Customer Guidance for WannaCrypt attacks

 

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

Microsoft solution available to protect additional products

Today many of our customers around the world and the critical systems they depend on were victims of malicious “WannaCrypt” software. Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful. Microsoft worked throughout the day to ensure we understood the attack and were taking all possible actions to protect our customers. This blog spells out the steps every individual and business should take to stay protected. Additionally, we are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003. Customers running Windows 10 were not targeted by the attack today.

Details are below.

  • In March, we released a security update which addresses the vulnerability that these attacks are exploiting. Those who have Windows Update enabled are protected against attacks on this vulnerability. For those organizations who have not yet applied the security update, we suggest you immediately deploy Microsoft Security Bulletin MS17-010.
  • For customers using Windows Defender, we released an update earlier today which detects this threat as Ransom:Win32/WannaCrypt. As an additional “defense-in-depth” measure, keep up-to-date anti-malware software installed on your machines. Customers running anti-malware software from any number of security companies can confirm with their provider, that they are protected.
  • This attack type may evolve over time, so any additional defense-in-depth strategies will provide additional protections. (For example, to further protect against SMBv1 attacks, customers should consider blocking legacy protocols on their networks).

We also know that some of our customers are running versions of Windows that no longer receive mainstream support. That means those customers will not have received the above mentioned Security Update released in March. Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download (see links below).

Customers who are running supported versions of the operating system (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, Windows 10, Windows Server 2012 R2, Windows Server 2016) will have received the security update MS17-010 in March. If customers have automatic updates enabled or have installed the update, they are protected. For other customers, we encourage them to install the update as soon as possible.

This decision was made based on an assessment of this situation, with the principle of protecting our customer ecosystem overall, firmly in mind.

Some of the observed attacks use common phishing tactics including malicious attachments. Customers should use vigilance when opening documents from untrusted or unknown sources. For Office 365 customers we are continually monitoring and updating to protect against these kinds of threats including Ransom:Win32/WannaCrypt. More information on the malware itself is available from the Microsoft Malware Protection Center on the Windows Security blog. For those new to the Microsoft Malware Protection Center, this is a technical discussion focused on providing the IT Security Professional with information to help further protect systems.

We are working with customers to provide additional assistance as this situation evolves, and will update this blog with details as appropriate.

Update 5/22/2017: Today, we released an update to the Microsoft Malicious Software Removal Tool (MSRT) to detect and remove WannaCrypt malware. For customers that run Windows Update, the tool will detect and remove WannaCrypt and other prevalent malware infections. Customers can also manually download and run the tool by following the guidance here. The MSRT tool runs on all supported Windows machines where automatic updates are enabled, including those that aren’t running other Microsoft security products.

Phillip Misner, Principal Security Group Manager  Microsoft Security Response Center

Further resources:

General information on ransomware

Protecting your PC from ransomware

MS17-010 security update

How to verify that MS17-010 is installed

Download English language security updates: Windows Server 2003 SP2 x64Windows Server 2003 SP2 x86, Windows XP SP2 x64Windows XP SP3 x86Windows XP Embedded SP3 x86Windows 8 x86, Windows 8 x64

Download localized language security updates: Windows Server 2003 SP2 x64Windows Server 2003 SP2 x86Windows XP SP2 x64Windows XP SP3 x86Windows XP Embedded SP3 x86Windows 8 x86Windows 8 x64

How to enable and disable SMB in Windows and Windows Server & GPO deployment

Guidance for Azure customers

Applying MS17-010 using Microsoft Intune

ConfigMgr SQL queries for reporting on KBs related to MS17-010

Guidance for Operations Management Suite customers

LiveUpdate 更新受阻的解决方案

一、选取可用 IP 地址。
使用 PING 测试下列三组 IP,各选出一个可连通且延迟最低的 IP.

