Hello,
please help with SEP Application and Device Control policy.
On client PC and SEPM server is Current Policy Serial Numbers identical.
Device Control policy is set to block USBSTOR* devices, but I can stil use USB sticks.
Do you have any idea?
Thanks
Marek
I think I understand the answer to this but my co-worker wanted me to make sure. We run patches on our base VM images on a monthly basis so if we are understanding this correctly, the clientsideclonepregtool must be executed each time prior to the recompose of the VM's, correct?
I have run into a couple of client machines that the new package will not deploy to. I get all the way to the very last stage "Deploying" Total Progress and the indicator goes back and forth as per normal but after an hour of waiting on one client it never completes so I canceled the install. This happened yesterday and I had to restart the server (probably could have just restarted the services) in order to successfully deploy further packages.
There should be a log that I can look at to see why this is happening in the first place. I can't see anything that is our of the ordinary with the client. Can someone point me to a document that defines what logfile I need to check? Thanks everyone ...
My Company is running SEPM 12.1.6608.xxxx on Win Server 2008 R2 and we have Windows 7 Client systems. A file was placed on one of our shares and has propagated to other folders. It currently has not done any damage. We think symantec has recognized the file and stopped it from shutting down our server.
I would like to find the cllient system/s that dropped these files. Can SEPM provide me that information?
I can't seem to locate anything related to the files in SEPM.
See image for files
I believe the txt and the html may have the virus in it so I will not attach them to this post
I am very new to managing SEPM and have not had any formal training. This was recently handed to me.
Thanks,
mbelgen
At present we deploy SEP to our servers with AV/AS and PTP (both SONAR and ADC) installed. Currently we are working with support on an issue where a Hyper-V 2012 Datacenter cluster broke and MS's response was to get a workaround from Symantec. Preliminary data is suggesting a known issue involving ADC so I'm being asked to find out what is typical. I can't say I've seen best practice on what modules to run on servers (thought I may have just missed it) and our BCE recommends running AV/AS only with DCS in place. Was wondering what everyone out there might think as to the best way to go with servers? AV/AS only? With SONAR or all of PTP? Full install?
Hi All,
After I deply the client using Client Deployment Wizard, where can i check the command status?
I did not found any report/monitor logs that to verify the client is success deployed not.
Hello community,
At the moment I'm testing SEP to replace AVIRA on our network.
The clients are running fine, now I want to test SEP on the first server.
To handle all the needed firewall ports could be very complex on a few servers and I think about to install only the IPS component, not the firewall. What is your experience, is it running fine and make it sense to let the firewall uninstalled?
I mean Symantec made it possible in version 12 to separate these features - so I think to install only IPS is definetly an option to get more network protection without the complexe handling of firewall rules.
We talk only about internal servers I want to protect - public servers are on a much higher level of security and in another part of the network.
Your help and experience is much appreciated, thank you!
Microsoft will release the next Windows 10 Update (Anniversary) during the next 3 months.
Using the Insider Build Version 14295 which Microsoft has released some days ago (further details check https://blogs.windows.com/windowsexperience/2016/03/25/announcing-windows-10-insider-preview-build-14295-for-pc-and-mobile/?OCID=WIP_r_14_Body_LatestBuild) shows that the latest build of SEP 12.1.6 MP4 is not compatible.
This means that all machines using Windows 10 have to be updated with a newer / upcoming release of SEP, before Microsoft releases the Windows 10 Update (Anniversary), which will happens soon.
For planing / resource blocking for SEP Rollout - when can we expect a new version of SEP which runs with the summer update of Windows 10? Is there any workaround for SEP 12.1.6 MP4 available.
Thanks!
Hello,
I currently have majority of the containers setup without AD sync, however, i have a couple that are synced with AD. Does anyone know how often this syncs? Under Admin/servers/servername/right click properties/directory servers, doesnt have the syncrhonize with directory servers checked so i am not sure where else i can see this setting.
FWIW, if i select the AD container and click sync now, it works right away.
Thanks
So I'm trying to get a better handle on SONAR as there are some aspects that escape me. I was hoping this community could give me more assistance than the regular channels are.
I learned About SONAR here:
https://support.symantec.com/en_US/article.HOWTO80968.html
Can see the current definition version here:
https://www.symantec.com/security_response/definitions.jsp
Can supposedly test it using this (does not work for me):
https://support.symantec.com/en_US/article.TECH216647.html
Can supposedly see the logs using this procedure (13 entries from 20K + machines??):
https://support.symantec.com/en_US/article.HOWTO80749.html
Logging is enabled in all the requisite places, but I see almost no SONAR logs. Last week we experienced an issue where the SONAR defs dated 03/18/16, but actually released on 03/23/16, (grrrr!) were causing a conflict with one of our encryption applications. Turns out that if we either uninstalled/reinstalled the encryption application, or if we rolled back the SONAR Definitions (engine?) to 03/17/16, the problem of certian MS applications hanging the whole OS, went away. And now the 04/01/16 SONAR engine also works without issue (so what the heck changed??).
