Symantec: Symantec Mail Security LiveUpdate Failed

If the liveupdate of your Symantec Mail Security fails, it might be caused by the Quarantine Thresholds. You can follow the steps below to solve the problem:
1. Go to Monitors > Quarantine Settings and delete the old quarantined items by checking the Delete oldest items
2. Go to Admin > LiveUpdate/Rapid Release Status and click on the Run LiveUpdate Certified Definitions

Microsoft: Amended Exchange Mailbox Quota Not Taking Effect Immediately

After I have increased the mailbox quota of an user's mailbox, it will not take effect immediately. It will take about 1 hour for the new quota to be applied.

The only way to get the quota to take effect immediately is to restart the store service. However, that will kick all users out of Exchange.

This is by design. Exchange caches a lot of information, including permissions and mailbox limits. That cache is flushed every couple of hours. While the time of the cache can be reduced it is not recommended because it will have an impact on the performance of the server. The more users you have the bigger the impact.

Microsoft: Query All Users in Active Directory

The command below allows you to query all the users in your Active Directory:
dsquery * -limit 0 -filter "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))" >>allusers.csv

BlueCoat: Troubleshoot BlueCoat PacketShaper

With PacketShaper, the problem could be with the hardware, software, policies, partitions, topology, etc.

You can take certain steps to isolate the problems:
1. Power down the PacketShaper unit. Does the problem go away?
When you turn the unit off, it works as a piece of wire -- the inside interface will be connected directly to the outside interface. If the problem goes away by turning off the unit, the problem is with PacketShaper.

2. Turn shaping off. Does the problem go away?
When shaping is off, PacketShaper works like a bridge. It will monitor the traffic flowing through it but it will not apply any policies and partitions. If the problem goes away with shaping off, then it is related to a policy, partition, or the link rate setting. It can also be problem with the topology.

3. The problem does not go away with shaping on or off until the unit is turned off.
It could be a hardware problem, problem with the network cards, 10 baseT/100baseT, Half Duplex, Full Duplex settings, bad cables, and so forth. Try some of the following:

* Try auto-negotiate.
* Use different cables.
* In the command line, use the net nic command to see whether RxErrors and TxErrors are incrementing fast.
* There may be an incompatibility problem with one of the devices connected to the inside or outside interface. You can put a hub in between PacketShaper and the other device to rule out any problem due to incompatibility. Topology is also a common problem.

Apple: Newly discovered malware could attack factory-configured iPhones

Security company Palo Alto Networks has discovered new malware, dubbed “AceDeceiver,” that could attack factory-configured iPhones.

iPhones with malware are rare due to their closed ecosystem and strong reliance on encryption, but today’s discovery was one of the first where none of that mattered.

Typically, iPhones containing malware are infected by a malicious application and often on a jailbroken device. AceDeceiver can attack factory-configured (non-jailbroken) iPhones without any downloaded apps by infecting the PC it connects to. iPhone users that don’t connect their device to a PC are thought to be safe.

Currently, the malware has only been spotted in China, but Palo Alto Networks warns that with small configuration tweaks (mostly location settings) it could affect US iPhone users as well.

For more information, please go to AceDeceiver: First iOS Trojan Exploiting Apple DRM Design Flaws to Infect Any iOS Device [Palo Alto Networks]

AWS: AWS Database Migration Service

AWS Database Migration Service helps you migrate databases to AWS easily and securely. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database. The AWS Database Migration Service can migrate your data to and from most widely used commercial and open-source databases. The service supports homogenous migrations such as Oracle to Oracle, as well as heterogeneous migrations between different database platforms, such as Oracle to Amazon Aurora or Microsoft SQL Server to MySQL.

Here are the advantages of AWS Database Migration Service:
1. Simple to use
AWS Database Migration Service is simple to use. There is no need to install any drivers or applications, and it does not require changes to the source database in most cases. You can begin a database migration with just a few clicks in the AWS Management Console. Once the migration has started, AWS manages all the complexities of the migration process including automatically replicatiing data changes that occur in the source database during the migration process.

2. Zero Downtime
AWS Database Migration Service helps you migrate your databases to AWS with virtually no downtime. All data changes to the source database that occur during the migration are continuously replicated to the target, allowing the source database to be fully operational during the migration process. After the database migration is complete, the target database will remain synchronized with the source for as long as you choose, allowing you to switchover the database at a convenient time.

3. Supports Most Widely Used Databases
AWS Database Migration Service can migrate your data to and from most of the widely used commercial and open source databases. It supports homogeneous migrations such as Oracle to Oracle, as well as heterogeneous migrations between different database platforms, such as Oracle to Amazon Aurora. Migrations can be from on-premises databases to Amazon RDS or Amazon EC2, databases running on EC2 to RDS, or vice versa, as well as from one RDS database to another RDS database.

