Beyond Patch: Shavlik Protect Anti-Virus

Having effective patch management and anti-virus practices are two of the most basic building blocks of network security.

However, this often requires separate software solutions that come with separate agents and most importantly, separate costs. With Shavlik Protect’s antivirus, you can bring together what all too often is separate:  patch and A/V.

Shavlik’s anti-virus solution provides:

  • Access to patch and antivirus capabilities as well as reporting from a single console
  • A single-agent for managing patch, anti-virus, and anti-spyware policies
  • The ThreatTrack Security VIPRE engine

Check out this video where Shavlik Product Evangelist John Rush walks you through the anti-virus capabilities within Shavlik Protect. For more information, please contact us at sales@shavlik.com.

Did you know … ?

Did you know?

Did you know?

Here it is my turn to contribute to the Shavlik blog, and I am stricken with “bloggers’ block.” As I try to think of insightful things to say, (those who know me know I rarely say insightful things), nothing comes to mind but questions.

So in the spirit of acceptance of things that can’t be changed, let’s just go with the questions gig.

Did you know…?

  • Shavlik is hosting two webinars this week. “Getting Started with Shavlik Patch” will help new or trial users of Shavlik Patch get up and running and optimize their third-party patching process within SCCM. “Simplified Third-Party Patching for Microsoft System Center” will explain how Shavlik can help you select and deploy third-party patches all from within SCCM. Getting Started with Shavlik Patch
    Wednesday, June 18, 2014 10:00am CDT
    Register Now

Shavlik Technical Support from Start to Finish

We recently caught up with the Shavlik technical support team to learn more about its role in solving customer issues with Shavlik products and services. The Backline Support team, which includes Chase Norton, Adam Gindt, and Charles Winning, has built a strong support staff as well as a lively online community of Shavlik users, who help each other through peer-to-peer questions and use cases.

Q: Can you tell us more about how you help customers find the support they need?

Technically Speaking – The Shavlik Technical Sales Team

We recently caught up with the Shavlik technical sales team to learn more about its role in helping customers make better connections with the Shavlik products and services they are considering or are already using every day. The team, which includes John Rush, Clifton Slater, Ryan Worlten, and Guido Adriaansens, has the customer covered no matter where they are in the world. As you will see, this is a unique gathering of talent. The team even includes a former customer that believed so strongly in Shavlik that they came on board!

Q: Can you tell us more about how you help customers learn about Shavlik?

A: Sure, through our sales team we help customers connect with any learning they might need to help them make a decision about purchasing a product or even brushing up on things they may need to know to help them get the most out of Shavlik products.

Q: Do customers call you or are they put in touch with you?

A: We generally support the sales team. The sales team has a pretty good pulse on our customers. Our sales representatives talk to the customer and find out more about their pain points and what they need to learn. From that initial information we consult both sales team and the customer to recommend the best learning tools to address the issue.

Q: What types of tools do you have at your disposal?

A: The learning opportunities we help build for the client include just about anything the customer could need to help inform them in the sales decision. We walk customers through demonstrations, provide on-site demos, lunch and learn sessions, meet and greets, webinars and online product demos.

Q: What have you learned from your vantage point?

A: We have learned that patch is still puzzling for customers and this is really not a surprise. They are reading about security catastrophes every day and their organizations are working hard to put the right processes in place. They are being asked to do more with less and they face a multitude of moving parts like people leaving, changes within their organizations and a growing list of things to manage.

Q: Are there any common themes you are seeing?

A: We often see customers’ eyes opened to the seriousness of 3rd party patching threats and we are seeing a real growth in questions surrounding the patching of virtual machines.

Q: Any advice for customers?

A: Become a student of security. Don’t just leave it as a task to check off. Shavlik makes things easy so that you can keep up on the latest things you need to learn.

Q: Tell us a little about yourselves:

Meet Guido Adriaansens:

Guido Adriaansens, Systems Engineer

Guido Adriaansens, Systems Engineer

Guido is a Systems Engineer for Shavlik products covering EMEA and located in Amsterdam, The Netherlands but can regularly be found in our UK based office. Apart from his (obvious) interest in IT, Guido enjoys sailing, playing squash, and coaching his daughter’s field hockey team.

