Hi Friends, i am trying to configure a firewall rules on my company because we need to control the internet, i can create a rules with the IP of the machine but in my company we have a DHCP mode. My question is if i can to create the same rules but with the computer name of the machine dont the IP address. Thanks for all.
Hi All,
I want to know if is there an option to cofngiure proxy server at internet connection from the SEP
We're seeing what looks like raw HTML on the Fileconnect product download page for International English. The page is not formatting correctly.
This is what we are seeing:
<p><strong data-mce-style=" #222222;">Core Technologies of SEP 14</strong>Your license entitles you to Symantec Endpoint Protection’s core security technologies. For optimal protection, deploy and become familiar the following:<strong data-mce-style=" #222222;"> </strong><strong data-mce-style=" #222222;">Advanced Machine Learning:</strong> Pre-execution detection of new and evolving threats<strong data-mce-style=" #222222;"> </strong><strong data-mce-style=" #222222;">Memory Exploit Mitigation:</strong> Blocks zero-day exploits against vulnerabilities in popular software<strong data-mce-style=" #222222;"> Antivirus</strong> - uses signatures to block and remove malware<strong data-mce-style=" #222222;"> Reputation monitoring (Insight)</strong> - automatically determines risk using the “wisdom of crowds”<strong data-mce-style=" #222222;"> Behavior Heuristics (SONAR)</strong> - examines programs as they run and blocks suspicious behavior<strong data-mce-style=" #222222;"> Network Access Control</strong> - protocols for role-based access and security<strong data-mce-style=" #222222;"> System Lockdown</strong> - advanced whitelisting and blacklisting<strong data-mce-style=" #222222;"> Application Control</strong> - monitor and control application behavior<strong data-mce-style=" #222222;"> Device Control</strong> - restrict access to the hardware that can be used<strong data-mce-style=" #222222;"> Power Eraser</strong> - scrubs hard to remove infections<strong data-mce-style=" #222222;">Don’t Know What to Download?</strong> Click <a data-mce-="" data-mce-style=" #0167ab; text-decoration: none; outline: none;" href="https://support.symantec.com/en_US/article.INFO2576.html" target="_blank" rel="nofollow">here</a> for more details.<strong data-mce-style=" #222222;">Links to Documentation</strong> <a data-mce-="" href="https://www.symantec.com/support-center/getting-started" rel="nofollow"> </a><a data-mce-="" href="https://www.symantec.com/support-center/getting-started" target="_blank" rel="nofollow">Getting Started</a> <a data-mce-="" href="http://entced.symantec.com/sep/14/quick_start" target="_blank" rel="nofollow"> Quick Start For Managed Installations of 500 Clients or Less</a><a data-mce-="" href="http://entced.symantec.com/sep/14/sysreqs" target="_blank" rel="nofollow"> Release Notes and System Requirements</a> <a data-mce-="" href="http://entced.symantec.com/sep/14/product_guides" target="_blank" rel="nofollow"> Product Guide</a><a data-mce-="" href="http://entced.symantec.com/sep/14/landing_page" target="_blank" rel="nofollow"> Support Landing Page</a> </p>
Environment: Win 7 Pro SP1 64-bit, SEP 14.2 MP1.
We're getting IPS signature install failures with the Jan. 24, 2019, r61 defs.
From the client UI system log: "Intrusion Prevention Signatures fail to install. Error: Postsession callback failed (208)". We can immediately run a manual LiveUpdate on the affected clients and the IPS defs install successfully.
Does anyone have any idea what a postsession callback failure is and what causes it? We've seen this error a few times in the past - about a year ago. It seems to go away when new defs are available from LIveUpdate.
Hi,
I know that the notifications that popup on client computers can be customized but is there a way to allow them to only display the notification depending on the type of detection? I am just trying to satify a question from managment on creating a policy on what alerts get displayed on the client PCs.
For example, only have a notification popup on the client computer when a virus or malware is detected but not when say a cookie or joke program is detected?
From what I can see, it may be only an option on Administrator Defined Scans by using multiple scans but that would create a signifigant overhead increase on computers, servers, and network.
