Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all 10484 articles
Browse latest View live

SEP 12.1.4: Replacing SEPM machine

March 30, 2014, 4:04 pm
$
0
0
I need a solution

Hi all.  I know the general rule when replacing a SEPM machine is to make sure the replacement machine has the same name and IP address and thenyou can restore your SEPM database to it.  I haven't yet actually done this but I did once read the best practices guide. 

However Ithe old Windows XP computer currently acting as the SEPM has an issue where the SEPM service wont' start, and I don't feel like troubleshooting it since I'd have to replace the machine anyway. 

If I put in a new machine with a different name and IP address, for the systems currently configured to point to the old machine, can I just updat ethem by using the Add Client feature and choosing to send a Communications update?  I don't mind having to re-create the reports and all that - comparing that to having to troubleshoot that service issue, and then back up and restore a db, I might as well start fresh instead if updating clients is going to be "easy". 

I know it is very easy for Unmanaged clients, just wondering if it works the same for ones formerly managed by a soon to be non-existent SEPM.

Thanks! 

Search

Disable Realtime-scanning

March 30, 2014, 9:54 pm
$
0
0
I need a solution

Hi!

 

How can I disable the realtime scanning?

disproportionate size sem5.db

March 31, 2014, 3:46 am
$
0
0
I need a solution

HI

 

In an environment of sepm 12.1.4 Validation, only there are 2 connected machines and the database has a size of 25 GB.
The size is disproportionate in relation to the number of customers.
Procedure is requested to truncate and shrink BD

sem5.db is 25 GB
sem5.log is 4 MG

Regards
 

Risk log showing remediation in progress

March 31, 2014, 5:13 am
$
0
0
I need a solution

Hi,

Risk logs for a machine shows that a virus was found and that remediation is in progress. How can I check to see if the remediation process is complete on the virus found ?? When will I know if its done or the virus was left alone?

Keep getting "Downloader Update" on Several PC's

March 31, 2014, 10:41 am
$
0
0
I need a solution

Right now it's not too bad, but I want the number to stop growing, it is currently cleaned on 17 PC's But I want to stop it entirely

 

C:\Users\user\AppData\Local\Temp\Rar$EX00.962\Statement_03282014.exe

C:\Users\user\AppData\Local\Temp\Rar$EX00.714\Statement_03282014.exe

C:\Users\user\AppData\Local\Temp\Rar$EX00.352\Statement_03282014.exe

C:\Users\user\AppData\Local\Temp\Rar$EX00.569\Statement_03282014.exe

C:\Users\kshipley\AppData\Local\Temp\Rar$EX00.883\Statement_03282014.exe

C:\Users\kshipley\AppData\Local\Temp\Rar$EX00.443\Statement_03282014.exe

C:\Users\draia\AppData\Local\Temp\Temp1_Statement_ddonalds.zip\Statement_03282014.exe

C:\Users\user\AppData\Local\Temp\Rar$EX00.496\Statement_03282014.exe

C:\Users\user\AppData\Local\Temp\ARC4E51\Statement_03282014.exe

C:\Users\user\Desktop\Statement_boardroom3.zip>>Statement_03282014.exe

C:\Users\user\AppData\Local\Temp\Rar$EX00.917\Statement_03282014.exe

C:\Users\user\AppData\Local\Temp\ARCF797\Statement_03282014.exe

 

comment supprimer le virus WS.Viral.1 de mon système

April 1, 2014, 3:23 am
$
0
0
I need a solution

Bonjour,

le résultat d'une analyse complète de mon serveur  (windows XP) en mode sans echec avec réseau me donne que le serveur n'est pas infecté mais le serveur Symantec Endpoint Protection  manager (12.1)déclare ce serveur parmi les machines infectées (WS.Viral.1)

Alors est ce qu'il y a une procédure ou un outil pour supprimer  ce type de virus 

Bonne journée.

How to create Internal LiveUpdate server

April 1, 2014, 6:04 am
$
0
0
I need a solution

Hello Friends,

I am using symantec endpoint protection 12.1.4023.4080 latest version and I want to know the path of liveupdates where updates will be downloaded in the management server.

Can you tell me how to create a live update server internal so all clients should take the updates from that internal server.

 

 

SEP clients wont update automaticly

April 1, 2014, 6:15 am
$
0
0
I need a solution

Hello, i have a SEPM 12.1.3001.165 on a Windows 2008R2 server. I have some Managed Clients which are Windows 2003 and they dont update their definitions automaticly. When i log on on the machines i can manuel start the Liveupdate (i have allowed manuel update) then the clients will update.