 

 

 

Meet Clifton Slater:

Clifton Slater

Clifton Slater, Sales Engineer

Clifton is a Sales Engineer for Shavlik, specializing in the Shavlik suite of products, located in central New Jersey. Clifton is an avid reader of Sci-Fi and Fantasy and a die-hard Pittsburgh Steelers fan, (originally hailing from Pittsburgh).

 

 

 

Meet Ryan Worlton:

Ryan Worlton, Sales Engineer

Ryan Worlton, Sales Engineer

Ryan is a Sales Engineer for the Shavlik products, serving the Western region of the US. In his personal time, Ryan loves to be in the outdoors, this spring and summer he plans on spending about 30 days (and nights) in the Utah back country.

 

 

 

Meet John Rush:

John Rush, Systems Engineer

John Rush, Systems Engineer

John is a Systems Engineer at Shavlik located in St. Paul, Minnesota. John participated in a webinar covering SCCM, see it here.

Protecting my Mom – New Generation of Attacks Threaten us All

Most days I sit comfortably at my desk behind multiple layers of defenses keeping myself and my machine from harm. I sip my coffee and don’t even think about defending threats from myself, instead most of my energy is focused on how do we push forward in our industry against those armies of darkness that seek to compromise our privacy, security and exploit information for their own cause. This week, was different. In three different cases, I found myself at the center of the attack. It was humbling, and at the same time reminded me of how much work we have to get done.

What scares me the most is the unsuspecting prey that countless hackers stalk?  I’m knowledgeable about what and how hackers try to exploit victims. But I worry about my friends and family members that don’t have that same savvy knowledge. I think about my Mom, using the internet for her banking and the occasional check of Facebook… little does she know she’s in the epicenter of the attacks.

So this Blog is the first of a series of three chronicling my last week. I want to share with you three attacks that happened to me in the hopes that it gives you a flavor for where attacks are coming from nowadays. No longer is it the rogue link to install software or the email bomb that just annoys you.  It’s a whole new world where callers, innocent internet checks, and group emails all lead towards exposure.

MONDAY:  Attack 1 – “Windows Service Center”

Last Thursday, I ended up getting home a bit early from a week of travel.  It was about 4:00 p.m. in the afternoon and the house phone rang. It was just me and my kids at home. My kids range in age from seven to eleven and in most cases, it would have been them to answer the phone, but I happened to be there. I grabbed the phone, looked at the number and saw it was a originating from New York. With family on the East coast, I didn’t think twice about grabbing the phone. After five seconds with no one speaking, I should have just hung up, but I stuck this one out. Then it happened… the attempted hack started.

Access DeniedThe caller identified himself and began, “Hello this is XXXXXX from the Windows Service Center.”  Intrigued, I decided to let him continue. “We have detected you have a computer virus on your machine and we’re here to help fix it.” At this point, my hack-o-meter instantly was pegged and I knew this was a scam, but for fun, I decided to let this play out. I asked, “how do you know I have a virus?”  He responded, “because we have systems that detect these sort of things.”  I asked, “how do you know it is my machine?” He retorted, “because we in America spy on our citizens.”  I had to laugh at this one, to use that approach was fascinating, and more curiously, based on background noise, I firmly believe this call was not originating in the United States. Again, I pushed a little bit harder, “I have two machines in my house, which one is it?”  He then responded, “I’m sure it is all of them, so we’ll fix them both.

If memory serves me right, I was cutting some tops off of strawberry’s at this point in the kitchen and he asked me to go over to my computer. I told him I was in front of my computer at this point even though I was still cutting up strawberry’s. He started off by asking me to go to my control panel in Windows and told me that my Windows Firewall wasn’t active. WOW! I thought to myself, this is an impressive scam!  Sure enough he successfully told me what to click (if I actually was in front of the computer) to navigate to my windows firewall and then told me the instruction to disable it because “bad software had taken it over.” Pretending I did, we continued. I asked him, “Are we done now?”  To which he responded that he’d need access to my machine to make sure. I told him that I didn’t know how to do that and he asked me to go to some website by an IP address. Of course, at this point he began to see through my ruse. I told him I couldn’t get there but asked him what was there and he told me it was something “like a WebEx or online meeting” where he could control my machine.

