Questions Regarding SEPM Upgrade and Disaster Recovery

April 10, 2016, 12:41 am

≫ Next: Proactive Threat Protection shows very OLD definitions ( 1 year older)

I need a solution

Hello everyone , I am required to performed few tasks. I have prepared a plan of action for achieving these tasks, but before moving forward with this plan I would like to have your expert opinions and suggestions.

Part1:- ( SEPM and endpoints upgrade from 12.1.5 to 12.1.6 MP4)

Once we decide to upgrade 12.1.5 clients running all the protection components after upgrade either via the AutoUpgrade from the SEPM server or manually running the exported package after SEPM has been upgraded would there be a restart required as part of the upgrade from 12.1.5 or no restart is required?
On servers having the AV component installed only once we perform the upgrade would there be any restart required to complete the upgrade?

Part 2:- ( Disaster Recovery)

Currently we have two SEPM servers running with an SQ backend . This DB currently resides on one of the SEPM servers.Now we intend to move the DB to one of the production SQL servers from SEPM server.

What is the correct approach of doing this , to perform the DR in the following way.

1. Take the Backup of the DB. Prepare an instance on the production SQL server and attach this database taken as a backup there.

2. Once the DB is attached successfully to an instance on the production SQL server , run the Management Server Configuration Wizard on each of the production SEPM servers and use the recovery file and during the Database connection setup specify the details for the production SQL server and database so that it can be connected.

3. By using the above steps can we achieve the required task without impacting anything ?

Your kind responses would be highly appreciated. Please let me know if you have any further questions or clarificaitons.

Thanks and Regards

1460360619

↧

Proactive Threat Protection shows very OLD definitions ( 1 year older)

April 10, 2016, 1:39 am

≫ Next: Couple of Issues with SEP regarding Disabled and Out of Date Clients

≪ Previous: Questions Regarding SEPM Upgrade and Disaster Recovery

I need a solution

We have SEPM Server which run 12.1.6 RU6 in our environment. This server is responsible for amanaging the endpoints in our environment. There are 5000+ endpoints .The SEPM server had a SEP client which is receiving latest SONAR updates from Server Side SEPM.

Last LiveUpdate is Sunday10th April

Contents are downloaded as attached

Firstly, which feature updates Proactive Threat Protection? SONAR or Truscan?

Multiple clients are showing different Proactive Definition dates.

We need to Update all the clients with latest Proactive Definitions from SEPM.

Need your quick valuable suggestion.

↧

Couple of Issues with SEP regarding Disabled and Out of Date Clients

April 11, 2016, 12:57 am

≫ Next: SEP SBE to SEP EE

≪ Previous: Proactive Threat Protection shows very OLD definitions ( 1 year older)

I need a solution

Hi guys, I am facing couple of issues with SEP endpoins regarding them being appearing as Disabled and Out of date on SEPM servers. Version of SEPM is 12.1.5 and clients are running a mix of 12.1.5 , 12.1.4 and 12.1.3.

Out of Date Clients.

Mostly the following components are shown as out of date on SEPM report. Screenshot Attached

AV, IPS, Sonar, Download Protection

OS of machines varies from Windows7, Server 2008 R2,

Diabled Clients.

Mostly the following comports are showing as malfunctioning in SEPM Report.

AP, Sonar, Download Insight, Temper Protection.

OS of machines are windows 7 ( all protection components are installed) and Server 2008 R2 and Server 2012 only the AV component installed and Download Insight. Screenshot Attached.

I would really appreciate your support in getting the root cause of as what is the reason for the above behaviors and how can we fix without reinstalling the agent.

Thanks and Regards

↧

SEP SBE to SEP EE

April 11, 2016, 6:12 am

≫ Next: Symantec Endpoint Protection 14.0 on my LUA

≪ Previous: Couple of Issues with SEP regarding Disabled and Out of Date Clients

I need a solution

Hi,

I hope this is being posted in the correct forum, if not please move.

I am upgrading our SEP SBE 12.1.5 to SEP EE 12.1.6. My question is will the clients automatically update to the latest verstion (12.1.6) or will I need to manually push the update from Install Packages > Upgrade Clients With Package.