  1. liveupdate.symantec.com
  2. 152.195.12.135
  3. 152.195.132.120
  4. 152.195.38.43

复制代码

  1. liveupdate.symantecliveupdate.com
  2. 152.195.12.171
  3. 152.195.132.156
  4. 152.195.38.63

复制代码

  1. update.symantec.com
  2. 165.254.106.202
  3. 165.254.106.196
  4. 165.254.106.226
  5. 165.254.106.208
  6. 69.192.2.38
  7. 124.40.41.156
  8. 69.192.2.35
  9. 69.192.2.34
  10. 69.192.2.37
  11. 69.192.2.36
  12. 124.40.41.235
  13. 124.40.41.146
  14. 124.40.41.236
  15. 69.192.2.39
  16. 69.192.2.39
  17. 69.192.2.35
  18. 104.94.101.45
  19. 104.94.101.44
  20. 104.94.101.48
  21. 104.94.101.49
  22. 104.94.101.46

复制代码

二、添加至 HOSTS 文件。
将上一步选取的三个 IP 地址添加至 HOSTS 文件。方法不再赘述。
提供一个模板如下:

  1. # Symantec LiveUpdate IP Address
  2. 152.195.132.120 liveupdate.symantec.com
  3. 152.195.12.171  liveupdate.symantecliveupdate.com
  4. 69.192.2.39     update.symantec.com

复制代码

三、刷新本地 DNS 缓存。
管理员权限运行命令:

  1. ipconfig /flushDNS

复制代码

四、已知问题。

  • 重定向 Norton 更新域名后,Norton 可能会报 SecurityRisk.URLRedir

symantec离线下载

产品目录
https://www.symantec.com/zh/cn/security_response/definitions.jsp?

https://www.symantec.com/security_response/definitions/download/detail.jsp?gid=sep

SEP 14
https://www.symantec.com/security_response/definitions/download/detail.jsp?gid=sep14
https://www.symantec.com/security_response/definitions/download/detail.jsp?gid=ips14

Symantec Endpoint Protection官方下载

下载链接

12.1.6 MP6

http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_12.1.6_MP6_All_Clients_EN.zip

http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_12.1.6_MP6_All_Clients_CH.zip

http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_12.1.6_MP6_All_Clients_CS.zip

 

12.1.6 MP9

http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_12.1.6_MP9_All_Clients_EN.zip

http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_12.1.6_MP9_All_Clients_CH.zip

http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_12.1.6_MP9_All_Clients_CS.zip

 

wget --header="Cookie: veritas_main" http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_12.1.6_MP9_All_Clients_CS.zip

 

14.0

http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_14.0.1_MP1_SEPM_CS.exe

http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_14.0.1_MP1_All_Clients_CS.zip

http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_14.0.1_MP1_Full_Installation_CS.exe

 

wget --header="Cookie: veritas_main" http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_14.0.1_MP1_All_Clients_CS.zip

 

14.2

http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_14.2.0_SEPM_CS.exe

http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_14.2.0_All_Clients_CS.zip

http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_14.2.0_Full_Installation_CS.exe

 

http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_14.2.0_SEPM_EN.exe

http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_14.2.0_All_Clients_EN.zip

http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_14.2.0_Full_Installation_EN.exe

wget --header="Cookie: veritas_main" http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_14.2.0_All_Clients_EN.zip