He pushed really hard to get me there, but after a few more questions from me he started to get VERY mad. Not to mention I had moved onto rinsing some peppers and the water running was likely giving me away too. He told me, “You could be arrested if you don’t eradicate this virus” and even played off the emotional heart-strings, “you are exposing your family to harm.”  Then he crossed a line that I’ve never seen before, “I’m not asking you to go here, I’m telling you that you must” as his voice took on a threatening tone.

At this point, I told him that I needed to speak with a supervisor to validate this was the right thing to do. A man got on the line, didn’t identify himself and when I asked where they were and what company they worked for, you could tell I now was the one trying to go after them.  After I told them how shallow it was to attack innocent people like this, he blurted out a few expletives and mumbled some other inappropriate comments before hanging up.

If I had played his game, I have no doubt that the website I would have gone to likely would have been a way for them to remote control into my computer and more than likely it would have been used to download some Malware onto my machine. Things like key-loggers to capture my every password, my access, and even troll around my machine for some good documents that I might have. No doubt, my machine would have gone from a well-protected one to one that was riddled with Malware with a firewall turned off. All scary realizations for me.

…But could this have turned out differently?

What’s more scary though is I still play this story out with the “what-if” scenarios. What if my son had answered the phone? What if my wife had answered the call? Would they have played along or have gotten off the phone before damage was done? If they had played along, would the call have ended so innocently that they’d not have shared what happened with me? Could they have used my home machines (which don’t have valuable data) as a conduit to my work one, which definitely is more sensitive? The caller had the skills to make themselves sound believable, and the pressure-cooker capabilities of a time-share salesperson. They were well skilled to have seen this be a success.

On the heels of this event, I did everything I could to trace this attack back. It turns out the NY phone number was masked and it was originating from an exchange in India. The IP address website I was asked to access was from China. The call-back information was obviously invalid and I didn’t take the charade far enough to get more data to track them Typing on computerdown. Hindsight being 20/20, I wish I had spun up one of my Malware Virtual Machines to access their website and see what else they did or at least trace the traffic from that event back to a more authoritative location so I could snoop back at them. More than likely they were using the computer of their previous victim, so that likely would have led nowhere, but nonetheless, I came up short on sleuthing this one.

Beyond the attack on me, I went online and began to search for the keywords from this conversation, “Windows Service Center” and a few others. It turns out there were more than a few dozen of these attacks reported, each recounted a story like mine, and in many cases, the victims acknowledged they were successfully exploited as part of this attack.

The Moral of Part One

What’s the moral of this story?  There is no safe phone call and there is no innocent phone call. Unfortunately, it won’t take you long to go online and search and find other scams like this. Just this week we heard of the IRS phone scam defrauding millions from people impersonating the IRS. Some tips for all of us (and my mom) on this one:

  1. If someone calls, unfortunately, don’t trust them and make sure you validate their identity.
  2. Watch for key signs that the call is illegitimate. Ask yourself, does the caller ID number make sense? If it is “Unknown” really question it. If it is from outside of your home country, question it as well.
  3. If they are legitimate, they should be fine with you calling them back. Ask for their number and extension and ring them to validate you have a good number for them. At the same time however, if they give you an out of country number, DON’T CALL IT. This is a different type of scam…
  4. Never put yourself at risk doing something you know is wrong. Your firewall is there for a reason. We write patch-management software for a reason, never let someone ask you to take it down.
  5. If someone asks you to do something suspicious like go to an unverified website… don’t do it.
  6. Never… EVER… let them pressure you with commands or threats to do something you don’t want to.
  7. Call the authorities and email us. This activity is illegal and is a cybercrime. By you reporting it, people like me find out about it and then we go after these criminals.
  8. When in doubt, call/email me before you do anything… and I’m not just talking about emails from my mom… I’ll take emails from anyone on subjects like this.