If I need to manually push this update what is the best way to do this since the packages are 32 and 64 bit? Our groups are sorted by Servers / desktop not OS type.

Thanks.

↧

Symantec Endpoint Protection 14.0 on my LUA

April 11, 2016, 8:16 am

≫ Next: Have to upgrade 12.1.4. Should I go to 12.1.6 MP4?

≪ Previous: SEP SBE to SEP EE

I need a solution

So I happen to notice that Symantec Endpoint Protection 14.0 showed up as an option on my LUA over the weekend. Does any one have any information on that SEP version? Is it the next release of SEP after 12.2?

Thanks for any input,

-Mike

↧

Have to upgrade 12.1.4. Should I go to 12.1.6 MP4?

April 11, 2016, 11:27 am

≫ Next: Using System Lockdown to all Applications running only from Program Files

≪ Previous: Symantec Endpoint Protection 14.0 on my LUA

I need a solution

I've SEPM 12.1.4 running on a Windows 2008 R2 server with about a 1000 clients. We are deploying a few Win 10 machines soon which 12.1.4 does not support. So I have to upgrade and I am trying to figure out what the best or the most stable version to upgrade to is? Should I upgade to 12.1.6 MP4 or is there a better version somewhere along the way?

I'm going to upgrade SEPM and most of the desktops but I don't plan on upgrading the client on the servers rigth away. I plan on doing that when I can actually reboot the servers. Will this be OK if I have 12.1.4 clients reporting to SEPM 12.1.6 for a few months?

Other option is to push 12.1.6MP4 clients but continue using 12.1.4 SEPM. Could this cause any kind of unstability?

Any time frame on 12.2? Should I hold off for that?

↧

Using System Lockdown to all Applications running only from Program Files

April 11, 2016, 1:06 pm

≫ Next: Endpoint 12 cant see network

≪ Previous: Have to upgrade 12.1.4. Should I go to 12.1.6 MP4?

I need a solution

Hello everyone , I have a requirement. We need to use System Lockdown to Allow application to be only executed from Program files but not from any other directory or folder, except from the Program files. How can I achieve this using System lockdown.

Appreciate your support. Thanks

↧

Endpoint 12 cant see network

April 11, 2016, 2:12 pm

≫ Next: Upgraded to SEPM 12.1.6 Unable To Login

≪ Previous: Using System Lockdown to all Applications running only from Program Files

I need a solution

Hello I upgraded our backup exec to 15 and after doing that all of the sudden the symantec endpoint protection manager is no longer to see the clients on the network. Do i have to upgrade the endpoint protection manager too???

↧

Upgraded to SEPM 12.1.6 Unable To Login

April 11, 2016, 4:44 pm

≫ Next: Issue with Symantec SEP whitelist ( System lockdown) features

≪ Previous: Endpoint 12 cant see network

I need a solution

I upgraded to SEPM 12.1.6 without issue but now I am not able to login with admin/admin

Tried the reset password option but it said I need to contact the administrator to enable password resets?

Any ideas?

↧

Issue with Symantec SEP whitelist ( System lockdown) features

April 11, 2016, 10:57 pm

≫ Next: Logon user is not updating

≪ Previous: Upgraded to SEPM 12.1.6 Unable To Login

I need a solution

Hi ,

Previously we did some testing of whilelisting on SEP verison 11. We have run the tool and whitelisted the programs and apps which needed and things went well until the microsoft patches push installation. The pc went hang and there isn't anywhere to recover but to format them. As whitelisting will prohibit all new installation of patches or apps to install, how can we aviod this issue to happen again in SEP 12?

Thanks and regards

Chris

↧

Logon user is not updating

April 12, 2016, 5:16 am

≫ Next: Notifications reporting with 'No Data'

≪ Previous: Issue with Symantec SEP whitelist ( System lockdown) features

I need a solution

Hi,

After installing the latest SEP client and SEPM, we noticed that the Logon User or Computer is not updating. We tried to reinstall the SEP client but the problem persists wherein the current user of the workstation is not the one listed in SEPM as the logon user. What is the workaround for this issue?