14.3

官方生成的链接:
International English 英文https://downloadsapi.broadcom.com/utils/IpqOz1cVZGarMEw/18508784/Sep_to_558_Client_Only_Patches_EN.zip
https://downloadsapi.broadcom.com/utils/u56InEACYjN1805/18508785/Symantec_Endpoint_Protection_14.3.0_All_Clients_EN.zip
https://downloadsapi.broadcom.com/utils/FLiPp91CCyHPw5A/18508786/Symantec_Endpoint_Protection_14.3.0_Full_Installation_EN.exe
https://downloadsapi.broadcom.com/utils/jFNHuzlJSDAwfdI/18508787/Symantec_Endpoint_Protection_14.3.0_SEPM_EN.exe
Traditional Chinese 繁体中文
https://downloadsapi.broadcom.com/utils/RpNkqTax8NUTLzo/18508788/Symantec_Endpoint_Protection_14.3.0_All_Clients_CH.zip
https://downloadsapi.broadcom.com/utils/XJNqvD70rflmx4w/18508790/Symantec_Endpoint_Protection_14.3.0_Full_Installation_CH.exe
https://downloadsapi.broadcom.com/utils/ZOfqCDORBCMchtS/18508792/Symantec_Endpoint_Protection_14.3.0_SEPM_CH.exe
Simplified Chinese 简体中文
https://downloadsapi.broadcom.com/utils/vXFb1jD4gg3WKMm/18508795/Symantec_Endpoint_Protection_14.3.0_All_Clients_CS.zip
https://downloadsapi.broadcom.com/utils/FBIt8Q2O120hBIM/18508796/Symantec_Endpoint_Protection_14.3.0_Full_Installation_CS.exe
https://downloadsapi.broadcom.com/utils/GYi8eW9sDVMkZBU/18508797/Symantec_Endpoint_Protection_14.3.0_SEPM_CS.exe
Spanish 西班牙
https://downloadsapi.broadcom.com/utils/eu13JRHHURNInjP/18508798/Symantec_Endpoint_Protection_14.3.0_All_Clients_SL.zip
https://downloadsapi.broadcom.com/utils/aPeKOMpxwQwyPdP/18508799/Symantec_Endpoint_Protection_14.3.0_Full_Installation_SL.exe
https://downloadsapi.broadcom.com/utils/aPeKOMpxwQwyPdP/18508799/Symantec_Endpoint_Protection_14.3.0_Full_Installation_SL.exe

离线库

产品目录
https://www.symantec.com/zh/cn/security_response/definitions.jsp?

SEP14

https://www.broadcom.cn/support/security-center/definitions?pid=sep14

Mirror

14.3 RU1

Symantec Endpoint Protection 14.3 RU1 for Windows 64-bit (115 MB)
https://dl.comss.org/download/Symantec_Endpoint_Protection_14.3.0_RU1_Win64-bit_Client_EN.exe

Symantec Endpoint Protection 14.3 RU1 for Windows 32-bit (105 MB)
https://dl.comss.org/download/Symantec_Endpoint_Protection_14.3.0_RU1_Win32-bit_Client_EN.exe

Symantec Endpoint Protection 14.3 RU1 for MacOS (124 MB)
https://dl.comss.org/download/Symantec_Endpoint_Protection_14.3.0_RU1_Mac_Client_EN.zip

Symantec Endpoint Protection 14.3 RU1 – All Clients (344 MB)
https://dl.comss.org/download/Symantec_Endpoint_Protection_14.3.0_RU1_All_Clients_EN.zip

Symantec Endpoint Protection 14.3 RU1 – Full Installation (1.9 GB)
https://dl.comss.org/download/Symantec_Endpoint_Protection_14.3.0_RU1_Full_Installation_EN.exe

14.3_RU1_MP1

https://dl.comss.org/download/Symantec_Endpoint_Protection_14.3_RU1_MP1_Full_Installation_EN.exe

https://dl.comss.org/download/Symantec_Endpoint_Protection_14.3_RU1_MP1_Win64-bit_Client_EN.exe

14.3 RU2

Symantec Endpoint Protection 14.3 RU2 for Windows 64-bit
https://dl.comss.org/download/Symantec_Endpoint_Protection_14.3.0_RU2_Win64-bit_Client_EN.exe

Symantec Endpoint Protection 14.3 RU2 for MacOS
https://dl.comss.org/download/Symantec_Endpoint_Protection_14.3.0_RU2_Mac_Client_EN.zip

Symantec Endpoint Protection 14.3 RU2 – All Clients
https://dl.comss.org/download/Symantec_Endpoint_Protection_14.3.0_RU2_All_Clients_EN.zip

