Allen Chung | 賽門鐵克

【如何使用 Symantec Endpoint Recovery Tool (SERT)】來清除病毒

官方參考網址

How To Use the Symantec Endpoint Recovery Tool with the Latest Virus Definitions

http://www.symantec.com/business/support/index?page=content&id=TECH131732

1.麻煩您至以下位置，下載

(1) Symantec_Endpoint_Recovery_Tool_1.0.15_AllWin_EN.iso

【Weblink download】

http://www.chiachia.org:8080/%E5%AE%A2%E6%88%B6%E8%87%A8%E6%99%82%E5%8D%80/Symantec%20Endpoint%20Recovery%20Tool/

【原廠下載】

https://symantec.flexnetoperations.com/control/symc_zhtw/registeranonymouslicensetoken?

https://fileconnect.symantec.com/licenselogin.jsp?localeStr=zh_TW

請輸入產品序號 (產品序號 Serial Number 可以在合約中找到)

勾選【Symantec_Endpoint_Recovery_Tool_1.0.15_AllWin_EN.iso】並按下【開始下載】

(2) vd32c440.zip (今日為 2010/11/03，您在以下原廠網站可下載到當日最新版本)

【原廠下載】

http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=rr

2.請將 Symantec_Endpoint_Recovery_Tool_1.0.15_AllWin_EN.iso 燒錄成可開機光碟

請將 vd32c440.zip 解壓縮到 vd32c440 資料夾，並將 vd32c440 資料夾 copy 至隨身碟根目錄

3.(1) 將隨身碟插到有問題的電腦

(2) 將 Symantec_Endpoint_Recovery_Tool_1.0.15_AllWin_EN 可開機光碟置入有問題的電腦

(3) 調整 BIOS → 選擇光碟開機

(4) 在以下畫面選擇【Continue loading Endpoint Recovery Tool】

(5) 選擇您使用的語言並按下【OK】

(6) 選擇【I Agree】同意授權合約

(7) 選擇【Browser for Virus Definitions】，並指定存在於隨身碟的定義檔位置來更新定義檔

稍後您會看到右下方定義檔已更新為最新日期

(8) 選擇【Start Scan】來掃描您的電腦

(9) 稍後您可以看到掃描結果，並可進行後續處理 (Action)

PGP 用戶忘記密碼使用 WDRT 登入後無法修改密碼

PGP 用戶忘記密碼使用WDRT登入後，嘗試在 PGP 用戶端管理介面點選該使用者帳號，並按下【change passphrase】來修改已忘記的密碼

但在畫面跳出【Enter passphrase to unlock disk 】後，怎樣輸入先前記憶中的任一密碼，均顯示密碼錯誤【Passphrase did not match.please try again】，請問這裡的 passphrase 指的是那一組密碼

Ans:

經測試，這裡的 passphrase 指的是 BootGuard 的任一個帳號 ( 也就是下圖畫面左下方任一帳號 ) 的密碼即可通過驗證。

(這是 PGP 用戶端比較特別的地方)

【備份、還原、移機】Restore Symantec Encryption Management Server (PGP Universal Server) from a Backup

如果您使用 Symantec Encryption Management Server (PGP Universal Server) 並且有備份 Organization Key 和 System Backup

那麼，您可以安心地將 Symantec Encryption Management Server (PGP Universal Server) migrate 到另一台機器

透過以上的方式您可以對 Symantec Encryption Management Server (PGP Universal Server) 進行移機(並升級)，或是在他台機器上進行災難復原

【移機(並升級) 是在他台機器上進行災難復原】的步驟如下：

1.在原機器上匯出 Organization Key 和 System Backup

2.在新機器上安裝新版 Symantec Encryption Management Server (PGP Universal Server)

重啟後，登入Web UI，在 Setup Type 畫面不要選擇預設的【New Install】，請選擇【Restore】

然後在出現的【Import Organization Key】與【Upload Current Backup File】畫面，匯入Organization Key 和 System Backup

