How To Use the Symantec Endpoint Recovery Tool with the Latest Virus Definitions

  1. Using an unzipping utility, unzip the .jdb file into a new folder.

    Note: It is possible to use the built-in Windows unzip utility to unzip the .jdb file. To do so, change the file extension on the .jdb file to .zip, right-click the file, and click “Extract All…”.

  2. After the .jdb is uncompressed, place the folder on a removable storage device or in at the root of the infected computer’s hard drive so that the Symantec Endpoint Recovery Tool can access the definitions.
  3. Confirm that the infected computer boots from CD or removable media first.
    Refer to the computer’s manual for information on configuring the computer appropriately.
  4. Boot the infected computer from the SERT disc created in step 2.
  5. Click Continue loading Endpoint Recovery Tool
  6. Select a language and click OK.
  7. When presented with the Symantec Software License Agreement, click I Agree.
  8. If a network connection is detected, the Symantec Endpoint Recovery Tool attempts to download the latest virus definitions. If the computer is isolated from the network, or if it is unable to download definitions for any reason, click Browse for Virus Definitions, and browse to the folder to which you unzipped the virus definitions.
  9. Verify that the virus definitions have been loaded by looking in the lower right-hand corner of the screen. Virus definitions current as of should reflect the current date.
  10. Make sure that Save scan session information is checked.
    Saving the scan session allows you to undo any modifications made by the tool.
    If needed, you can change the location where the scan session information will be stored. To do so, click  Change location and select the preferred location.
  11. Click Start Scan.

 

Source: http://www.symantec.com/docs/TECH131732

What is the USC?

The Dell™ Unified Server Configurator is a pre-installed configuration utility that enables systems and storage management tasks from an embedded environment throughout the server’s lifecycle.

Residing on an embedded flash memory card on the system board of supported servers, the Unified Server Configurator is similar to a BIOS utility in that it can be started during the POST (Power On Self Test) sequence and functions independently of the operating system (OS).

Using the Unified Server Configurator, you can quickly identify, download, and apply system updates without needing to search the Dell support site (support.dell.com). You can also deploy an OS with drivers (the USC stores Operating System drivers contained within a driver pack), configure a Redundant Array of Independent Disks (RAID), and run 32 -bit diagnostics to validate the system and attached hardware.

NOTE:
Certain platforms or servers may not support the full set of features provided by the Unified Server Configurator.

Starting the Unified Server Configurator

To start the Unified Server Configurator, press the <F10> key within 10 seconds of the Dell logo being displayed during the system boot process.

The first time you boot the system, the Unified Server Configurator starts with the User Settings wizard displayed so that you can configure your preferred language and network settings.


USC and Diagnostics

Dell has built into the Unified Server Configurator the ability to launch the system DMRK diagnostics.

CE TIP:
Learning about how the USC can be used to launch and utilize the DRMK diagnostics can be an advantage for you when addressing customer issues. Especially those that require diagnostics to be performed to identify the problem, as the diagnostics will always be on the system board, and there is no need to download them from support.dell.com, as long as the USC on the system is viable and functioning.

When launching the DRMK diagnostics please keep in mind the following:

  • The BIOS provides “thunking” mechanism to allow DRMK DOS to run the tools.
  • When the Diagnostics are complete a reboot of the system is required, sometime after initial launch a reboot will not be required.

The process below illustrates how to launch these diagnostics from the USC.

Platform Update Using FTP Repository
1. To perfom the following procedure you need the following.1.     A server booted into the Unified Server Configurator, F10 on P.O.S.T.
2. Select the Diagnostics option from the left menu of the Unified Server Configurator.
3. On the next screen of the USC Diagnostics Launching Wizard, you will see a single option for Run Diagnostics, select this option.
4. You will now see a screen saying the system is “Loading DRMK V8.00,” indicating the system is loading the diagnostic files.
5. The DMRK diagnostics is now loaded, from here the diagnostics is identical in form and function when compared to the media loaded diags.

Platform Update using FTP Repository

With the Unified Server Configurator Dell has provided the ability to update the USC platform, OS driver pack and system diagnostics using an FTP repository. By default the repository would be ftp.dell.com, but customers can create there own FTP repository and point to it for updates. The image below provides a high level overview of how the Platform Update works using an FTP repository.

The process below explains how to initiate a platform update using an FTP repository, like ftp.dell.com.

Platform Update Using FTP Repository
1. To perform the following procedure you need the following.

  1. A server booted into the Unified Server Configurator, F10 on P.O.S.T.
  2. One of the NICs on the server must be connected, and have properly configured access to the internet to gain access to ftp.dell.com.
2. Select the Platform Update option from the left menu of the Unified Server Configurator.
3. On the next screen of the Platform Update Wizard, you will see a single option for Launch Platform Update, select this option.
4. This next screen select an FTP server or USB Key containing the Platform Update Repository files. Select FTP Server, and configure the FTP server address, proxy server information proxy port, proxy type, proxy user name and proxy user password information. Once all the information is populated click the next button to continue.
5. The next screen in the platform updates wizard allows the user to select the available updates on the repository. Notice that this page shows the current version diagnostics, OS Drivers Pack and the USC platform version as well as the versions to be updated to during the update process.
6. Once the user sees this screen, the system is now performing the Platform Updates.
7. Once the system completes each task for the update, the system will now reboot. You will notice on P.O.S.T. that the system will state it is entering system services, this is the normal and expected behavior.

