A user who manages several Windows servers complained that his Symantec folders are nearly 4GB. Is this normal? What is normal size of Symanted folders. BTW he is running SEP 11, and it's not feasible to upgrade to SEP 12 right now.
Hello,
I'm extracting a RU4 package from the console for my SEP clients. First time I did it, vdefs.zip was about 350Mo, that matchs with what I can find in the Inetpub/content and the Whatsnew.txt inside the zip was at the good date.
I extracted the same package another time and now the vdefs.zip is about 260Mo and the whatsnew.txt is marked september 2013! All tries I do now give me a package with a suxh vdefs.zip file !
=> how is that possible ?
=> The vdefs cannot be extracted from inetpub/content because not enough revisions kept for september 2013... Is that extracted directly from the database ?
=> Is there a log of the package creation where I can have information about the source files ?
Thanks in advance for your help.
Regards
Hello,
My understanding is that if you employ SMSMSE on your exchange servers, you should not enable Outlook Auto-Protect, at the very least on the Exchange Server, and that it's a redundancy to enable it on the SEP client installed on individual workstations. I've found the technical referance about disableing Outlook Auto-Protect on the Exchang eserver itself. I, however, cannot find the vendor technical reference that recommends not running Outlook Auto-Protect on SEP clients on the workstations.
I need to be able to reference a vendor's document or technical publication in order to justify a STIG exception and disable this feature. I cannot reference a forum discussion no matter how much I respect the SMEs advice and content of this forum.
Could anyone point me to a doc/tech pub that says it's best to disable SEP Client Outlook Auto-Protect on the workstation in an environment that is being protected by SMSMSE?
Any assistance is really appreciated!
Seeing event viewer logs I see:
Faulting application name: httpd.exe, version: 2.2.22.4, time stamp: 0x4f71ed81
Faulting module name: secars.dll_unloaded, version: 0.0.0.0, time stamp: 0x4f8fc3a5
Exception code: 0xc0000005
Fault offset: 0x67eb5110
Faulting process id: 0x146c
Faulting application start time: 0x01cf49e59fb4be40
Faulting application path: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\apache\bin\httpd.exe
Faulting module path: secars.dll
Report Id: ddbbdf2b-b5d8-11e3-8afa-00155de68d3b
Initialize Server Configuration Error (secars)
and: The Java Virtual Machine has exited with a code of -1, the service is being stopped. (semsrv)
As I see that many people updates sem-server-0.log and catalina.out I will try to upload mine
Team, We are facing a big problem in our branch. All user's are disabling there Antiviruses from there laptop's and desktops.
is there any way stop user to do this from our Antivirus console.
Admin password is not working after reset. I think i have selected wrong password so it not be able to login.
How can i re-set it again?
Hello,
We have different VLAN in our network, so we use firewall policy to let them allow TCP 8014, 80, 7070 to connect SEPM, but all VLAN clients showing definitions are out of date, there clients can use LiveUpdate from SEPM.
Thanks
We have a SEPM matters Active directorie teams.
In view of kermes Teams hide those teams whose State Integrity is offline.
Through the filter screen, we can not do it.
Can it be done?
------------------------------------------------------------------------------------
Tenemos un SEPM que importa los equipos de Active Directorie.
En la vista de Equipos quermos ocultar aquellos equipos cuyo Estado de Integridad es Desconectado.
A través del filtro de pantalla no podemos realizarlo.
¿Se puede hacer?
I see that 12.1 RU1 supports SQL 2012 so AFAIK that is the earliest version that supports SQL2012. Even RU4 doesn't state if SP1 is supported. Is SQL2012 in RU1 implied that it also supports SP1?
Hello, I have few questions regarding Download insight.
1) If I add Application exclusion for Download insight and select action "Log only" (for Unproven files) from the Centralized exceptions policy, will the user get pop-up asking to Allow or not the file (and the notifications are enabled)? And also will it be written in the SEP logs?
What about if action is set to Ignore - the file will always be allowed but will it be written in the logs as well?
2) If we leave the Notifications enabled and action is set to Quarantine or Delete , will the user still get pop-up asking what action to take or automatically will Quarantine/Delete it?
And one more thing, is there any place/website (it will be good if Symantec has such) where we can test different Download insight scenarions/options/configurations? Long time ago there was some URL in the forums but it is not working anymore.
Everything was fine until Apple issued system update OS 10.9.2. After that my Columbia University Enterprise copy of SEP 12.1.4 stopped working. I reinstalled it and then received multiple error messages saying 'System extension cannot be used' One example of an error message is 'The system extension "/Library/Application Support/Symantec/AntiVirus/Signed/SymAPComm.kext' was installed improperly and cannot be used.' Others were similar, but referenced different extension files.
Can you please tell me how to fix this?
I have a business requirement to setup air-gap PCs that have an unmanaged SEP12 client that is severely restricted in it's functionality. Meaning that non-administrator users can only scan USB keys and cannot change any settings. This was done sucessfully under Windows XP but now we are migrating to Windows 7 with SEP12.