Symantec Endpoint Protection 14.3 RU2 – Full Installation
https://dl.comss.org/download/Symantec_Endpoint_Protection_14.3.0_RU2_Full_Installation_EN.exe

No More Ransom! 協助你一同對抗勒索病毒

https://www.nomoreransom.org/

 

 

近年來遭受勒索病毒(Ransomware)侵擾的機構層出不窮,其中不乏政府機關、醫院、學校或中小企業公司,甚至許多人的家用電腦都曾經中毒。一般來說,勒索病毒慣用手法是包裝在軟體或郵件附件,以其他格式偽裝,當使用者不小心執行後,它就會在電腦內進行部署,最終將所有檔案加密變成無法存取使用,跳出支付贖金來脅迫使用者取得解密金鑰恢復檔案,而且使用比特幣(Bitcoin)技術使嫌犯更難以被追蹤。

 

趨勢科技針對勒索軟體推出的免費復原工具 Trend Micro Ransomware File Decryptor,能有效對付某些類型勒索病毒,在不用支付贖金的情況下來強制重新復原救回檔案,這個工具目前支援包括 TeslaCrypt、CryptXXX、SNSLocker 等等在內共十多種勒索軟體類型。除此之外,本文要來介紹一個「No More Ransom」網站,一個勒索病毒主題入口網站,以專門對付勒索病毒為主,網站來頭不小,由 Intel Security、Interpol、荷蘭警方和卡巴斯基安全實驗室聯手打造!主要是協助使用者對抗危害,提供各種解密破解工具,讓使用者在不支付勒索贖金的情況下恢復重要文件檔案。

 

與其說 No More Ransom 是一個提供解密工具的網站,倒不如說他是一個教育使用者如何避免遇到勒索病毒危害的教育網站,內容簡單扼要一目了然,例如:備份資料、只打開認識且信任的聯絡人郵件附件、安裝防毒軟體、讓電腦軟體更新保持最新狀態,這些雖是老生常談,謹記在心準沒錯。

此外,No More Ransom 還提供線上勒索病毒檢測平台,使用者只要上傳自己被加密後的檔案,它就能從該組織擁有的 16 萬組解密金鑰中找出能夠解鎖的方式,還會讓你免費下載合適的復原工具,接下來我就簡單介紹一下 No More Ransom 這個網站的使用方法吧!

 

使用教學

STEP 1

開啟 No More Ransom! 網站後,首頁會直接詢問是否要協助你解鎖、復原你的檔案或文件,而不用支付給駭客贖金?點選 YES 後會進入檢測平台,如果點選 No 則會有一系列的防護安全資訊供使用者參考學習,不過目前僅有英文版。

 

STEP 2

No More Ransom! 的 Crypto Sherief 加密檔案自我檢測平台相當厲害,可能是目前網路唯一提供這項服務的網站!簡單來說,使用者只要點選左側兩個按鈕將被加密的任一兩個檔案選取、上傳,右側則是填入你在支付贖金頁面看到的 Email、網址,這部分需要確認無誤,以避免找不到可以解密的金鑰或工具,你也可以直接上傳勒索病毒留下來的訊息(.txt 或 .html 格式)。

最後,點選下方按鈕,No More Ransom! 就會找出可能可以解蜜、復原檔案的金鑰讓你免費下載,或者可能可以還原的免費工具。

 

STEP 3

在網站的 Decryption Tools 解密工具頁面,提供一系列可協助處理、還原或救援被勒索病毒加密後檔案的工具(CoinVault、RannohDecryptor、RakhniDecryptor、ShadeDecryptor),都有各自對應可以處理的勒索病毒副檔名格式。

不過在下載前請務必先閱讀使用說明,尤其要先確保勒索病毒已經從你的系統被完整移除,避免在解密後又被重新加密造成檔案損毀,任何可信賴的防毒軟體都能做到。

 

