.py). They were usually mitigated after executing the EXE payloads. Anyway, scripts can rarely bypass the MAX settings.
- Dec 12, 2016
- 1,368
What about a malicious dll /dll hijack?
- Dec 23, 2014
- 8,513
WD like most AVs, checks DLLs (for example when you open the folder) similarly to EXE files.
Anyway, there are differences between running EXEs and DLLs that can be probably used in another way to bypass advanced AV features.
Edit.
It is probable that DLL Search Order Hijacking can be used to bypass the WD Sandbox in the cloud (part of BAFS in Windows E5) and similar sandboxes of other AVs.
Last edited:
I uninstalled this on my second computer too. Proactive detection settings are resetting back to normal by itself. I had no problems like this even with buggy comodo. I'm now using Win Defender at tweaked settings but thinking to install Avast Free.
- Dec 12, 2016
- 1,368
Unfortunately, you didn't run the self-diagnosis tool.
But yes windows defender is pretty strong.
About Avast it's not as good as Symantec but since you had issues it's totally understandable to get rid of it I would have done the same .
anyone else who encounters an issue please run the Symantec diagnosis tool before giving up on SEP and of course send results.
Yeah I was gonna use that diagnosis tool but give up after. I want to try different programs after all.
- Dec 12, 2016
- 1,368
- Oct 1, 2016
- 310
I don't see any "SEP tools" on Comss. ru to download and use Deception. dat.
- Dec 12, 2016
- 1,368
Last edited by a moderator:
- Sep 8, 2019
- 461
I was interested in the endpoint manager as I am using SEP currently, I went to install it but because im using the home version if windows I cant access gpedit, meaning I cant fix this error saying it cant read required user rights , I can get past it and install it, but after that I get another error saying that it failed to intialize the databases, I was wondering if there was an way to fix this without gpedit?
Attachments
- Dec 12, 2016
- 1,368
First, since Symantec endpoint protection manager is a management server of SEP.
You are supposed to use a dedicated PC to run as a server for SPEM to work properly.
About using Windows Home as a management server of SEP(SPEM).
I'm not entirely sure it will even work on your Microsoft Windows Home device , since it was built primary for windows server in mind.
Even though I have encountered no issues running SPEM on a Windows LTSC machine as well .
And please run this tool if you experience any issues.
http://ced.broadcom.com/symhelp/2/dl
Oh, since you don't have the required SLF file I will send you the SLF file in a PM wait a moment.
And in case you want to uninstall please download cleanwipe from cmoss.ru to remove SPEM/SEP from your current machine.
Last edited:
- Aug 22, 2013
- 886
If you are installing sep manager in VM, try VMware with 3 cores and 3 gb ram to virtual pc. ( 2 cores and 2 gb ram seems to be too slow for my liking)..with 3 cores and 3 gb ram it's super smooth.
- Aug 21, 2018
- 505
I'm using Symantec Endpoint Protection Firewall and IDS modules only and now my Webroot SecureAnywhere flags one of Symantec .dll files (GEDatastore.dll) as a Trojan.Gen.2. Sigh. Submitted it as a FP.
UPDATE: It's now whitelisted
Hi,
I've added in/out block rule for mshta.exe. Is there any other "lolbins" network rules that is recommended to block?
Regards,
-sepik
UPDATE: It's now whitelisted
Hi,
I've added in/out block rule for mshta.exe. Is there any other "lolbins" network rules that is recommended to block?
Regards,
-sepik
Last edited:
- Dec 12, 2016
- 1,368
Where you able to modify the rules via unmanged client?
Anyway use all the firewall related rules that are presented in H_C firewall hardening .
Thanks I will recommend this Configuration on over 4 threaded computers.
And Wich windows version and license type you have been running on the SPEM VM ?
Last edited:
- Aug 22, 2013
- 886
Similar threads