Questions:
Where can I see a history of SONAR releases??
Why the heck did Symantec have a SONAR Engine release on the 23rd, that was dated the 18th??
If SONAR was part of the issue, why did I not have HUNDREDS of SONAR log entries. Should I be looking somewhere else for SONAR events?
I keep hoping that if I understood SONAR better, some of this would make more sense to me...right now I feel like unchecking the SONAR box on my SEPM's and being done with it. #IsItReallyHelpingMe
When a local (at client PC) exception is defined, is it uploaded to the server or is it just defined on the local PC?
Thanks
Karl
I'm looking for an easy way to export the SEP exceptions for my site. Anyone have anything?
Hello,
I am trying to upgrade from Windows 7 to Windows 10, but can't uninstall Endpoint to do so. A few years ago (perhaps 2011), the IT department where I used to work installed Endpoint on my personal laptop, however it was never functional. When I log on to my laptop a window pops up with the message please wait while Windows configures Symantec Endpoint Protection. I attempted to allow it to finish numerous times when it was initially installed but it always got stuck halfway through the process. When the installation window pops up I simply cancel the process. However, now I want to uninstall it and I can't.
I tried the Symantec System Diagnostic Tool it hangs as well. Nevertheless, I proceeded on to Clean Wipe which I installed and attempted to use but received a fatal error and failure message. In addition, I also researched and found the instructions on how to manually uninstall but I really don't have the technical background to comfortably follow that process and will certainly do more harm than good. Is there anything else I can try short of engaging the services of an IT professional or backing up my documents and such then reinstalling only the software that I want?
Unexpected Error every 10 mins on SEPM console, I've checked the log at "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\logs\scm-server-0.log", an error obatined:
2016-04-07 15:33:19.895 THREAD 30 SEVERE: Unknown Exception in: com.sygate.scm.server.task.PackageTask
java.lang.NullPointerException
at com.sygate.scm.util.Utility.deleteDir(Utility.java:5011)
at com.sygate.scm.util.Utility.deleteDir(Utility.java:1313)
at com.sygate.scm.server.task.PackageTask.cleanupStaleContents(PackageTask.java:3431)
at com.sygate.scm.server.task.PackageTask.publishLiveUpdateDirectory(PackageTask.java:3188)
at com.sygate.scm.server.task.PackageTask.publishSecurityContents(PackageTask.java:755)
at com.sygate.scm.server.task.PackageTask.run(PackageTask.java:462)
at java.util.TimerThread.mainLoop(Timer.java:555)
at java.util.TimerThread.run(Timer.java:505)
How can I fix it?
Hi,
In one location how many GUP we can configure...Also wanted to know GUP machine communicated with SEPM.
any help would be appreciable.
Hi,
Is it possible to get the report on SEPM,when client was updated?Version of sepm 12.1.6
Due to the dramatic uptick in ransomeware infections, I've been tasked with locking down our (Windows 7 SP1 64-bit) laptops so that no unapproved/unknown applications can run. I updated our SEP server and clients to the latest version (12.1.6) and have created a test group with a small number of clients. Running in Whitelist mode with 'Test Before Removal', I've taken Fingerprint files on each of them and have tried both to add them individually, and also add them to the default File Fingerprint List. I'm having mixed results....
One one hand, I have a workstation that was having a common .exe block, so I re-ran and re-added its fingerprint file - so far, so good. On the other hand, the list of Unapproved Applications is upwards of 550 exceptions in less than five minutes, though I'm not seeing any notifications pop up. If the File Fingerprint list has been run and included for every client in this group, why are there so many exclusions? Pretty frustrating for sure.
Thanks!
I am having issues with duplicate VM images ...
Using the following document I have cleaned up my duplicate HW ID's. https://support.symantec.com/en_US/article.TECH163349.html
I ran the batch file again this morning and the text file shows no new duplicates. I copied the list of clients and pasted the information in a spreadsheet and am watching the management console and started noticing one of two things (2 to 3 will show up per hour) ...
This is very odd behavior especially since just yesterday I ran the repairclonedimage on all of the clients that were listed in the text file created from the createduphwidips.bat file. I ran that batch file today, and there are no duplicates. "No duplicate Hardware Key or Known Client Id(HostGUID) found."
I am running MS Server 2012 with a SQL backend. Please let me know if you have ever heard of this behavior and/or if you have and suggestions.
Thanks!
Hello,
Browser Intrustion Prevention enabled in SEP client (12.1.6168.6000)
Enable Symantec Vulnerability Protection add-on in IE 11.
Symantec Vulnerability Protection add-on is disabled after restarting IE 11.
Any ideas? Thanks.
Please be advised that install either build 14279 or 14291 with SEP 12.1.6 MP4 or below will cause BSOD Unexpected Kernel Mode Trap during third boot of upgrade during configuring settings at 99%. Even if you remove SEP and install Windows 10 builds and then re-install SEP it will crash at login screen with BSOD Unexpected Kernel Mode Trap.