Thanks,
Mike
Hi,
Having a issue while user changing his/her AD Password. It is not sync auomatically, User has to login with old password, every time we have to delete the user from PGP console and again enroll it. Tried the following checks also.
1. Update Bios Version.
2. Update Build version.
3. Go to Appdata and delete the Folder PGP Corporation present in the drive.
4. Again go to localappdata and also delete Folder PGP Corporation present in the drive.
Can anyone suggest??
Hello all,
I was wondering if anyone knew the amount a time that it takes for an offline/decommisioned PC to "fall off" and deregister from the Symantec Enpoint Protection Manager. Obviously, we could go in and simply delete the workstation from the SEPM client list once we pull it out of service but I was curious on the automated deregistering time frame of it and if there was a setting somewhere to customize that if need be.
Thank you.
Hi,
Virus and Spyware Protection still waiting for updates.
While the other 2, the dates are 2018.
I try to do a live update but there was an error message stating "Failed to connect to live update server".
I just wanna confirm that it is not updating due to this right?
Thanks
Hello,
i am trying to automatically install SEP Manager 14.2 on Windows Server 2016 using the SetupMode, but the installation fails.
Installation environment:
Error log:
Beginning Windows group policy check.
Policy check result: 0, Message: Symantec Endpoint Protection Manager cannot read the required user rights that are specified in the Windows domain security policies on this computer. The management console cannot run if user rights are not assigned to Symantec Endpoint Protection Manager services.
Check the user rights in your domain security policies manually. For user rights requirements and more information, see: http://entced.symantec.com/sep/14.2.1031.0100/mscw...
Non-interactive installation, cancelling.WindowsPolicyUtil> reviewWindowsSecurityPolicies>> Retrieving domain policy information...
GroupPolicyXMLDataRetriever> readDomainGroupPolicies>> Generating and reading domain policies. executionCount: 1
GroupPolicyXMLDataRetriever> readDomainGroupPolicies>> Gpresult command returns error: 1
GroupPolicyXMLDataRetriever> readDomainGroupPolicies>> XML file not found. Domain policy status will remain UNKNOWN.
GroupPolicyXMLDataRetriever> readDomainGroupPolicies>> Generating and reading domain policies done! Total executionCount: 2
WindowsPolicyUtil> reviewWindowsSecurityPolicies>> Domain policy information retrieved
WindowsPolicyUtil> reviewWindowsSecurityPolicies>> Applied Policies = []
WindowsPolicyUtil> reviewWindowsSecurityPolicies>> Applied policy list retrieved is not valid. User alert to be displayedWhat else could i do to find the problem?
Many thanks in advance
I have upgraded a couple of clients to the latest SEPM (14.2.1031.0100), and in every case when assigning a new install package to a group, with the upgrade schedule being set, the upgrades ignore the schedule and begin assigning the upgrade immediately. Existing clients are running 14.2.758.000 and am upgrading to 14.2.1031.0100. Since I can't deploy upgrades during the day due to restrictions on user interruption, I'm having to manually move the clients to an upgrade group, allow them to upgrade, then move them back to their original group before and after close of business.
Any ideas on how to enforce the upgrade schedule?
I have a question regarding a new agent install that gets moved from its designated PrefferredGroup to the default group automatically immediately after its registered. This is during a large deployment of over 1000 agents and only a handful of agents are doing this.
The logging in the ersecreg-a.log shows the agent in the correct preferredgroup at 01/17 11:28:50 after the install
The next log at 01/17 11:29:55 shows the agent in the default group, and I'm unable to determine what caused this move.
Can someone shed light on what might cause this agent to be moved automatically from one group to another on its own? Or at least point me in the direction to where else I should look? I’m unable to find that smoking gun to the cause.
I have a Symdiag from the SEP client and the SEPM to examine the logs.
Thank you
Newbie here.
Hi, I am trying to find out what is the superior method of scanning a disk between
a. Starting the OS and running a scan of the entire drive (OS-visible offcourse) using the SEP software installed on the OS -- Self scan
and
b. Removing the physical drive, mounting it unto another machine and using the SEP software on the machine to scan the entire mounted disk drive.