But every other client in the same group with the same rules will be updated automatic. The other clients are Windows 2008 / Windows 2008R2.

All the Windows 7 workstation updates also without any problem, i have the problem only with the Windows 2003 Servers.

So is there any problem with Windows 2003? Or did i forgot any "hidden" button?!

1396360141
Search

Update of client by SEPM

April 1, 2014, 6:49 am
$
0
0
I need a solution

Hi all,

In my enviroment there is the following scenario:

  1. The SEP clients receives updates directly from SEPM server;
  2. The SEPM server receives the updates from an internel LiveUpdate server and from Symantec LiveUpdate server.

I don't understand why the clients have different date of signature definitions and why their signature date is different from the siganture date of the SEPM server.
In a normal use case the date SEPM signature should be equal to the date of clients definitions, true?

 

Thanks

Component is Malfunctioning

April 1, 2014, 7:15 am
$
0
0
I need a solution

We have a user whose workstation picked up a few trojans and was flagged by SEP (12.1.3001). I ran a full scan on the workstation after which I noticed 3 components reported as malfunctioning: Antivirus Status, Download Protection Status, and SONAR Status. I then attempted a repair of SEP on the client which returned "Fatal error during installation".

At this point I then uninstalled SEP on the workstation and reinstalled but this did not fix the issue. I then ran Cleanwipe on the workstation and pushed a new install, however when I now view the client in the SEP Manager there is a red x icon with a down arrow and the same components appear as still malfunctioning.

 

 

1396364954

system lockdown

April 1, 2014, 9:30 am
$
0
0
I need a solution

Hi all,

I have a question about system lockdown.
For a small homeshoring project we want to use system lockdown on laptops so people can only start programs we allowed in the fingerprint.

So what we did:
-Install a laptop with all the applications the agents need to use to do their work.
-Use checksum.exe to create a filefingerprint from this system.
-Create a new group in SEPM, make a new policy for system lockdown with the filefingerprint, move the laptops to this group.
 

It all worked pretty great until today, we made exclusions so windows update can run. We applied a new Windows update, that changed about 18000 regkeys :) after that the laptops all where bricked totally unusable :) IE cant be started, even sep client didnt start.

For my perspective:

What went wrong, windows update changed files / file paths, the file fingerprint did not had these new locations in its list so the executables were denied to run. So for all new windows update, disable system lockdown, make a new file fingerprint, import it.? right?

Some other questions:
Can i use the same file fingerprint / policy on different hardware?, as long as the software that needs to run is the same?
Is there a way to 'unbrick' bricked devices? Uninstalling Sep will this fix it? I think a new windows install is needed because almost nothing will start and Sep services cant be stopped or removed :)

Thanks,

Levd

 

Live Update Server configuration steps

April 1, 2014, 10:58 am
$
0
0
I need a solution

Hello,

 

I am trying to find some information regarding setting up a Live Update server for use with Endpoint 12.1.4.

 

I have found instructions for previous versions of the software but I am looking to see if there is a more up to date version of the documents. I have searched and cannot seem to find anything newer than 2012.

 

Thank you for your help.

 

Built-in administrator account for remote SEP 12 deployment

April 1, 2014, 11:28 am
$
0
0
I need a solution

The documentation states that in Windwos Vista, Windows7, or Windows Server, we must "Enable the build-in administrator account and assign a password to the account"

Must the administrator be the built-in account? Can it be a secondary administrator account instead, i.e. create an account with Administrator rights.

1396379903

SEPM Console and Live Update Administrator installed On the Same server

April 1, 2014, 11:43 am
$
0
0
I need a solution

Hi All

I have the scenario

1 DMZ server installed the SEPM console for update definitation for clients

1 internal server install the Symantec Mail gateway 7.0 on the Exchange 2013 server

I want to update the Symantec mail Gateway 7.0 definition, do I need to install the LiveUpdate Administrator (LUA) on the DMZ server?

Or can I use the SEPM console to update the definition for the Symantec Mail Gateway 7.0? If so how to configure it.

 

I try to install the LUA in the SEPM console, it say it is not a best practise? But do i do it, if no other solution.

 

Thank alot 

 

Best regards and thanks

Cyril

 

 

 

 

 

Multiple copies of the same alerts and reports

April 1, 2014, 2:28 pm
$
0
0
I need a solution

I have three SEPM servers (SEPM version 12.1.4) in different sites which all replicate and work fine, however the annoying thing is when one of them triggers an email (report, risk detection etc) I get three copies, one from each SEPM.

