#log4j2 #Symantec This video will demonstrate the step by step mitigation for Symantec endpoint manager against Log4j2 vulnerability.
Log4j2 vulnerability (CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105) information and mitigation steps for on-premises manager.
Reference Link: knowledge.broa...
Endpoint Protection Manager mitigation
CVE-2021-44228 and CVE-2021-45046
SEPM 14.3 RU3 build 5427 (14.3.5427.3000) has been released to address these vulnerabilities and is available for download. We recommend all customers migrate their SEPM(s) to this build.
If upgrading immediately is not an option, the following steps can be implemented to mitigate CVE-2021-44228 and CVE-2021-45046 until an upgrade can be completed. Ref. logging.apache...
Go to [DriveLetter]:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\lib\ and locate the log4j-core-*.jar file.
Copy log4j-core-*.jar to a temp folder and keep a secondary backup in another location.
Right click on the file, choose properties then uncheck Read-only check box.
Add the extension .zip to log4j-core-*.jar by renaming it. This will allow it to be opened with Windows File Explorer, 7zip or WinRAR.
Open (do not extract) log4j-core-*.jar.zip with a zip utility, locate org/apache/logging/log4j/core/lookup/JndiLookup.class and delete it.
Close the zip utility and reopen again to make sure the JndiLookup class is removed.
Remove the .zip extension from the log4j-core-*.jar.zip.
Stop Symantec Endpoint Protection Manager and Symantec Endpoint Protection Manager API services.
Replace the original log4j-core-*.jar file in ...SEPM\tomcat\lib with the recently modified version.
Right click on the file, choose properties then check Read-only check box.
Start Symantec Endpoint Protection Manager and Symantec Endpoint Protection Manager API services.
No SEPM functionality is impacted by implementing these steps. You can revert the System variable as per the steps provided in the additional information below