Miners, making up ~68% hash-rate, have confirmed full support for the ETC #Phoenix network upgrade, expected on ETC mainnet at block 10_500_839, around June 3, 2020.#EthereumClassic Miners Confirm Support for Phoenix Hard-Fork https://t.co/gLUuuwV2GR via @StevanLohja@etclabs
— Ethereum Classic (@eth_classic) May 4, 2020
Seeking assistance with implementing Symantec System Lockdown on a Windows 2012 R2 server that runs Oracle Database 11g Enterprise release 184.108.40.206.0 64 bit edition.
Whitelist listening mode produces below calling application and target and hash value as an example. This happens for all the oracle calling processes on the server
D:oracleproduct11.2.0dbhome_1BINtnsping D:oracleproduct11.2.0dbhome_1perlbinperl.exe Target MD5=00000000000000000000000000000000
Appending the above as a whitelist item does not whitelist the application. Listening mode logs the item as an unapproved application.
Adding a whitelist hash for perl.exe also does not work. Listening mode in lockdown logs the same result.
Have tried putting in an File Name exception of D:Oracle* but this does not work either
Thanks and regards.
We are getting repeated SEP alerts from a client based on a temp file from Outlook and a file from a flash drive, both of which were deleted last week (flash drive isn’t even in machine), but is triggering alerts every day. We have confirmed that the files are not on the host. A sample of the alert follows. Note the event date/time vs last updated time. We get multiple alerts per week from other machines with same config but have never seen this behavior before. We’ve run multiple full scans and reboots. Ideas?
2019-09-25 08:22:28,Virus found,IP Address: xxxxx,Computer name: xxxx,Intensive Protection Level: 0,Certificate issuer: ,Certificate signer: ,Certificate thumbprint: ,Signing timestamp: 0,Certificate serial number: ,Source: Auto-Protect scan,Risk name: ISB.Downloader!gen279,Occurrences: 1,C:UsersxxxxAppDataLocalPackagesoice_16_974fa576_32c1d314_1abACTempFB8C2FE1.doc,AP realtime deferred scanning,Actual action: Cleaned,Requested action: Cleaned,Secondary action: Quarantined,Event time: 2019-09-19 10:23:17,Inserted: 2019-09-19 10:27:41,End: 2019-09-19 10:23:18,Last update time: 2019-09-25 08:22:28,Domain: Default,Group: My CompanyClient PCsWindows Laptops,Server: symantec,User: xxx,Source computer: ,Source IP: ,Disposition: Bad,Download site: ,Web domain: ,Downloaded by: outlook.exe,Prevalence: Unknown,Confidence: This file is untrustworthy.,URL Tracking Status: On,,First Seen: Symantec has known about this file approximately 2 days.,Sensitivity: ,Not on the permitted application list,Application hash: 44193897B15E5B25ABD4FDAEC44923B9B44EEF2D49B330934BC47F91D6A82107,Hash type: SHA2,Company name: ,Application name: FB8C2FE1.doc,Application version: ,Application type: 127,File size (bytes): 327040,Category set: Malware,Category type: Heuristic Virus,Location: On Network
Can the Management Centre be used to push a bulk list of whitelist hash values? My understanding is that you have to do this manually from the GUI of the CA system. However, it would be great if it can be pushed to a group of devices from the management centre.