For example I have setup the monthly risk report and it gets emailed to myself and management on the first day of each month but we get three emails with the same report.

To work around this I have turned off (purposly missconfigured SMTP settings) on two of the SEPM servers so only one will successfully email the reports / alerts, the down side to this is virus detections and security risk events (which I want to know about ASAP) are delayed until replication has taken place.

Does anyone know if there is a way to designate one SEPM server as the "email / alert server" or does Symantec have something in the pipline to address this.

 

Many thanks

Search

How to create url for remote client upgradation and how to create site on remote location

April 2, 2014, 2:54 am
$
0
0
I need a solution

We have more than 8000 client in remote location for that I want create site and url for remote client version up gradation.

 

 

now i am using version RU3 and upgrada it to RU4.

client version upgradation.PNG

Symantec Endpoint Protection update causing 0xc0000005 error

April 2, 2014, 4:24 am
$
0
0
I need a solution

Hi all,

I would like to report an issue which is likely to be caused by Symantec Endpoint Protection 12.1, namely UMEngx86.dll. It seems that SEP is somehow messing up the Windows kernel so that C++/CLI interop functionality implemented in the Visual Studio 2013 linker is not working anymore.

I have implemented a bridge in order to call into managed CLR code from native C++ code via C++/CLI wrapper classes. The process is described here (http://blogs.microsoft.co.il/sasha/2008/02/16/net-to-c-bridge/) in detail. The idea is that a truly native C++ library (without CLR) is linked against a C++/CLI library which forwards calls to C# code. Thereby, stubs are injected by the linker into the C++/CLI build which load the CLR before executing the managed code. In detail, the native bridge code references the IL bridge via a forward declaration in the header file, while in the source file of the native bridge, the actual IL bridge header file gets included via “#pragma managed”. The C++/CLI based IL bridge references a C# class via the gcroot<> template and performs the actual marshaling between managed and unmanaged objects.

While this approach looks a bit adventurous, it used to work perfectly with Visual Studio 2013 (Update 1) until some weeks ago, when the bridge suddenly stopped working when building for a 32-bit target. ( The x64 target still works!) Instead, the executable crashes at startup, before the main method is reached, with an exception (0xc0000005) within ntdll.dll caused by an attempt to write to a protected memory location. I suspect this is due to an update to SEP introducing the faulty version of the UMEngx86.dll. The stack trace is as follows, as provided by IDA Pro:

Address  Function                                   
-------  --------                                   
76FB019A _LdrpSnapThunk@36+101                      
76FC0E66 _LdrpSnapIAT@12+8D                          
76FC16D1 _LdrpHandleOneOldFormatImportDescriptor@12+93
76FC171E _LdrpHandleOldFormatImportDescriptors@12+1E
76FC1619 _LdrpProcessStaticImports@8+D5F            
76FC6ACD _LdrpInitializeProcess@8-8F4               
76FC5712 __LdrpInitialize@8+98F5                    
76FBBEB4 ntdll_LdrInitializeThunk+B

It’s impossible to debug the EXE with the VS debugger since the application crashes before the debugger gets attached, no matter if the debugger is set to Native or Mixed Mode.

Notably, UMEngx86.dll gets not loaded when running the 64-bit build, which still works perfectly. Also, people in this forum experienced related issues:

https://www-secure.symantec.com/connect/forums/windows-server-2008-r2-sp1-symantec-endpoint-protection-sepoct-updates-0xc0000005

This crash can be reproduced by building and running a tiny sample solution with less than 100 LOC (see attachment).

Any help will be greatly appreciated!

Best regards,

Andy

Trying to find a previous DHCP address, wondering if SEP(M) keeps a log

April 2, 2014, 5:44 am
$
0
0
I need a solution

We have a server (XY) and XY had a DHCP address, the IP Address was released and renewed and it now has a new DHCP generated IP address.

We would like to know what the previous IP address was, would SEP(M) have any way to find this information?

Manually Generated Anomaly?

April 2, 2014, 6:04 am

Difference between "SEP full install or patch" and "self-installing executable"

April 2, 2014, 7:44 am
$
0
0
I need a solution

In the Push Deployment Wizard it give user a choice

 

Push_Deployment_Wizard.png

 

What is the difference between "Symantec Endpoint Protection full install or patch" and "self-installing executable"

Viewing all 10484 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>