Disabling? For SCEP, enabling both the Behavior Monitoring and the Network Inspection System is the recommendation.
From: [email protected] [mailto:[email protected]] On Behalf Of Brian McDonald Sent: Thursday, September 25, 2014 15:24 PM To: [email protected] Subject: Re: [mssms] OT: Home Depot credit card hack Will disabling the behavior monitoring take care of this? Brian Sent from my iPhone On Sep 25, 2014, at 9:04 AM, Nash Pherson <[email protected]<mailto:[email protected]>> wrote: Yeah, the article talking about Symantec seems really odd. I think someone is pointing to one line of a very large security recommendation document. Without the full context, it seems like a typical FUD article with a sexy headline. Regarding Brian’s original question, the article is saying the SEP Network Threat Protection feature was not enabled. It looks like the organization wasn’t using SEP’s Firewall, which means you can’t use SEP’s NTP either. For SCEP, see the Network Inspection System as a similar feature. I’ve found SCEP’s NIS to be very effective while also not giving the cumbersome number of false positives seen in SEP. This article talks about how they extended behavior and network monitoring with better real-time network inspection for zero-day exploits: http://blogs.technet.com/b/configmgrteam/archive/2013/06/24/enhancements-to-behavior-monitoring-and-network-inspection-system-in-the-microsoft-anti-malware-platform.aspx I hope that helps, Nash From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Tim Evans Sent: Thursday, September 25, 2014 8:39 AM To: [email protected]<mailto:[email protected]> Subject: RE: [mssms] OT: Home Depot credit card hack According to this: http://www.dailytech.com/Appalling+Negligence+DecadeOld+Windows+XPe+Holes+Led+to+Home+Depot+Hack/article36517.htm the solution was simply to upgrade to a more modern OS. …Tim From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Brian McDonald Sent: Thursday, September 25, 2014 5:55 AM To: [email protected]<mailto:[email protected]> Subject: Re: [mssms] OT: Home Depot credit card hack Anyone have any experience with this? Thanks! Brian Sent from my iPhone On Sep 24, 2014, at 5:44 PM, Brian McDonald <[email protected]<mailto:[email protected]>> wrote: To all who has seen this. Jus curious, could you summarize the protection or steps you have taken to prevent such breaches and avoid the Target and Home Depot examples? The article states Symantec Endpoint was being used. Anyone know if the similar feature is available in SCEP? - Brian http://www.businessweek.com/articles/2014-09-18/home-depot-hacked-wide-open Sent from my iPhone