4. Low Cost
AWS Database Migration Service is a low cost service. You only pay for the compute resources used during the migration process and any additional log storage. Migrating a terabyte-size database can be done for as little as $3. This applies to both homogeneous and heterogeneous migrations of any supported databases. This is in stark contrast to conventional database migration methods which can be very expensive.

5. Fast and Easy to Set-up
You can set up a migration task within minutes in the AWS Management Console. A migration task is where you define the parameters the AWS Database Migration Service uses to execute the migration. This includes setting up connections to the source and target databases, as well as choosing the replication instance used to run the migration process. Once setup, the same task can be used for test runs before performing the actual migration.

6. Reliable
The AWS Database Migration Service is highly resilient and self–healing. It continually monitors source and target databases, network connectivity, and the replication instance. In case of interruption, it automatically restarts the process and continues the migration from where it was halted. Detailed diagnostic information is available for you to take the necessary corrective action for errors that cannot be automatically resolved.


< AWS Schema Conversion Tool >
The AWS Schema Conversion Tool makes heterogeneous database migrations easy by automatically converting the source database schema and a majority of the custom code, including views, stored procedures, and functions, to a format compatible with the target database. Any code that cannot be automatically converted is clearly marked so that it can be manually converted. You can use this tool to convert your source databases running on either Oracle or Microsoft SQL Server to an Amazon Aurora, MySQL, or PostgreSQL target database in either Amazon RDS or EC2. The AWS Schema Conversion Tool is available for Microsoft Windows, Mac, and Linux desktops.

Microsoft: Event Log for Time Service / NTP / W32Time

The event logs below are related to time service, NTP or W32Time:
1. Event ID: 35 Source: W32Time
The time service is now synchronizing the system time with the time source <computer name> (ntp.d|<ip address>:123-><ip address>:123).

2. Event ID: 37 Source: W32Time
The time provider NtpClient is currently receiving valid time data from <domain>.

Palo Alto: Unable to Receive Scheduled Reports

If you are not able to generate the scheduled reports in your Palo Alto, you might want to restart the Palo Alto device.

Palo Alto: Unable to Schedule Dynamic Updates

If you are not able to schedule the Dynamic Updates in your Palo Alto, you might want to restart the management service by applying the following commands:
1. debug software restart process device-server
2. debug software restart process management-server

IT Security: First OS X Ransomware Detected in The Wild, Will Maliciously Encrypt Hard Drives on Infected Macs

Version 2.92 of Transmission has now been released. This claims to actively remove the ‘KeyRanger’ malware files from the infected Mac.

OS X users have today been hit with the first known case of Mac ‘ransomware’ malware, found in the Transmission BitTorrent client released last week. Infected versions of the app include ‘KeyRanger’ malware that will maliciously encrypt the user’s hard drive after three days of being installed. The malware then asks for payment to allow the user to decrypt the disk and access their data — the ‘ransom’.

As reported by Palo Alto Networks, Apple has already taken steps to curb the spread of the malware through its Gatekeeper security system. This means the infected version of Transmission will no longer install, but it does not help those who have already been affected. Transmission is urgently recommending people upgrade to the latest version of its software, 2.91.

Unlike ‘friendly’ system encryption services, it is becoming increasingly common on Windows for viruses and malware to maliciously encrypt user data. The aim is for the virus maker to raise money by holding the user data ransom until payment is provided, in exchange for the malware to decrypt the drive once again.

The KeyRanger malware currently circulating is the first known instance of ransomware targeted at OS X users. It is not recommended to actually pay the malware as it only encourages further malicious action and there is no guarantee the virus maker will actually do the decryption as promised.

Users worried about being impacted by the ransomware should look for the ‘kernel_service’ process in Activity Monitor. This process is named like a kernel system program as a disguise, but it is actually the KeyRanger malware. If you are impacted, the recommendation is to restore to an earlier backup of your system before you installed Transmission. This is the best way to ensure the virus has been completely removed from the system.

It’s worth noting that the malware has only been detected in the Transmission app to date. It is unknown if it is more widespread, affecting other common apps.

Palo Alto Networks suggests a few other methods to check for the presence of the malware. Their post also includes a lot more detail on the technical implementation of the virus, so check out their post for more information. The security researchers suggest checking for the existence of the file ‘/Applications/Transmission.app/Contents/Resources/General.rtf’ or ‘/Volumes/Transmission/Transmission.app/Contents/Resources/ General.rtf’. If this file exists, the Transmission app is likely infected. You can also check for the existence of “.kernel_pid”, “.kernel_time”, “.kernel_complete” or “kernel_service” files in the ~/Library directory. Delete the files if they exist.