Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all 10484 articles
Browse latest View live

Need help to solve a problem of appearing/disappearing machines.

December 4, 2013, 2:51 am
$
0
0
I need a solution

Hi,

I administer a network with more than 500 servers, with Windows 2000, 2003 and 2008. All machines has the 11.0.4242.75 version of Symantec Endpoint Protection.

Many machines have been installed from a cloned image of the operating system with sysprep, and the antivirus installed. Now, in the SEP Management console, some of the machines are missing, and when one machine updates its policy, appears in the console in place of other. For example, we have server1, server2, server3, all with the antivirus installed, the console shows just server2. We log into server1, update the policy, and in the console server2 dissapears and server1 appears. Then, update the policy in server3, and server1 dissappears and server3 appears.

How can we solve this problem? We have tried to uninstall the client and install again, and the problem persists. We have more than 50 servers affected.

Thank you

 

 

Search

Denial of Service is logged

December 4, 2013, 3:09 am
$
0
0
I need a solution

Hello,

Having a user with sep client software version 11.0.5002.333.

The user get notices about Denial of Service (Traffic from IP address is blocked).

Any action that should be taken for this type of event?

SEP Time Stamp Issue

December 4, 2013, 6:16 am
$
0
0
I need a solution

Hi,

We are using SEPM 11.0.7 version,Currently we are facing issue with SEP time stamp issue.

We are pulling out the risk logs using RSA Envision 4.x version, Event create and End date is perfect but there is a mismatch in Event inseryt time.

 

Example : if we pull the yesterday risk logs it gives the report like

<ip> <system name> Event create date and time:04/12/13 12.xx.xx Event insert time : 04/12/2012 12.xx.xx Event end date:04/12/13 12.xx.xx

if you look at the above said example the create and end time stamp is 2013 and the insert time is 2012.

is this known issue with Symantec Endpoint Protection.

Looking forward promp solution.

Thanks in Advance.

 

 

 

SEPM upgrade hung?

December 4, 2013, 8:41 am
$
0
0
I need a solution

I'm in the process of upgrading to 12.1.4 and followed the upggrade document. Everything appeared to be fine and a box came up saying the files were successfully upgrade and to click Next to proceed to the database upgrade. I did click Next and waited and waited but nothing came up after roughly 15 minutes.I rebooted the server thinking this may help but still nothing. I'm stuck on how to proceed. I'm fairly new to this process and was hoping for community support before opening a ticket.

I was upgrading from 12.1.2. Server 2008 R2. x64.

Thanks!

LUA 2.3.2.99 download schedule constantly fails

December 4, 2013, 9:19 am
$
0
0
I need a solution

Hi,

I have a new installation of LUA v2.3.2.99 running on Windows Server 2012, along with SEP clients 12.1 RU2.

Everytime i have manually ran or scheduled the download task on the LUA, it fails at various stages, usually between 50-85%.  At the moment i have the download job set to run and grab all the Symantec Endpoint Protection v12.1 RU2 components.

I've tried clearing down all the download directories temp, program files, program data directories, but still the download fails.  I have noticed that LUA is trying to download near 5gb worth of data each time.  I can confirm that the LUA has access to the internet and i can access the Symantec Liveupdate URL's

Might also be worth noting that we have 2 LUA setups, one live and on backup on different sites, the download task has failed to complete on both sites.

I've tried looking through various other posts and the suggestions in them but with no luck.

Anyone else to bounce some idea's off, or were to look for clues to why it's constantly failing?

Thanks,

John

SEPM showing two server properties

December 4, 2013, 6:34 pm
$
0
0
I need a solution

Hi

Just want to check if it's normal to have two server properties on SEPM console? When will it show this way? Please see attached file

Windows 2012 R2 SP1

December 4, 2013, 8:12 pm
$
0
0
I need a solution

Forgive this question as I have been out of the loop with SEP for a while.  Looking to roll out the latest version of Windows Server 2012 R2 SP1.  Do I need to updated the SEP Manager in order to update the clients to 12.1.4?  We are currently at 12.1.2015.

Client is facing network slowness from 40Mbps to 100kbps due to NTP.

December 4, 2013, 8:37 pm
$
0
0
I need a solution

Client is facing network slowness from 40Mbps to 100kbps due to NTP.

after disabling NTP, getting the good speed.

(NTP enabled)After restarting the SEP client getting the good speed - after soetime going to slow.