目前勒索軟體(勒索病毒)的數量相當多,而且不斷變種,有更多型態出現,現階段破解工具還無法涵蓋所有的勒索病毒,不過 No More Ransom! 網站提醒:盡量不支付贖金給這些病毒駭客,一來你會讓這些人認為有利可圖,進而找出更多方法來入侵其他使用者電腦;二來支付贖金獲取的解密金鑰也可能無法使用!讓你掉入被詐騙的陷阱當中。若你真的不幸中了勒索病毒,請記得先到 No More Ransom 網站找找解決辦法。

Tool for decrypting files affected by Trojan-Ransom.Win32.Rannoh infection

Tool for decrypting files affected by Trojan-Ransom.Win32.Rannoh infection

Back to “Virus-fighting utilities”

2016 May 24 ID: 8547

If the system is infected by a malicious program of the family Trojan-Ransom.Win32.Rannoh, Trojan-Ransom.Win32.AutoIt, Trojan-Ransom.Win32.Fury, Trojan-Ransom.Win32.CrybolaTrojan-Ransom.Win32.Cryakl or Trojan-Ransom.Win32.CryptXXX, all files on the computer will be encrypted in the following way:

  • In case of a Trojan-Ransom.Win32.Rannoh infection, file names and extensions will be changed according to the template locked-<original_name>.<four_random_letters>.
  • In case of a Trojan-Ransom.Win32.Cryakl infection, the tag {CRYPTENDBLACKDC} is added to the end of file names.
  • In case of a Trojan-Ransom.Win32.AutoIt infection, extensions will be changed according to the template<original_name>@<mail server>_.<random_set_of_characters>.
    Example: [email protected]_.RZWDTDIC.
  • In case of a Trojan-Ransom.Win32.CryptXXX infection, extensions will be changed according to the template<original_name>.crypt.

RannohDecryptor tool is designed to decrypt files dectypted by Trojan-Ransom.Win32.Rannoh, Trojan-Ransom.Win32.AutoIt,Trojan-Ransom.Win32.Fury, Trojan-Ransom.Win32.Crybola, Trojan-Ransom.Win32.Cryakl or Trojan-Ransom.Win32.CryptXXX versions 1 and 2 (files encrypted by Trojan-Ransom.Win32.CryptXXX version 3 are detected, but not decrypted).

 

Disinfection

To disinfect the system:

http://media.kaspersky.com/utilities/VirusUtilities/EN/rannohdecryptor.zip

  1. Download RannohDecryptor.zip. The following pages contain information on how to download the file.
  2. Run RannohDecryptor.exe on the infected computer.
  3. In the main window, click Start scan.

RD_8547_1

  1. Indicate path to one encrypted file and one not encrypted file.
    If the file is encrypted by Trojan-Ransom.Win32.CryptXXX, indicate the largest files. Only the files of this size or smaller ones will be decrypted.
  2. Wait until the files are found and decrypted.
  3. Reboot the computer, if needed.
  4. To delete copies of encrypted files named like locked-<original_name>.<four_random_letters> after a successful decryption, use the option Delete encrypted files after decryption.
Please note. If the file was encrypted by Trojan-Ransom.Win32.Cryakl, the tool will save the files with the extension.decryptedKLR.original_extension. If you select the option Delete encrypted files after decryption, the decrypted file will be saved under the original name.
  1. By default, the tool log is saved on system disk (the one with the operating system installed).Log file name is: UtilityName.Version_Date_Time_log.txt

    For example, C:\RannohDecryptor.1.1.0.0_02.05.2012_15.31.43_log.txt

If the system is encrypted by Trojan-Ransom.Win32.CryptXXX, the tool scans a limited number of files. If you have selected a file encrypted by CryptXXX v2, the encryption key restoration can take a rather long time. In this case the tool views the following message:

RD_8547_2

 

Command line options

-l <file_name> – create a log file with given name.