I do not know that either method will see any difference in the disk if both OS'es within which SEP resides are identical as they may only see what they have permissions to see on the disk.
Is there a way to perform an SEP bit-scan of a disk?
Thanks
Hello and sorry for my english :-)
I migrate endpoint protection manager to new server (move database). All works fine on new server but clients don't want to migrate to new server.
So i check to understand why... In priority list server i put (just after migrate server) the new server name and IP, but it is not that.
So i look sylink.xml on clients and i see there is no certificate for the new server. So clients tries to connect to new server but they don't have the certificate to authenticate and they come back to old server.
To resolve this, i can use push install, but not very easy because all clients must be online or i can use script to push new sylink but i don't want.
I think the quick way is to add certificate of the new server on all sylink.xml in old server. Like this, all clients onnected to old server will receive new sylink with certificate inside.
If i add certificate in all sylink.xml in folders c:\program files\symantec\symantec endpoint manager\data\outbox\agent\ it will be good ?
thanks a lot
Hi,
Question: If my company is working with Microsoft SQL, the database maintenance task ( rebuild Index, Log Limit, truncate the database transaction logs ) are still working?
Thanks,
Hello,
I just purchased 1 year of SEP 14 for my pc, becasue we use it at work and I need to protect my in-home side business pc. I was just wondering if I need a server to run SEP 14 properly. I was able to get my download using my serial number and I got just the PC client, but I saw that there was a full installation that includes server config to push it out to other clients. If I just bought 1 licsense, and downloaded the client installer, so Symantec should pull data down from liveupdate.symantec.com right and the server config wouldn't be necessary?
hi there,
i have a ridiculous issue, when i'm clicking the home page buttons I mean offline or disabled .. and when i'm clicking the create new schedule report button (add or edit)
its giving not responsible.
I created case but symantec not found any solution yet. (1month) 28264126
Do you have any suggestion?
ty
HI! I am using symantec endpoint protection (v12.1.6 build 7445)
Recently my external hard drives are getting compromised by a virus, which hides the original folder and creates their shortcuts. I tried all cmd options as available in many forums, tried full scan, all updates on... to no avail.
Pl advise.
Thanks & Regards
PS: Screenshots for Flash and message while trying to zip files on it are attached for ref pl
Upgraded the Endpoint Protection Manager without issue. Added the new clients installs into the system and assigned them to various orginizations. Watched upgrades start to happen. We are a Dell hardware centric and our Laptops (Dell Latitude 5570) had no issues, but we have a failure on about 25% + of our Dell Optiplex 3020. The desktops would no longer boot, but would show a black screen with a circle of spinning dots. We let them go for hours and a few finally booted but once powered off and back on they would fail to boot again or boot after multiple hours of waiting. We had to boot the computers to safe mode and run Cleanwipe on them to get them back to normal. Reinstallation, as a test, on some of the Cleanwiped computers caused the problem to reoccur and left them at the black screen with spinning dots, forcing us to Cleanwipe them again.
We have used this same method of upgrade for years and have never had issues like this before. We are a K-12 School district and use all computers daily. Usually removal of the software, especially using Cleanwipe, has always solved most problems. I am at a lost of what to do to move forward. We have at least 200 computers now without protection.
All computers are Windows 10 Pro version 1803. The strange thing about this is in most labs/schools the computeres were all cloned from the exact same image and in a given lab of 30 computers 5 to 12 of them would fail with the above errors while the rest upgraded and work just fine. I am looking for anyone else that has had similar issues and what you did to fix the problem.
Thanks!
Can someone send me the LATEST documentation for what to do in case of a ransomware attack, runaway virus, etc . . . ?
I have everything set up properly. Now I just need to know what tools are available to me in case the worst happens.
Thanks!
After one of my users mistakenly clicked on a website that is blocked by my firewall, I received an email stating that there was a blocked intrusion prevention attempt on my secondary DNS server that came from that user's IP, attempting to access my DNS server on port 53. Does anyone else have suggestions on anything I need to do, or is SEP doing it's job and I'm ok?