3.記得，還原的程序會花費一些時間，這段時間畫面不會改變，Web UI 也會失去連線

請等到 Symantec Encryption Management Server (PGP Universal Server) 機器的畫面出現【Initial…………..Reloading……】，並且Web UI (使用先前機器的 IP) 可連線，還原程序才正式完成

4.還原後，相關網路設定、Group、Consumer Policy、Key 所有的東西都會還原回去

詳細畫面如下

1.在原機器上匯出 Organization Key 和 System Backup

[ 匯出 Organization Key ]

[ 取得 System Backup ]

2.在新機器上安裝新版 Symantec Encryption Management Server (PGP Universal Server)

安裝步驟請參考以下網頁

http://www.wellife.com.tw/symantec/?p=233

重啟後，登入Web UI，在 Setup Type 畫面不要選擇預設的【New Install】，請選擇【Restore】

然後在出現的【Import Organization Key】與【Upload Current Backup File】畫面，匯入Organization Key 和 System Backup

3.記得，還原的程序會花費一些時間，這段時間畫面不會改變，Web UI 也會失去連線

4.還原後，相關網路設定、Group、Consumer Policy、Key 所有的東西都會還原回去

官網參考連結

Enterprise Support – Symantec Corp. – HOW TO Restore Symantec Encryption Management Server from a Backup

http://www.symantec.com/business/support/index?page=content&id=HOWTO42032

Enterprise Support – Symantec Corp. – Upgrade to Symantec Encryption Management Server 3.3.1

http://www.symantec.com/business/support/index?page=content&id=HOWTO93842

Enterprise Support – Symantec Corp. – HOW TO Backup the Organization Key on Encryption Management Server

http://www.symantec.com/business/support/index?page=content&id=HOWTO42046

Enterprise Support – Symantec Corp. – HOW TO Create Symantec Encryption Management Server Backups

http://www.symantec.com/business/support/index?page=content&id=HOWTO42105

【SymHelp.exe】Symanetc SEP 12 用戶端 log 收集步驟

Symanetc SEP 12 用戶端 log 收集步驟

如果電腦上已安裝有 SEP 12.x ，可以開啟 SEP 用戶端管理介面

然後點選【說明】→【下載支援項目】來下載【SymHelp.exe】

或是直接連結以下網址來下載【SymHelp.exe】

http://www.symantec.com/business/support/index?page=content&id=TECH170752

如果電腦尚未安裝 Microsoft .NET framework，會出現以下的畫面請您先行下載安裝Microsoft .NET framework

您可以在以下網頁選擇下載適合您作業系統的 .NET framework 版本

http://search.microsoft.com/zh-tw/DownloadResults.aspx?q=.NET+Framework

如果您是 Windows 7 的電腦也可透過【控制台】→【所有控制台項目】→【程式和功能】→【開啟或關閉 Windows功能】→勾選【Microsoft .NET framework 3.5.1】

來安裝【Microsoft .NET framework 3.5.1】

將下圖中 FTP 位置複製寄給我

請將 .SdDb 檔寄給我

PGP[ Unable to download policy at this time ]

【Got the error : [ Unable to download policy at this time ] when you manual update the PGP policy】

1. Please try re enrolling the user, here is article for same;

HOW TO: Re-enroll Symantec Encryption Desktop for Windows Clients

Article URL http://www.symantec.com/docs/HOWTO42029

Some of the reasons for re-enrolling a client:

•Enrollment fails

•Enrollment succeeds but there are Symantec Encryption Desktop errors

•Symantec Encryption Desktop settings during enrollment are incorrect

•Symantec Drive Encryption (formerly known as PGP Whole Disk Encryption) did not start because of policy or attribute misconfiguration

•If you are having a problem enrolling a client or if PGP Desktop is not acting as expected

To re-enroll a Symantec Encryption Desktop client:

1.Click the Symantec Encryption Desktop Tray icon in your system tray and select Exit PGP Services.