-y – close the window after decryption.

Symantec Endpoint Protection 12.1

这个可以理解为SCS的升级新一代版本,试用后感觉响应速度和PF占用都有了很大进步,使用symantec SAV或者SCS的朋友可以考虑更新到这个版本了。
中文名称:赛门铁克端点防护
Symantec Endpoint Protection V12.1简体中文版
英文名称:Symantec_Endpoint_Protection 12.1

版本:官方最新发布
发行时间:2011年

制作发行:Symantec
地区:中国大陆
语言:简体中文
[安装测试] 在WindowsXP SP2 SP3中文版Windows 7 中文版安装测试通过,因我没有该系统

[版权声明]资源版权归原作者及其公司所有,如果你喜欢,请购买正版。

简介:
Symantec Endpoint Protection将Symantec AntiVirus与高级威胁防御功能相结合,可以为笔记本、台式机和服务器提供无与伦比的恶意软件防护能力。 它在一个代{过}{滤}理和管理控制台中无缝集成了基本安全技术,从而不仅提高了防护能力,而且还有助于降低总拥有成本。

主要功能
* 无缝集成一些基本技术,如防病毒、反间谍软件、防火墙、入侵防御和设备控制。
* 只需要一个代{过}{滤}理,通过一个管理控制台即可进行管理。
* 由端点安全领域的市场领导者提供无可匹敌的端点防护。
* 无需对每个端点额外部署软件即可立即进行 NAC 升级。

主要优势
* 阻截恶意软件,如病毒、蠕虫、特洛伊木马、间谍软件、恶意软件、bot、零日威胁和 rootkit。
* 防止安全违规事件的发生,从而降低管理开销。
* 降低保障端点安全的总拥有成本。

新功能

单个代{过}{滤}理和单个控制台
为所有 Symantec Endpoint Protection 技术和 Symantec Network Access Control 提供一个代{过}{滤}理。 为管理所有 Symantec Endpoint Protection 技术和 Symantec Network Access Control 提供一个集成的界面。 允许对所有技术采用一种通信方法和一个内容交付系统。
* 提供了出色的操作效能,如单个软件更新、单个策略更新等。
* 提供了统一的集中报告。
* 提供了统一的授权许可和维护。
* 添加 Symantec Network Access Control 实施功能时不需要对客户端进行更改。
* 降低保障端点安全的总拥有成本。
* 降低了管理工作量。

主动威胁扫描
基于行为的防护,可以防御零日威胁和前所未见的威胁。 与其它启发式技术不同,主动威胁扫描可以对未知应用程序的行为好坏进行分类,从而提供了更精确的恶意软件检测。
* 无需设置基于规则的配置即可准确检测恶意软件。
* 有助于降低误报数量。

高级 Rootkit 检测和删除功能
通过集成 VxMS(Veritas 映射服务,Veritas 的一种技术)提供了出色的 rootkit 检测和删除功能,从而可以访问操作系统底层,进行全面分析和修复。
* 检测并删除最难以处理的 rootkit。
* 无需对受感染的计算机重新制作映像,因此节省了时间和金钱,同时防止工作效率下降。

应用程序控制
允许管理员控制用户和其它应用程序访问特定进程、文件和文件夹。 它提供了应用程序分析、进程控制、文集和注册表访问控制,以及模块和 DLL 控制。 它使管理员能够限制某些被视为可疑或高风险类型的活动。
* 防止恶意软件传播或破坏端点。
* 锁定端点,防止数据泄漏。

设备控制
控制可以连接到计算机的外设以及这些外设的使用方式。 它可以锁定一个端点,阻止其与拇指驱动器、CD 刻录机、打印机和其它 USB 设备相连。
* 防止敏感的机密信息从端点被提取或窃取(数据泄漏)。
* 防止端点被通过外设传播的病毒感染。