Thanks,

Jen

↧

Notifications reporting with 'No Data'

April 12, 2016, 6:55 am

≫ Next: Obatin RU6 MP4 package for our SEPM

≪ Previous: Logon user is not updating

I need a solution

Hello, I've recently setup notifications for email with our SEP server. The notifications that come in are usually not helpful and contain messages such as...

"Found 1 or more security events. Actual number of security events found was 74 in 1 minutes.
Security events included:
Compliance, Device Control, Network Threat Protection, Traffic, Packet and Application Control."

But when I look further in the email, it's a lot of pie charts with 'No data'

And sometimes it will come in with data, but I would say 80% of the time it's 'No data'.

Did I configure something incorrectly in notifications?

↧

Obatin RU6 MP4 package for our SEPM

April 12, 2016, 1:02 pm

≫ Next: Detection Disconnect.

≪ Previous: Notifications reporting with 'No Data'

I need a solution

Hi guys,

What would be the best way to obtain the package above?
We just upgraded to 12.1.6 couple weeks ago and i sae that MP4 (we currently have mp3).

Thanks!

↧

Detection Disconnect.

April 12, 2016, 4:02 pm

≫ Next: SEPM Password Lost

≪ Previous: Obatin RU6 MP4 package for our SEPM

I need a solution

Hello - I recently installed the latest version of SEP. I have been asked if the new version has the capability to disconnect a computer from the network using the SEP Management Console? Say when it detects malware (mainly ramsom ware), we’d like to disconnect the computer to prevent further infection.

1460502703

↧

SEPM Password Lost

April 13, 2016, 12:04 am

≫ Next: Reputation check for unproven files failed

≪ Previous: Detection Disconnect.

I need a solution

Hi,

We have lost the SEPM password and we are unable receive any password reset email to the associated email address with 'forgot your password?' option.

Kindly help us to fix this email issue as we don't want to perform disaster recovery.

Best Regards,

Asif.

↧

Reputation check for unproven files failed

April 13, 2016, 5:06 am

≫ Next: Control Log \ vmtoolsd.exe

≪ Previous: SEPM Password Lost

I need a solution

Does anyone know what this is? I cant find anything wrong. Thanks

↧

Control Log \ vmtoolsd.exe

April 13, 2016, 5:56 am

≫ Next: Upgrading from 12.1 to 12.6

≪ Previous: Reputation check for unproven files failed

I need a solution

Hello, my friends!

Every 30 minutes, I get the Client Management Logs:

120px_!.png

What does it meens? Somthing wron with my vmware tools?

1460618445

↧

Upgrading from 12.1 to 12.6

April 13, 2016, 7:22 am

≫ Next: Web Services SDK: Move Group of Clients function

≪ Previous: Control Log \ vmtoolsd.exe

I need a solution

i cannot install my current version for windows 10 users..

How can i upgrade my pack to 12.6 so that it will comaptible with all users.. ?

↧

Web Services SDK: Move Group of Clients function

April 13, 2016, 7:44 am

≫ Next: SEP 12.1.6MP4 not installing on fresh Windows 10

≪ Previous: Upgrading from 12.1 to 12.6

I need a solution

I didn't find on SEP Web Services for Remote Management API any class or parameter that allow to move clients to specific group.

Did I missed something?

Best Regards

↧

SEP 12.1.6MP4 not installing on fresh Windows 10

April 13, 2016, 11:25 am

≫ Next: Error when trying to delete server from the Local Site "This feature is not supported for remote sites"

≪ Previous: Web Services SDK: Move Group of Clients function

I need a solution

I am trying to install a new package SEP client onto a Windows 10 system with no other AV products on it. In the past I have accomplished this by exporting the package I want to install from the SEP Management server Install Packages area. This gives me a single .exe configured with the setting I want installed or left out, and puts the client in the group I want it to go into. I copy the exported .exe file onto a thumb drive, copy onto the system I want it to install on, then execute it. On this Windows 10 system (on every Windows 10 system I've tried it on) the install fails. Here are some portions of the SEP_INST.log:

ScriptGen: ShowServiceProgress() MSIRUNMODE_SCHEDULED

ScriptGen: ShowServiceProgress() calling WaitForSingleObject(scriptStarted) ...