8. Once the system gets to the welcome screen of the USC after the first reboot, it will reboot again. However, upon the second reboot it will default to the normal boot process, as configured in the system BIOS.

!!It is very important that you update the USC itself!!

Download this as a document:

Dell OMSA LiveCD 6.0.1

Dell OMSA LiveCD 6.0.1 provides the following features

• Safe environment to perform diagnostics or data recovery
• Access to disk diagnostics (Dell Online Diagnostics)
• Access to tape diagnostics (xTalk and IBM ITDT)
• DSET tool built into operating system
• Built in FTP and SMB shares to easily transfer files
• Built in telnet, SSH and VNC servers for remote troubleshooting
• Webex support for Dell technical support access
• OMSA 6.0.1 built in for local and remote access

Read the PDF: http://linux.ins.dell.com/files/openmanage-contributions/omsa-601-live/Guide.pdf

Download the iso: http://linux.dell.com/files/openmanage-contributions/?C=M;O=A

Create a bootable SERT USB key

The Symantec Endpoint Recovery Tool is an image that you can burn on a disc, which you can use to scan and remove malware from client computers. You use this tool for the computers that are too infected for Symantec  Endpoint Protection to clean effectively.

(http://www.symantec.com/connect/videos/symantec-endpoint-recovery-tool-sert)

You can download the tool from https://fileconnect.symantec.com/ and you need your license number like B1234567891.

Download the tool and get a USB key with at least 512 MB space

1.    Using WinRAR or similar, extract the SERT.iso file to the local file system (assume C:\SERT).
2.    Open a command prompt with admin rights.
3.    Insert the USB stick into the computer.
4.    Type the following command to start Diskpart:
diskpart <enter>
5.    Type the following command to list the available disks:
list disk <enter>

This command is important.  It will show you what number your USB drive is.  Failure to select the right disk at this point may result in loss of data from your hard disk.  Normally the drive is Disk 1, but you should confirm before proceeding.

6.    Type following commands to format the USB stick and prepare it for SERT:
select disk <number> <enter>
clean <enter>
create partition primary <enter>
select partition 1 <enter>
active <enter>
format fs=fat32 <enter>
assign <enter>
exit <enter>

7.    At the command prompt, type the following to copy the SERT files to the USB Stick:
xcopy C:\SERT\*.* <removable disk drive letter>\ /e /h /f <enter>

For updated definition files, download the JDB files and unzip them to the USB key. The JDB files can be found at http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=savce

To see how the SERT tool can be updated with the downloaded JDB file, read the following article: http://www.bvanleeuwen.nl/faq/?p=748

ESXi 4 on a bootable USB key

  1. Download ESXi 4.o VMware-VMvisor-Installer-4.0.0-164009.x86_64.iso
  2. Open image.tgz
  3. Open image.tgz\usr\lib\vmware\installer\VMware-VMvisor-big-164009-x86_64.dd.bz2
  4. Extract VMware-VMvisor-big-164009-x86_64.dd to your local hardrive
  5. Attach the USB flash drive and make sure you no longer need the data on it
  6. Use WinImage to transfer VMware-VMvisor-big-164009-x86_64.dd to the USB flash drive
    1. Disk->Restore Virtual Hard Disk image on physical drive…
    2. Select the USB flash drive (Warning: If you select the wrong disk you will lose data!)
    3. Select the image file VMware-VMvisor-big-164009-x86_64.dd
    4. Confirm the warning message
    5. Wait for the transfer to complete
  7. Unplug the USB flash drive (Warning: If you forget to unplug the flash drive from the PC you might lose the data on your hard drives the next time you boot!)
  8. Attach the USB flash drive to the machine you want to boot (Warning: If ESX Server 4i recognizes local drives, you might lose the data on it, so make sure you don´t need it anymore or unplug all hard drives!)
  9. Turn the machine on and make sure the USB flash drive is selected as boot device
  10. Watch ESX Server 4i boot
  11. Configure
  12. Enjoy!

ESX3.5i on bootable USB key

  1. Download ESX Server 3.5i Installable ISO
  2. Extract INSTALL.TGZ from the root directory of the ISO image using an IZArc
  3. Extract /usr/lib/vmware/installer/VMware-VMvisor-big-3.5.0-67921.i386.dd.bz2 from INSTALL.TGZ using IZArc
  4. Extract VMware-VMvisor-big-3.5.0-67921.i386.dd from VMware-VMvisor-big-3.5.0-67921.i386.dd.bz2 using IZArc
  5. Attach the USB flash drive and make sure you no longer need the data on it
  6. Use WinImage to transfer VMware-VMvisor-big-3.5.0-67921.i386.dd to the USB flash drive
    1. Disk->Restore Virtual Hard Disk image on physical drive…
    2. Select the USB flash drive (Warning: If you select the wrong disk you will lose data!)
    3. Select the image file VMware-VMvisor-big-3.5.0-67921.i386.dd
    4. Confirm the warning message
    5. Wait for the transfer to complete
  7. Unplug the USB flash drive (Warning: If you forget to unplug the flash drive from the PC you might lose the data on your hard drives the next time you boot!)
  8. Attach the USB flash drive to the machine you want to boot (Warning: If ESX Server 3i recognizes local drives, you might lose the data on it, so make sure you don´t need it anymore or unplug all hard drives!)
  9. Turn the machine on and make sure the USB flash drive is selected as boot device
  10. Watch ESX Server 3i boot
  11. Configure
  12. Enjoy!