系统要求
Symantec Endpoint Protection 客户端(32 位)
最低要求
* Windows 2000 SP3+、Windows XP、Windows Server 2003、Windows Vista (x86)
* Pentium III 300 MHz(Windows Vista 需要 1GHz)
* 256 MB 内存
* 180 MB 磁盘(安装期间额外需要 440 MB)

Symantec Endpoint Protection 客户端(64 位)
最低要求
* Windows XP Professional (x64) SP1+、Windows Server 2003 (x64)、Windows Vista (x64)
* 1 GHz,采用以下处理器之一:具有 Intel EM64T 支持的 Intel Xeon、具有 EM64T 支持的 Intel Pentium IV、AMD 64 位 Opteron、AMD 64 位 Athlon(注意:不支持 Itanium)
* 256 MB 内存
* 180 MB 磁盘(安装期间额外需要 440 MB)

Symantec AntiVirus for Linux 客户端
支持的 Linux 分发:Red Hat Enterprise Linux、SuSE Linux Enterprise(服务器/台式机)、Novell Open Enterprise Server、VMWare ESX
Symantec Endpoint Protection Manager
中央管理服务器
最低要求
* Windows XP Professional SP2;Windows Server 2003 Standard/Enterprise
* Microsoft Internet Information Services(Web 服务器)
* Microsoft SQL Server 2000 SP3 或 SQL Server 2005(可选)
* 2GB 内存
* 1GB 可用磁盘空间

Symantec Endpoint Protection 控制台
远程管理控制台(可选)
最低要求
* Windows XP Professional;Windows Server 2003 Standard 或 Enterprise;Windows 2000 Professional/Server/Advanced Server
* Sun Java Runtime Environment (JRE) 1.5
* Microsoft Internet Explorer 6.0 SP2
* 512 MB 内存

Symantec? Endpoint Protection combines Symantec AntiVirus? with advanced threat prevention in a single agent delivering unmatched defense against malware for laptops, desktops and servers.

Features:
– Seamlessly integrates essential technologies such as antivirus, antispyware, firewall, intrusion prevention, device control
– Requires only a single agent and managed by a single management console
– Unmatched endpoint protection from a proven, market leading endpoint security vendor
– Each endpoint comes “SNAC-ready” (Symantec Network Access Control)(Optional purchase), enabling instant upgrade without additional software deployment on the endpoints

Benefits:
– Stops malware and such as viruses, worms, trojans, spyware, adware and rootkits
– Helps prevent security outbreaks
– Lowers TCO for endpoint security
– Reduces administrative effort

产品资料:
http://www.symantec.com/content/zh/cn/ente…n-us.pdf
官网:
http://edm.symantec.com/endpointsecurity/



官方下载地址 注:简体中文版
第一张
http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_12.1_Win32-bit_Client_CS.exe
内容:
SEP客户端32位

第二张
http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_12.1_Win64-bit_Client_CS.exe
内容:
SEP客户端64位

第三张[个人用户不必下载]
http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_12.1_Full_CS.exe
内容:
服务端包含客户端

以上是简体版,为了方便各位网友以下是英文版
英文版32位客户端http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_12.1_Win32-bit_Client_EN.exe
英文版64位客户端
http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_12.1_Win64-bit_Client_EN.exe

英文版服务端包含客户端
http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_12.1_Full_CS.exe

Symantec_Endpoint_Protection_12.1.4

中文版客户端
http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_12.1.4_Win32-bit_Client_CS.exe
http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_12.1.4_Win64-bit_Client_CS.exe

英文版客户端
http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_12.1.4_Win32-bit_Client_EN.exe
http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_12.1.4_Win64-bit_Client_EN.exe

管理端
http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_12.1.4_SEPM_CS.exe
http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_12.1.4_SEPM_EN.exe

完整版客户端
http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_12.1.4_Part1_Installation_CS.exe
http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_12.1.4_Part2_Tools_CS.exe
http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_12.1.4_Part1_Installation_EN.exe
http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_12.1.4_Part2_Tools_EN.exe

