Symantec token

21.04Global MFA ManagementSymantec VIP global MFA settingsAt the global level, configure the Symantec Validation and ID Protection (VIP) token. Users can use a Symantec VIP token to authenticate into a resource.You can limit the use of this MFA method in a policy.PrerequisitesImport the trusted certificate into the certificate store on the Identity Platform server.Trusted certificate must have read-only access permissions to:IIS AppPool\SecureAuth0poolNetwork serviceGlobally configure Symantec VIP tokenOn the left side of the Identity Platform page, click Multi-Factor Methods.Click the pencil icon for Symantec VIP.The configuration page for Symantec VIP appears.To enable or disable the global Symantec VIP multi-factor method, slide the toggle On or Off.In the Configuration mode section, set any of the following configurations.Timed passcodeWhen the Symantec VIP multi-factor method toggle is On, it enables the option users to receive a timed passcode on a Symantec VIP token.Issued Certificate Serial NumberThe certificate serial number provided by Symantec.NoteFor the certificate permissions, see the Prerequisites at the beginning of this topic. Host WhitelistBy default, two allowed URLs are included. You can add or modify URL entries.Symantec VIP FieldIndicate whether to show or hide the Symantec VIP field on the login page.Click Save.Next stepsConfigure a policy on the Multi-Factor Methods tab to allow users to authenticate using Symantec VIP tokens in the login workflow.

--> VIP Manager Administrator instructions of forgot password calendar_todayUpdated On: Issue/Introduction - Unable to log in to VIP Manager- Forgot password to VIP Manager- Locked out of VIP Manager- Unknown VIP Enterprise Gateway username or password Environment Resolution VIP Administrator SituationVIP Test AccountVIP Production accountFirst-time VIP Manager access Contact the account VIP Administrator or a VIP Administrator with create admin permissions. Forgot VIP Manager passwordClick the Forgot your password? link on the VIP Manager login page. (not available when accessing through VIP EG IdP or another SSO IdP)Request VIP Manager accessLost VIP Manager accessEmail address or username no longer validVIP Manager Account lockedContact your Broadcom/Symantec Account repContact your main VIP administrator or another VIP Administrator within your organization for assistance. In the event there are no other valid VIP Administrators, please follow these steps to update contact information. VIP Administrator Token lost\unavailable\changedStart here: How to reset or change the credential ID for a VIP Administrator. Other VIP Administrators within your organization with modify permissions can help. If none, open a support case and request the removal of your token. You will be prompted to add a new token ID during the next login.VIP Administrator Token lockedOnly VIP support can unlock an administrator token through a support case. Or, another VIP Administrator can remove the locked token and add a different token ID. A new ID is generated when the VIP app is uninstalled\reinstalled. No VIP Administrators within the organization. ►Update VIP Administrator contact informationUpdate or change contact for a Symantec VIP Manager accountCheck with existing VIP helpdesk admins if they have permission to modify VIP Administrators.►Enterprise Gateway console unknown passwordHow to add, delete or reset the VIP Enterprise Gateway console username and password. Feedback thumb_up Yes thumb_down No

Web Email Protection users can use the two-factor authentication (2FA) feature for greater account security. The Two-factor Authentication (2FA) provides both SMS-based verification and email-based verification. This security measure adds an extra layer of protection to Web Email Protection user accounts by requiring them to enter a Time-based One-Time Password (TOTP) before gaining access to the WEP interface. To implement 2FA and protect Web Email Protection user accounts, the following is the order of the workflow: Administrators determine a verification method strategy—only email, or email and SMSAdministrators register and set up SMS-based verification with an SMS provider if SMS is one of the verification methods.Administrators configure verification methods for 2FA on Symantec Encryption Management Server Administrative ConsoleWeb Email Protection users register and verify their phone numbers for SMS-based verification on the Web Email Protection Settings page, if SMS is one of the verification methods. Administrators determine a verification method strategy—only email, or email and SMSThe choice between using only email or a combination of email and SMS for two-factor authentication (2FA) depends on various factors, including security requirements, user convenience, associated costs, and regulatory compliance requirements of your organization. A combination of both email and SMS for 2FA is recommended to provide a balance between security and user convenience while mitigating the risks associated with each method. Therefore, you may review your organization’s requirements, consult with your security administration, and determine a verification method strategy that best suits your security requirements.Administrators register and set up SMS-based verification with an SMS provider if SMS is one of the verification methodsAt a high level, setting up SMS-based verification for two-factor authentication (2FA) involves creating and registering an account with the supported SMS provider service, such as Clickatell or Twilio. Ensure that you allow the URL and URL over port 443 for 2FA to work. Clickatell: If you decide to use the Clickatell SMS service, you must create a Clickatell account, and then generate an API key. You need to use the API key while configuring SMS verification methods for 2FA on Symantec Encryption Management Server Administrative Console. For more information, see the Getting started with SMS topic available on the Clickatell Documentation portal.Twilio: If you decide to use the Twilio SMS service, you must create a Twilio account, and then obtain Account SID, Auth Token, and Service SID. Once you register on Twilio, log in and obtain Account SID and Auth Token