I wish there was a switch on the wall that I could flip for us all to turn off the darkness.  Unfortunately, there isn’t. In the interim though, we’re here to make it safe for us all as best as we can. Be safe everyone.

The Next Generation of SCUPdates, Shavlik Patch for Microsoft System Center, Is Here

Shavlik is happy to announce the release of Shavlik Patch for Microsoft System Center. This follow-on to Shavlik SCUPdates provides third-party patching within Microsoft System Center Configuration Manager (SCCM) and does it in such a manner that third-party patching has never been easier.

 

What’s cool in Shavlik Patch?

If you are using SCCM 2012 (or later versions)…

  • Ability to patch more than 100 popular applications completely within Configuration Manager
  • An integrated add-in for the Configuration Manager console that no longer requires the use of System Center Updates Publisher (SCUP)
  • Automatically check for and download patch data from Shavlik
  • Publish new patches through SCCM manually or automatically
  • Smart handling of difficult to install patches like Java

If you are using SCCM 2007…

  • Continue to enjoy the goodness of SCUPdates just with a new name

 

Want to see it in action?

Join Shavlik Chief Marketing Officer Steve Morton, Systems Engineer John Rush, and I as we discuss the details of the new release and show you how Shavlik Patch will revolutionize the way you perform third-party patching within Configuration Manager.

Introducing the New Shavlik Patch for Microsoft System Center
Wednesday, February 12, 2014 10:00 a.m. CST
Register Now

 

Download it now and see for yourself

  • Learn more about Shavlik Patch here.
  • View quick videos about how to install and configure Shavlik Patch here.
  • Download a free trial of Shavlik Patch here.
  • View user documentation for Shavlik Patch here.

See you all at the webinar on Wednesday and check back later this week for an additional post providing more info on what this release means to existing SCUPdates customers.

Coming Soon! Shavlik Protect 9.1

Hey All,

Shavlik Protect 9.1 getting closer to release.  I wanted to share some details about the release with you and also let you know that in March you will get an opportunity to take 9.1 for a test drive.  We are rapidly nearing the Protect 9.1 beta so if what you see below is of interest shoot an email to us at beta@shavlik.com to sign up for the beta today.

germanUI

The Protect Console has been localized into ten languages.  Check out the screenshot of the Protect UI in German:

 

 

 

 

 

Protect now supports IPv6 and has enhanced resolution features to allow the assessment to discover a machine by FQDN, Hostname, IPv4, or IPv6 more effectively.

 
deploymentWe have cleaned up and enhanced the agentless deployment workflows in Protect.  Now you will see more high level summary and more detailed information about deployments as they occur.  Check out this screenshot showing a machine level status and how many patches were deployed and how many executed.  Also see the patch level and the description showing the return code from the patch:

 

 

 

We have expanded the filters in the Scan template to include vendor severity which allows for more flexibility to scan for what you need without a lot of configuration of patch groups.

And for those of you with reporting customization needs, we have added several report views and documentation on the relationships so you can customize your own reports.  You can also use them to build reports from SQL Reporting Services or other 3rd party reporting tools.

Again, if any of these features are of interest to you we are looking to start the beta in early March before patch Tuesday.  Shoot us an email at beta@shavlik.com to get on the beta list.

 

 

 

Protect Console Migration Tool Early Access

We have been developing a tool to easy the burden of moving a Shavlik Protect Console from one system to another.  It could be done with some manual effort.  Moving certificates, swapping out the name of the system so agents would just start talking to the new one once you had moved everything, but it was a pain.  With the performance benefits of 64 bit and the EOL of Windows XP (Apr 2014) and Server 2003

Security Resolutions for 2014

The holidays are nearly over and many of us are starting to think of resolutions as we start a new year.  You may be contemplating diets, kicking a habit, getting a gym membership or excise equipment at home, but at the office, think about ways to improve your security in 2014.  Here are some suggestions to contemplate.  These are probably already problems or projects you have been thinking about and maybe you already have them solved or planned out to solve this next year.  If you haven’t, keep in mind all of these are possible with Shavlik Protect.