 

Using SEP12.1.3

Search

symantec endpoint protection manager best practices for logs

December 4, 2013, 11:34 pm
$
0
0
I need a solution

HI

symantec endpoint protection manager best practices for client logs

 how we can save  more logs and report on Symantec endpoint protection manager

Symentec Endpoint : My computer hangs during 20 min after switch on

December 5, 2013, 12:35 am
$
0
0
I need a solution

Hello

 

Every day my computer hangs permore or less 20 minutes with HDD working at 100%. CPU usage is more or less 0%

If I stop symantec I can use my computer

Sometimes it is due to ccSvtHst.exe, somteimes it Smc.exe

See here under a screenshot of performance monitor, HDD is 100% :Cattura.PNG

Any idea?

My version of Symantec Endpoint:

Cattura2.PNG

Regards

To use Advanced Download Protection or SONAR, you must install IPS?

December 5, 2013, 12:43 am

Installing new site error

December 5, 2013, 1:06 am
$
0
0
I need a solution

Hi

i want to install new site and replicate with existin site. in wizard , afte create database , when replication start , an error show.

i test connctivity. it is ok.

033.png

SEP Policy confirmation

December 5, 2013, 2:19 am
$
0
0
I need a solution

Hi Expert's.

Looking for a confirmation, Will a SEP policy apply to a client if the client does not have that sep feature installed?

I have installed a sep agent on a system without Intrusion Prevention feature. but I have put that client to a Group that does have a policy assigned for IPS.

So that policy will work or not on that system.

Manually ran a live update, 1 update found, but FAILED to install

December 5, 2013, 8:09 am
$
0
0
I need a solution

So it's 1 update, 0 installed. Update installed.

There are 1 update(s) to be downloaded.
Downloading update package (1 of 1) failed.
Encountered an error while downloading file 1386237193jtun_irev131205002.7z.
0 update(s) have been downloaded.

Processing updates...
Encountered an error while processing an update for Revocation Data.
Failed to install update for Revocation Data.

Session summary: 1 update(s) available, 0 update(s) installed.
LiveUpdate session is complete.

 

Why?

 

LiveUpdate fails when run manually

December 5, 2013, 9:10 am
$
0
0
I need a solution

Hi

I've installed the 12.1 RU4 version in some Macintosh clients and I presented the problem: LiveUpdate fails when run manually through client interface

I tryied to run the LiveUpdate, as the article recomends, using the LUTool, but I  get the following message:

objc[29698]: Class XByteCountFormatter is implemented in both /Library/PrivateFrameworks/SymAppKitAdditions.framework/Versions/B/SymAppKitAdditions and /Library/Application Support/Symantec/LiveUpdate/./LUTool. One of the two will be used. Which one is undefined.
2013-12-04 14:45:16.854 LUTool[29698:407] in ConnectionDied, stopping current run loop
 
 
Cheking the liveupdate.log I have the following:
Wed Dec  4 14:45:15 2013: Daemon Launched
 
Wed Dec  4 14:45:15 2013: Daemon version: LiveUpdate 6.2.2f1, <C2><A9> 2013 Symantec Corporation, All Rights Reserved.
Wed Dec  4 14:45:15 2013:  *** Adding Command
Wed Dec  4 14:45:15 2013: **** Command Key/Value (RegistryPath//Library/Application Support/Symantec/LiveUpdate/ActiveRegistry)
 
Wed Dec  4 14:45:15 2013: **** Command Key/Value (VolumeRoot//)
 
Wed Dec  4 14:45:15 2013: **** Command Key/Value (PlugInPath//Library/Application Support/Symantec/LiveUpdate/PlugIns)
 
Wed Dec  4 14:45:15 2013: =======================================================================
Wed Dec  4 14:45:15 2013: Starting up
Wed Dec  4 14:45:15 2013: Setting last check time now
Wed Dec  4 14:45:15 2013: Should download now and install later: 0
Wed Dec  4 14:45:15 2013: Gathering plug-ins and registry plists
Wed Dec  4 14:45:15 2013: Setting up request array
Wed Dec  4 14:45:15 2013: LiveUpdatePlugInNAV::GetRequestArray.
Wed Dec  4 14:45:15 2013: License processing
Wed Dec  4 14:45:15 2013: Checking License Settings
Wed Dec  4 14:45:15 2013: Searching for best LiveUpdate server
Wed Dec  4 14:45:15 2013: Requesting mini-TRI flag: http://10.1.2.2/checaav/MacintoshUpdatesAV/minitri.flg
Wed Dec  4 14:45:16 2013: Download Error for file minitri.flg (NSError): -1100
Wed Dec  4 14:45:16 2013: Attempted download of minitri.flg with error 9
Wed Dec  4 14:45:16 2013: Finding Best Server, got error: 9
Wed Dec  4 14:45:16 2013: Searching for best LiveUpdate server
Wed Dec  4 14:45:16 2013: Requesting mini-TRI flag: http://10.1.2.2/checaav/MacintoshUpdatesAV/livetri.zip
Wed Dec  4 14:45:16 2013: Attempted download of livetri.zip with error 0
Wed Dec  4 14:45:16 2013: Requesting TRI files
Wed Dec  4 14:45:16 2013: Requesting livetri.zip: http://10.1.2.2/checaav/MacintoshUpdatesAV/livetri.zip
Wed Dec  4 14:45:16 2013: Attempted download of livetri.zip with error 0
Wed Dec  4 14:45:16 2013: main: CAUGHT ???
Wed Dec  4 14:45:16 2013: Daemon Quitting
 
