Introduction
This is number eleven in my Security Series of Connect articles. For more information on how to keep your enterprise environment secure using often-overlooked capabilities of Symantec Endpoint Protection (and the OS upon which it functions), see Mick's Greatest Hits: Index of Helpful Connect Security Articles.
Can Symantec email, text or call me every time there is a new definition set released, security vulnerability announced or other important notice? If you have a Business Critical Services (BCS) support contract, we can. This article illustrates how BCS customers can log in to the Customer Subscription Portal and configure their desired communications.
Background
Due to a change in the underlying systems, the instructions in the earlier article How to sign up for alerts and notifications on the BCS notification system are no longer valid. Please use the steps below to set up your desired notifications using the new system.
Customers without a BCS contract can manually check Symantec's public pages regarding certified definitons, security advisories (vulnerabilities) and so on.
Getting Started
If you have a current BCS contract and wish to register yourself or a customer please email Support_Solutions@Symantec.com and request a Unique ID and Company Name. Please include the first and last name of the person you are requesting credentials for, their email address, and the customers company name. Support Solutions will then create credentials and send an email with registration instructions.
(Note that I don't administer that system or have any input into it, so please no PMs asking me to sort out access issues.)
Once you receive credentials, access the Sendwordnow site athttps://customerportal.sendwordnow.com/HomePage.aspx
During Open Registration
During some periods there is one extra field required- an Authorization Code. This Authorization Code, the Unique ID and other necessary credentials are supplied to BCS contacts in an introductory email. You will need these to proceed!
The Sendwordnow site at https://customerportal.sendwordnow.com/HomePage.aspx looks like this during Open Registration: check it out! An extra field!
Enter in your Authorization Code (if necessary) and you will then be prompted for Unique ID and Company Name.
Then it's time to create an account for yourself: select a username and strong password (NOT admin123, rooted or justinbieberrules. Definitely NOT justinbieberrules. Not even airsupplyrocks. They just don't, and those passwords are susceptible to a dictionary attack. Pick something harder, like VaanHaalen!1984!! Much, much better.)
Configuration Time
Once an account has been created, a new set of screens is displayed. It's time to set up your alerts.
If you did enter a Bieber-related password and need to change it now, there's a convenient input field on the User Information tab:
That page is also the place to click if you no longer wish to receive notifications or alerts. Simply DEACTIVATE MY ACCOUNT.
On the Contact Information page, enter in your phone and email details. You can supply several different numbers and addresses. For phones, be sure to carefully select call and text, unless you wish the phone to be ringing in the middle of the night!
Provide your Company Name in the Additional Information tab:
And on My Subscriptions, choose what sorts of notifications and alerts you wish to receive. Here's an example of what material a Symantec Endpoint Protection (SEP) admin might find interesting:
That's it! Once you hit the Submit button onthe completed form, you're ready to rock and roll. Later, log back into the portal to view or make any changes.
Some Examples
Once everything is correctly configured, notices like the following will be sent out:
From: Customer Notifications [mailto:swnalert@sendwordnow.com]
Sent: 18 November 2015 08:28
To: Mick Halpin
Subject: Canceled Multiple Daily Virus Definitions 2 - 11/17/2015
Importance: HighDue to technical issues, the publication of Multiple Daily LiveUpdate virus definitions 2 for 11/17/2015 will be canceled. This affects Enterprise customers who are subscribed to Multiple Daily Definitions.
The next scheduled publication is the Anchor build on the 11/17/2015.
The sender provided the following contact information.
Sender's Name: Customer Notifications
That one notifies admins that it would be a good idea to download the latest Rapid Release .jdb and apply it to their SEPMs. With hundreds of thousands of new malware samples in the wild every day, it's recommended to keep definitions as current as possible.
Here's an alert that an update is coming out for one of SEP's engines- test it using EAS if you wish to make sure there will be no conflict with any of your organization's software:
From: Customer Notifications [mailto:swnalert@sendwordnow.com]
Sent: 17 November 2015 19:36
To: M_________@_____________.__
Subject: Symantec SONAR (data-only) Update
Importance: HighSymantec will post an update to SONAR on November 24th, 2015. This is a data-only release as it will contain the current SONAR driver version 9.3.0.69. The preview file will post on November 17th, 2015 and will only be available via EAS (Early Adopter System).
For information about EAS, please review the User’s Guide http://symc.ly/EASThank you,
Endpoint Protection Engine UpdateThe sender provided the following contact information.
Sender's Name: Customer Notifications
Or an example alerting BCS admins of the (larger) monthly Hub defs, so they can know the reason for extra bandwidth consumption:
From: Customer Notifications [mailto:swnalert@sendwordnow.com]
Sent: 17 November 2015 03:43
To: M_________@_____________.__
Subject: LiveUpdate Monthly Hub Virus Definitions to be Posted
Importance: HighSymantec Security Response will post certified monthly hub definitions within 30 minutes for Monday, November 16 2015. The monthly hub definitions may cause a one-time size increase.
Customers using LiveUpdate Administrator for whom network bandwidth is a concern may consider delaying downloads until a time that will not impact production.
**************************
Symantec Security Response
http://securityresponse.symantec.com/The sender provided the following contact information.
Sender's Name: Customer Notifications
You can also get these notifications via text message:
As noted above, alerts are also available via an automated telephone call, but be warned: that will ring at any hour of the day!
Conclusion
With this information in hand, BCS admins can keep track of the latest definitions, engine updates, product vulnerability announcements and so on. Awareness of the latest news can help them best manage their organization's security.
Many thanks for reading! Please do leave comments and feedback below, but not about what music does or does not rock.