2.Navigate to %APPDATA%\PGP Corporation\PGP\ and delete the PGPPrefs.xml and PGPPolicy.xml files.

This deletes the preferences file and allows you to start with new settings.

3.Restart the services by clicking Start > All Programs > Startup > PGPtray

The Symantec Enrollment Assistant will start up and begin the re-enrollment process.

2. 確認 HKEY_LOCAL_MACHINE\SOFTWARE\PGP Corporation\PGP\PGPSTAMP 數值資料是否正確

【PGP whole disk encryption (未受管理用戶端) 加密操作與重開機後畫面】

PGP Whole Disk Encryption受管理用戶端忘記Bootguard密碼時的處理與設定

PGP Whole Disk Encryption受管理用戶端忘記Bootguard密碼時的處理

Enable Whole Disk Recovery Tokens

忘記密碼時，允許使用者向管理者取得並輸入 WDRT 密碼來通過 BootGuard 驗證

(註：使用者於 BootGuard 驗證頁面按下鍵盤【F4】，可選擇【Use WDRT to log into the system】)

lAllow configuration of WDE Local Self Recovery for Windows clients

允許使用者預先自行建立5個問題與答案，倘若忘記密碼時，正確答覆此5問題即可通過 BootGuard 驗證

(註：使用者於 BootGuard 驗證頁面按下鍵盤【F4】，可選擇【Answer my questions to log into the system】)

Encrypt WDE disks to a Disk Administrator Passphrase

建立管理人員密碼，使用者忘記密碼時，由管理者以該密碼登入來通過 BootGuard 驗證

(註：使用者於 BootGuard 驗證頁面按下鍵盤【F5】【Display the Administrator login screen】)

首先必需進行以下設定

登入 PGP Universal Server

【Consumers】→【Consumers Policy】→ 找到先前定義好要套用 Whole Disk Encryption 相對應的 Policy (例如：下圖中的 [WDE Only])

點擊 [WDE Only]

按下【Desktop…】

請依需求勾選相關項目

l Enable Whole Disk Recovery Tokens

忘記密碼時，允許使用者向管理者取得並輸入 WDRT 密碼來通過 BootGuard 驗證

(註：使用者於 BootGuard 驗證頁面按下鍵盤【F4】，可選擇【Use WDRT to log into the system】) )

l Allow configuration of WDE Local Self Recovery for Windows clients

允許使用者預先自行建立5個問題與答案，倘若忘記密碼時，正確答覆此5問題即可通過 BootGuard 驗證

(註：使用者於 BootGuard 驗證頁面按下鍵盤【F4】，可選擇【Answer my questions to log into the system】)

l Encrypt WDE disks to a Disk Administrator Passphrase

建立管理人員密碼，使用者忘記密碼時，由管理者以該密碼登入來通過 BootGuard 驗證

(註：使用者於 BootGuard 驗證頁面按下鍵盤【F5】【Display the Administrator login screen】)

使用者可預先於此自行建立5個問題與答案

使用者於 BootGuard 驗證頁面按下鍵盤【F4】

按下鍵盤【F4】，可選擇

【Use WDRT to log into the system】

與

【Answer my questions to log into the system】

選擇【Use WDRT to log into the system】後，請電洽PGP 管理人員取得 WDRT 密碼並予輸入

WDRT 請於相對應的 Device 取得

【Consumers】→【Devices】→【Disk Encryption】→【WDRT】

選擇【Answer my questions to log into the system】，請依序回答5個問題

使用者於 BootGuard 驗證頁面按下鍵盤【F1】Help

可以發現於 BootGuard 驗證頁面按下鍵盤【F5】，方可顯示【Display the Administrator login screen】

按下鍵盤【F5】，可顯示【Display the Administrator login screen】

PGP PDF Messenger 相關設定

PDF Messenger (收件者自行設定 PDF Messenger 密碼 )