Scheduled task. This will provide log in history and may also lend some credence and enticement to the attacker. If you choose to use this method, be sure to exclude or auto dismiss this pattern from any alerts or monitoring and notify the security operations team so they are aware of the scripted pattern.While placing the account in a file or script, you can generate logon history by leveraging weaker protocols or channels and using it in a nearby office printer. In this scenario you could exclude the known pattern from the printers IP (Internet Protocol) to the login server but if any other activity or usage elsewhere the pattern becomes different and actionable.Attackers also often dump LSA (Microsoft Windows Local Security Authority) Secrets from a Windows Server. You can generate a dummy token by using a real user but a fake password. To generate:Sc create BackupSvc binpath=” C:\Program Files\Symantec\Backup\backupsvc.exe” obj=’’symadmin@’ password=” _yJLN5cn32(n”Services like Tanium package could also be used to push this token throughout parts of your network on targeted servers. Seeing this in multiple places not only spreads the trip wire but also lends credence and enticement to the viability of this credential.In addition, sending Windows Security event 4625 to your SIEM (Security Incident and Event Management) like Microsoft Sentinel and writing a detection for this specific account or utilizing watchlists can create additional tripwires and alerts. Attackers may also target LSASS (Local Security Authority Subsystem Service) where hashes of passwords are stored in the system memory. A

My live update is not working since 5th Jan 2015. I also check everything and found no problem. Plz find below live update log from management server for your information.January 26, 2015 11:40:33 AM PKT: LiveUpdate failed. [Site: Site Symantec] [Server: Symantec] January 26, 2015 11:40:33 AM PKT: LUALL.EXE finished running. [Site: Site Symantec] [Server: Symantec] January 26, 2015 11:40:33 AM PKT: LiveUpdate encountered one or more errors. Return code = 4. [Site: Site Symantec] [Server: Symantec] January 26, 2015 11:40:26 AM PKT: Symantec Endpoint Protection Win64 11.0.7000.975 (English) is up-to-date. [Site: Site Symantec] [Server: Symantec] January 26, 2015 11:40:25 AM PKT: Symantec Endpoint Protection Win64 11.0.6005.562 (English) is up-to-date. [Site: Site Symantec] [Server: Symantec] January 26, 2015 11:40:24 AM PKT: Symantec Endpoint Protection Win32 11.0.7000.975 (English) is up-to-date. [Site: Site Symantec] [Server: Symantec] January 26, 2015 11:40:24 AM PKT: Symantec Endpoint Protection Win32 11.0.6005.562 (English) is up-to-date. [Site: Site Symantec] [Server: Symantec] January 26, 2015 11:40:09 AM PKT: TruScan proactive threat scan engine Win32 11.0 is up-to-date. [Site: Site Symantec] [Server: Symantec] January 26, 2015 11:40:09 AM PKT: TruScan proactive threat scan commercial application list Win32 11.0 is up-to-date. [Site: Site Symantec] [Server: Symantec] January 26, 2015 11:40:09 AM PKT: TruScan proactive threat scan whitelist Win64 11.0 is up-to-date. [Site: Site Symantec] [Server: Symantec]