Increase patching frequency for your end user machines:

  • Microsoft may only release patches once a month, but the 3rd party apps on your systems are updated throughout the rest of the month.  Products from vendors like Adobe, Java, Google, Apple, Mozilla, and others are a prime target for hackers as many companies neglect to update them.  Our Content Team releases new data multiple times each week which includes security updates for these products.
  • Talk to vendors who are holding you on a vulnerable version of software due to a dependency on their application.  A good example of this is Java Runtime.  If you have software dependent on an older version of Java this is a risk to your environment.  I can’t tell you how many companies I talk to that have a dependency on a version of Java 6 due to a software vendor who has a dependency on a specific version of Java.  There are known exploits and off the shelf software to take advantage of them making this an easy target for hackers.
  • Check for End of Life software on your systems.  Shavlik shows software titles that have reached EOL with their vendor.  Any titles that are no longer supported become a risk to your environment and should be updated or removed if possible.

Secure your virtual infrastructure: 

  • Securing the Guest OS is all fine and good, but if you do not patch the infrastructure it is running on you are still putting the most secure VM at risk.  With Protect you can patch Citrix, Hyperv-V, and VMware ESXi (Protect 9.0+) infrastructures.
  • Update VMware Tools.  VMware Tools are required for a lot of functionality on VMware VMs.  They are also a security risk.  Ensure you are updating the Tools version on your VMs.  Keep in mind if you do not update the Hypervisor tools version then the status for VMware Tools being up to date is not accurate.  You should ensure you have the latest tools updates applied to your Hypervisors.  There can be a delay and possibly a VM reboot before the Tools version shows out of date after you update the tools version of your Hypervisor.  Protect will detect and push the latest version of tools to systems which may be newer than the version your Hypervisor is evaluating against.

Extend your coverage outside your environment: 

  • Laptops that move in and out of your network regularly can be a risk to your environment.  It is important to ensure these systems are updated more frequently.  They move beyond your corporate perimeter security measures and often reside on public networks exposing them to greater risk.  With Protect 9.0 you can now enroll your console in the ProtectCloud.  This enables agents on your laptops to keep up to date even outside your network.  Policy updates and results are exchanged through the ProtectCloud so you are still able to see machines being updated and ensure they take policy changes you apply.

 

 

 

Shavlik Joins Microsoft System Center Alliance

Shavlik is happy to announce we have joined the Microsoft System Center Alliance Program. By joining the Alliance Program, Shavlik is reaffirming its commitment to customers who use System Center Configuration Manager.

“Shavlik is thrilled to be part of the Microsoft System Center Alliance Program,” said Marshall Smith, Vice President of Partnering and Operations for Shavlik. “We have patched Microsoft and third-party applications since the beginnings of Shavlik, and we plan to continue empowering our customers with our popular SCUPdates, Management Intelligence, and additional Shavlik products that add value for System Center customers.”

“Our membership in the Alliance will help us continue to foster the communication required to shape and refine our products and to meet the needs of our mutual customers.”

Shavlik SCUPdates eliminates the time-consuming task of researching and creating the updates required to patch third-party products via SCCM. After downloading the SCUPdates catalog and importing desired patches into Configuration Manager using System Center Updates Publisher (SCUP), users can manage and deploy third-party updates from within SCCM in the same manner in which they manage Microsoft updates.

“System Center 2012 R2, with its trailblazing functionality, provides a solid foundation for third parties such as Shavlik to build on and add value for customers,” said Brian Hillger, Director, Product Marketing, Microsoft Corporation.

“With SCUPdates, Shavlik is helping customers keep third-party applications patched and secure with consistent accuracy and ease-of-use. Microsoft is pleased to welcome Shavlik into the System Center Alliance.”

Shavlik Management Intelligence extends SCCM data for effective asset management.

Read the full article here to learn more about the Alliance Program as well as how Shavlik can help you extend the capabilities of Configuration Manager.