以收件人為識別加密與否條件

首次收信並不直接收到信件，信件內容要求點選連結，自行設定 PDF Messenger 密碼

於此頁面自行設定 PDF Messenger 密碼

隨即收到此兩封信件

PGP Universal Passphrase Change

PGP Universal PDF Messenger Message (此信件包含 PDF 附件)

PDF 附件密碼，可於以下連結更改

開啟 PDF 附件是使用先前自己定義的密碼

3. PDF Messenger ( 信件中隨附 PDF Messenger 隨機密碼 )

請勾選【Require Certified Delivery】

之後信件會隨附【Read Me First.html】附件

開啟【Read Me First.html】附件，可取得 PDF 密碼

Symantec pcAnywhere 12.5 SP5 build 1206 release information

http://www.symantec.com/business/support/index?page=content&id=TECH198989&actp=search&viewlocale=en_US&searchid=1383297176511

Problem

Symantec pcAnywhere 12.5.5 build 1206 is the latest available build. This update is only to be applied to a machine with pcAnywhere 12.5 sp4 (Build 1086) already installed.

Cause

Issue 1: The pcAnywhere application stops responding when you select a host to launch with Windows or make any changes in the running host that require the host computer to be restarted.
While connecting to the host computer, the pcAnywhere application displays the following message:

“An error occurred while starting of pcAnywhere. Please try to restart pcAnywhere…"
or
“pcAnywhere Main Module has encountered a problem and needs to close. We are sorry for the inconvenience."
http://www.symantec.com/docs/TECH190695

Issue 2: You cannot connect to the host computer using the pcAquickconnect application that is installed on the client computer.
While connecting to the host computer, the pcAquickconnect application displays the following message:
“pcAQuickConnect.chf file is not a valid pcAnywhere file."
http://www.symantec.com/docs/TECH189097

Issue 3: Connection made by the client computer to the host computer cannot be established within the stipulated timeout period of 15 seconds using the pcAnywhere application.
While connecting to the host computer, the pcAnywhere application displays the following message:
“The selected computer is not responding. Connection cannot be made."
http://www.symantec.com/docs/TECH188183

Issue 4: While upgrading to the pcAnywhere application 12.5 SP4 (version 12.5.5 build 1086), the caller files are not upgraded because of which the pcAnywhere Host Service fails to run.
After upgrading to pcAnywhere version 12.5 SP4 (version 12.5.5 build 1086), the Symantec pcAnywhere Host Service fails to run, or a host item (*.BHF) will not launch. Also, any attempts to open the host properties and view the caller items (*.CIF) within the host properties will result in a file read error.
http://www.symantec.com/docs/TECH191515

Issue 5: The host IP address is not updated after the host is restarted or when the connection to the host computer is made.
http://www.symantec.com/docs/TECH198533

Issue 6: Black or gray screen appears on new installation of pcAnywhere application or during authentication while connecting a remote system to a host computer after the new installation.
For more information, see the following article:
http://www.symantec.com/docs/TECH197172

Issue 7: The host computer that is configured for conferencing with no encryption requests for a “symmetric" encryption level when connected.
While connecting to the host computer with no encryption, the pcAnywhere application displays the following message:
“The encryption level for this connection has been raised. Host has requested the encryption level: Symmetric"

Issue 8: The host computer that is configured for conferencing displays a warning that it will be configured for no encryption and will stay at AES 256 when that host is launched and connected to.
On enabling the conferencing feature of a host computer that is set at the default configuration AES 256, the following error message is displayed after which the host computer will be restarted:
“Disabling encryption. Encryption is not supported for conferencing hosts."
http://www.symantec.com/docs/TECH197098

Issue 9: Old version of awechomod.sys file is provided in pcAnywhere version 12.5 SP4.
http://www.symantec.com/docs/TECH111055

Solution

The update installer .exe is attached below if needed to install manually or this update can also be applied by running Live Update from the Software. The readme file is attached below.