注意,若使用IE下载:请依次打开以下三个网站,保持不关闭
http://www.symantec.com/zh/cn/index.jsp
http://www.symantec.com/zh/cn/norton/index.jsp
https://www4.symantec.com/Vrt/offer?a_id=48182
然后在IE地址栏里用上面相应的下载链接下载,切记!否则不能下载。

也可使用Internet Download Manager等下载工具下载,貌似不需要打开以上三个网站,有兴趣的朋友可以试试。

RU4的官方卸载工具CleanWipe 12.1.4013.4013分享在百度网盘:
中文版:http://pan.baidu.com/s/124Xtj
英文版:http://pan.baidu.com/s/1sv8UQ

该卸载工具包含在
Symantec_Endpoint_Protection_12.1.4_Part2_Tools_CS.exe
Symantec_Endpoint_Protection_12.1.4_Part2_Tools_EN.exe
两个文件里,也可自行下载。

以上10个官方原版镜像文件相关信息及Md5和Sha1罗列如下:

以下文件Md5及Sha1值如有不同敬请反馈,我会及时修改,谢谢。

Symantec_Endpoint_Protection_12.1.4_Win32-bit_Client_CS.exe
大小: 295213288 字节
MD5: 4CCC3D13EA37089CB7627E54F27E9DC2
SHA1: 24649DC19C57D26E499EA7A08FE8965B6D030599

Symantec_Endpoint_Protection_12.1.4_Win64-bit_Client_CS.exe
大小: 306378272 字节
MD5: E95221CD9600DF58DA5DC266C4ECECF8
SHA1: F41D3DDE10D2A31700ADC8AAC15BD23747F196BC

Symantec_Endpoint_Protection_12.1.4_Win32-bit_Client_EN.exe
大小: 295110912 字节
MD5: 3BBDD0F4627B7DAD8BA77B08FC801261
SHA1: 442CC4AA56B20D00071205727C982BE411BEE349

Symantec_Endpoint_Protection_12.1.4_Win64-bit_Client_EN.exe
大小: 306268384 字节
MD5: F8C6440B3314164FEC79E45656B7DCF0
SHA1: A434004FE8B9CB21F3B4845E93F8DC0FB8D71B3D

Symantec_Endpoint_Protection_12.1.4_SEPM_CS.exe
大小: 1526418040 字节
MD5: DAF202F77A97301F8FC277C5AAA48E98
SHA1: 154AD7BBC1EE04FD54DDF707800AF5975BF6910D

Symantec_Endpoint_Protection_12.1.4_SEPM_EN.exe
大小: 1478648552 字节
MD5: D3EBF5290600F84B3F8C3CE279625DCC
SHA1: C6D3522F226DD0112182700D28BA634C10F41D9C

Symantec_Endpoint_Protection_12.1.4_Part1_Installation_CS.exe
大小: 1868570360 字节
MD5: 4688734CE2BB1D5659C092F17E7F2699
SHA1: 4D2B7E50A0A70591982C39949EC6D87FA576D533

Symantec_Endpoint_Protection_12.1.4_Part2_Tools_CS.exe
大小: 225922488 字节
MD5: C42C892E6FA3790421BA28654F0022D3
SHA1: 0397661DEEDF88B03CD98EA6C5CAA4A415BFE8BE

Symantec_Endpoint_Protection_12.1.4_Part1_Installation_EN.exe
大小: 1820454240 字节
MD5: 814981BCA81BFD1AEC0684AA7BB2693F
SHA1: 0B380B57659B31E84C052E4AAA7817FF976BBB6A

Symantec_Endpoint_Protection_12.1.4_Part2_Tools_EN.exe
大小: 221691368 字节
MD5: 5FCADF8C12F4FC46A3B4A9AB62B5DD99
SHA1: 1B4FA87BF3CAC5B2CA5EF3C1949105985A05F2D9