I have a Windows Server (http://10.1.2.2/checaav/MacintoshUpdatesAV/) as Internal LiveUpdate Server.
I update the definitions, using the LiveUpdate Administrator Utility (1.5), once a week; Just in case I've allready checked the Symantec Endpoint Protection v12.1 RU4 product line.
Other SEP for Mac clients (RU2) update well with the same LiveUpdate schema.
 
Any idea what is causing this problem?
 
Regards
 
 
Search

virus had hide .doc file type, create same name as hidden file but end with .exe

December 5, 2013, 7:55 pm
$
0
0
I need a solution

Dear All

Currently i had encounter a nasty virus, the virus will hide the .doc file and create .exe with the same name as per hidden file(attached pic)

Cuurently from the study of this virus i found it might be the same family for w32.mibling.

i tried to copy the .exe and submit to symantec, however the first time we able to copy, but the second time we cannot copy or even get the md5 value from the file.

The .exe i believe it had change the file ownership or it had been execute

The effected client we had isolate from the network & disable the autorun.inf. Currently we still looking for the source.

While i tried to submit the sample to Security Response Team, however the file size had shrink to 0bytes from it's original 166bytes.

Did you all had encouter such virus or can provided any advice for a newbie to me?

 

Thanks

CHHOWA

Malaysia

 

gold-submission.JPG

SEPM 12.1.3 report & monitor tab showing blank

December 5, 2013, 8:46 pm
$
0
0
I need a solution

Hello Everybody,

I am using SEPM 12.1.3 & I have observed that many time I found reorting & monitor tab blank whenever I click them in SEPM console.

Please suggest what to do?

How to move the SEP client from one group using script without logging to the console. and also is it possible can we create a group using script without logging to the SEPM

December 5, 2013, 11:09 pm
$
0
0
I need a solution

How to move the SEP client from one group using script without logging to the console. and also is it possible can we create a group using script without logging to the SEPM.

proactive threat protection is not functioning correctly due to an intrusion prevention component

December 6, 2013, 4:20 am
$
0
0
I need a solution

Seeing this error can someone help to resovle in the virus software please. Only start today, no idea why.

 

 

SEP 12.1.4 Mac Client not getting IPS udates

December 6, 2013, 7:24 am
$
0
0
I need a solution
I recently upgraded to SEP 12.1.4 and am having a little issue getting IPS updates for Macs.  The SEPMs were installed mid-November and after initial configuration and testing, the properly exported Mac clients were installed on 12/2/13.
 
We only have about 20 Macs out of 950ish total endpoints so a LU Administrator server isn't really called for.  Our endpoints can only get to the Internet through authenticated proxy so doing passive LiveUpdates from the Mac directly to the Symantec web site doesn't work.  So, I set up an Apache reverse proxy configuration on the SEPMs for the Macs.  The Reverse Proxy setup seems to work pretty good for AV updates but it doesn't appear to work at all for IPS updates. 
 
On the SEPM home page the "Out of Date" row in Endpoint Status" shows only the Macs, and only the IP Signature column is shown as "out of date".  I visited the "Virus Definition and Security Updates" web page and there is no mention of IPS Signatures for SEP 12.x for Mac-just the traditional antivirus.
 
This all leads me to believe one or more of the following: 1. Symantec doesn't know that SEP 12.1.4 for Mac now has IPS and therefore doesn't feel the need to supply updates for it, or  2. the Apache Reverse proxy doesn't download IPS Signatures for Mac and that special feature isn't documented anywhere, or  3. There are no IPS Updates for Mac since 11/27/13 and nobody told the SEPM that that the signature isn't really out of date.
 
I'd love to make this problem go away so I can get my upline out of my face. 
 
Does anybody have any insight?
 
Viewing all 10484 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>