How to run live update from with in pcAnywhere

1. Open the full pcAnywhere program.
2. Navigate to the Help menu then About Symantec pcAnywhere
3. Confirm what the current version and build number, Click OK
4. Navigate to the Help menu then LiveUpdate…
5. From with in the Live update window click Start
6. Click OK when done

Once live update is complete you may be prompted to reboot. If prompted please reboot as soon as possible after the reboot is completed perform the above steps again until there are no updates available

Symantec pcAnywhere 12.5 SP4 Release Notes & 系統需求

https://support.norton.com/sp/en/us/home/current/solutions/v78694032_EndUserProfile_en_us

Symantec pcAnywhere 12.5 SP4: Release Notes

What’s new?

- Uses an updated encryption method to secure the host and remote communications and data
- Added support for Windows Server 2008 R2 and Mac OS 10.7.x

System requirements

To successfully install each of the component of Symantec pcAnywhere, your system must meet the following minimum requirements:
- Supported operating systems for Symantec pcAnywhere full version:
  - Windows 7 (Home/Professional/Ultimate)
  - Windows Vista (Home/Enterprise/ Ultimate)
  - Windows XP (Home and Professional/Windows XP Tablet and Media Center Edition/Embedded and WEPOS)
  - Windows 2000 (Professional/Server/Advanced Server)
  - Windows Server 2003 (Standard/Enterprise)
  - Windows Server 2008
  - Windows Server 2008 R2
- Supported operating systems for Symantec pcAnywhere thin host:
  - Windows 7 (Home/Professional/Ultimate)
  - Windows Vista (Home/Enterprise/ Ultimate)
  - Windows XP (Home and Professional/Windows XP Tablet and Media Center Edition/Embedded and WEPOS)
  - Windows 2000 (Professional/Server/Advanced Server)
  - Windows Server 2003 (Standard/Enterprise)
  - Windows Server 2008
  - Windows Server 2008 R2
  - Red Hat Enterprise Linux 4.0
  - SUSE Linux Enterprise 10.0
  - Mac OS X 10.5.x
  - Mac OS X 10.6.x
  - Mac OS X 10.7.x
- Supported operating systems for Symantec Packager:
  - Windows Vista (Home/Enterprise/Ultimate)
  - Windows XP (Professional)
  - Windows 2000 (Professional/Server/Advanced Server)
  - Windows Server 2003 (Standard/Enterprise)
- Hardware requirements:
  - Must meet the minimum hardware requirements as specified by Microsoft (for Windows) or Apple (for Mac) for the operating system that is installed

Upgrading to Symantec pcAnywhere 12.5 SP4

Symantec pcAnywhere 12.5 SP4 contains updated security and communication enhancements. The new version is not backward-compatible and does not connect to earlier versions of pcAnywhere due to the changed security model. Symantec recommends installing the latest updated, secured 12.5 SP4 version of the product. For more information about downloading and installing Symantec pcAnywhere 12.5 SP4, read: How to obtain Symantec pcAnywhere 12.5 SP4.
Symantec will not provide fixes for existing versions of pcAnywhere because of known security risks. If you have pcAnywhere 11.x or earlier versions of pcAnywhere, then you must uninstall the existing version of pcAnywhere before you install pcAnywhere 12.5 SP4.

Features removed in pcAnywhere 12.5 SP4

The following features are no longer available in pcAnywhere 12.5 SP4:
- Access Server
- Symantec pcAnywhere Web Remote
- Symantec pcAnywhere Mobile Host
- Symantec pcAnywhere CrossPlatform for Remote and Host
- Symantec pcAnywhere Gateway
- Host Assessment Tool
- Host Administrator tool
- Package Deployment Tool
- Web Deployment Tool
- NetBIOS and SPX connection type support
- Support for all authentication types except pcAnywhere, NT, and AD for Windows/pcAnywhere and Apple Open Directory for Mac/pcAnywhere and Linux PAM for Linux
- Option for making passwords case sensitive on the Security Options tab of Host Properties dialog box
- Option to deploy thin host if host is not present on pcAnywhere Quick Connect dialog box
- Encryption tab on pcAnywhere options dialog box