Under SEP11 I had setup the firewall rules to ONLY allow LiveUpdate and Windows Update to run. The LU process was LuComServer_3_3.exe. I don't know what that process is under SEP12 but I suspect that it is ccSVCHst.exe. Can someone point me to the right process to allow through the firewall?
Also, I know that under SEP11 if you set DENY right to the SMCGUI.exe process for a non-admin account, the user can't make any changes to its configuration. They can still open SEP11, but all the options to change the firewall settings/disable anti-virus is grayed out and inaccessable. Is this still possible?
Below is a complete list of changes to my SEP11 clients to lock them down. Keep in mind, these machines MUST be setup to be stand alone and can't rely on a managment server.
Client Firewall Settings:
- All firewall rules removed
- Added Allow LiveUpdate rule
- Allow outgoing traffic for all protocols for process C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.exe
- Added Allow Windows Update TCP rule
- TCP Remote Ports 80,443 and Local Ports 1-65535 for both traffic directions
- Processes are: svchost.exe and ntoskrnl.exe
- Added same rule for Windows Update but for UDP
- Added Block Network Traffic rule
- All IP Protocols for both directions
Client File Permission Settings:
- Set DENY MODIFY right to basic user account on C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
Client Registry Settings:
- HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\LiveUpdate
- Modified Schedule key with the following attributes:
- Basic user account has ALLOW Query Value, Enumerate Subkeys, Notify
- Basic user account has DENY Set Value, Create Subkey, Create Link, Delete, Write DAC, Write Owner
I'd appreciate any help on finding the acutal LU process so it can be allowed through the firewall. If there's anything in my configuration that's redundant, I'd apprecate knowing that too so I can remove it. The whole purpose of these machines is to sit unattended and not allow people internet access.
Is there any option in SEPM which can scan only some directories in the scheduled scan. please suggest
What exactly does a Startup Scan scan?
Everything? Same as an Active Scan? Only startup/boot sector files?
I've watched several eLibrary videos, and done several knowledge base searches, but I can only find details about configuration. I know how to configure it. What I need to know is what is involved with the scan. Some of my clients are complaining that pc startup takes too long, and are rebooting several times on purpose to disrupt/stop the scan. If I can tell them that it's not a full, deep scan and only a partial one like an Active Scan, I can probably persuade them to stop doing these shutdowns. I just need to know for sure.
Seriously. I can't find any specifics about what is in a startup scan anywhere.
Symantec Clean wipe tool require to remove the symantec client, where i can find it?
symantec is showing internal error. and live update is disabled.. and symantec end point protection is in offline state..
firewall policy to block the website?
Clients are on Server 2008 R2 either 64-bit or 32-bit. Endpoint version 12.1. Some servers are in a VM farm and some are physical servers. All servers are for the function of one vendor for a mulit agency system.
I have created 2 policies, one for 64-bit and one for 32-bit. Both policies are Antivirus and Antispyware Protection only. Per the vendor I created a Exclusion policy to exclude any scan from scanning their software or folders. All clients are in a managed group so they all get the same policy.
In the manager, all clients have the most current Policy serial number. All show Online. I believe I have settings in the Communication and LiveUpdate to affect the servers as little as possible.
So here is my issue...I have 29 servers, the manager reports that between 6 - 9 servers are Disabled. I go to that server and the client is running, has the green ball to indicate no errors, the Definition files are current but the status is Off and reports as disabled.
I enable the client from the Manager and it stays that way for hours or days then again, the client is disabled. I cannot figure out why or how clients are becoming disabled.
I really need to figure this out because everytime an issue arises on the servers, the vendor points the finger at Endpoint.
Any suggestions would greatly be appreciated.
Thanks
Debra
I am unable to access http://fileconnect.symantec.com in Internet Explorer 11 (IE11) on Windows 7 (W7). The error message is "
To bring you the most secure and reliable experience, we no longer allow access to the application for browsers that don't meet the minimum requirements laid out below. Please Note: If you are using a supported version of Internet Explorer (8 or higher) and still seeing this message, you may need to disable the Compatibility View.
"
Adding symantec.com and even flexnetoperations.com to my Compatbility List produces the same error. Even if I recycle IE11 or reboot Windows. When is the download website going to be compatbility with the current version of IE11?
Hi all,
we use Citrix XenDesktop (5.6 currently) with Machine Creation services (MCS) to deploy pooled Win7 desktops with Personal vDisk (PvD) 7.0.1.
In the master VM we install Symantec Endpoint Protection (SEP 12.1), and - like many others - we are having issues with
a) the SEP installation becoming corrupted whenever PvD is used
b) Desktops not registering and PvD not functional
I found sources stating that there were known incompatibilites between PvD and SEP, and that it was eventually fixed with an update of SEP and/or an update of PvD. But I cannot find an official (or at least very clear) statement about what exact version of SEP and what exact version of PvD are together fully functional and supported. Anyone?
Thanks
Andreas