ScriptGen: ShowServiceProgress() WaitForSingleObject(scriptStarted) returned WAIT_OBJECT_0

Action 14:07:42: ShowServiceProgress. Executing install script via service

Action 14:07:42: ShowServiceProgress. Installing services

ShowServiceProgress: incrementing tick

Action 14:07:42: ShowServiceProgress. Installing services

ShowServiceProgress: incrementing tick

Action 14:07:42: ShowServiceProgress. Creating shortcuts

ShowServiceProgress: incrementing tick

Action 14:07:42: ShowServiceProgress. Writing registry keys and values

ShowServiceProgress: incrementing tick

Action 14:07:42: ShowServiceProgress. Writing registry keys and values

ShowServiceProgress: incrementing tick

ShowServiceProgress: incrementing tick

ShowServiceProgress: incrementing tick

ShowServiceProgress: incrementing tick

ShowServiceProgress: incrementing tick

ShowServiceProgress: incrementing tick

ShowServiceProgress: incrementing tick

ShowServiceProgress: incrementing tick

ShowServiceProgress: incrementing tick

ShowServiceProgress: incrementing tick

ShowServiceProgress: incrementing tick

ShowServiceProgress: incrementing tick

ShowServiceProgress: incrementing tick

ShowServiceProgress: incrementing tick

ShowServiceProgress: incrementing tick

ShowServiceProgress: incrementing tick

ShowServiceProgress: incrementing tick

ShowServiceProgress: incrementing tick

ShowServiceProgress: incrementing tick

ShowServiceProgress: incrementing tick

ShowServiceProgress: incrementing tick

ShowServiceProgress: incrementing tick

ScriptGen: ShowServiceProgress() script execution failed.

ScriptGen: ShowServiceProgress() reset script failure event.

ScriptGen: ShowServiceProgress() is returning an error (so close to the end!)

CustomAction ShowServiceProgress returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)

Action ended 14:08:10: InstallFinalize. Return value 3.

------------------------------------------------------------------------------

MSI (s) (24:8C) [14:14:09:458]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI9032.tmp, Entrypoint: CommunicateRollback

Communicate RB: calling communicate state with the following arguments:

Communicate RB: Prodversion = 12.1.6608.6300

Communicate RB: PathToSylink = C:\Users\barnes_overwest\AppData\Local\Temp\Symantec\

Communicate RB: Oldversion =

Communicate RB: ReasonStr =

Communicate RB: StatusCode = 302469120

Communicate RB: Communicator failed to communicate.

MSI (s) (24:CC) [14:14:09:958]: Executing op: End(Checksum=0,ProgressTotalHDWord=0,ProgressTotalLDWord=0)

MSI (s) (24:CC) [14:14:09:958]: Error in rollback skipped. Return: 5

MSI (s) (24:CC) [14:14:10:176]: No System Restore sequence number for this installation.

MSI (s) (24:CC) [14:14:10:176]: Unlocking Server

MSI (s) (24:CC) [14:14:10:192]: PROPERTY CHANGE: Deleting UpdateStarted property. Its current value is '1'.

Action ended 14:14:10: INSTALL. Return value 3.

------------------------------------------------------------------------------

Property(S): ProductToBeRegistered = 1

MSI (s) (24:CC) [14:14:10:286]: MainEngineThread is returning 1603

MSI (s) (24:B8) [14:14:10:286]: No System Restore sequence number for this installation.

MSI (s) (24:B8) [14:14:10:286]: User policy value 'DisableRollback' is 0

MSI (s) (24:B8) [14:14:10:286]: Machine policy value 'DisableRollback' is 0

MSI (s) (24:B8) [14:14:10:286]: Incrementing counter to disable shutdown. Counter after increment: 0

MSI (s) (24:B8) [14:14:10:286]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2

MSI (s) (24:B8) [14:14:10:301]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2

MSI (s) (24:B8) [14:14:10:301]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1

MSI (s) (24:B8) [14:14:10:301]: Destroying RemoteAPI object.

MSI (s) (24:38) [14:14:10:301]: Custom Action Manager thread ending.

MSI (c) (58:A0) [14:14:10:301]: Back from server. Return value: 1603

MSI (c) (58:A0) [14:14:10:301]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1

MSI (c) (58:A0) [14:14:10:301]: PROPERTY CHANGE: Deleting SECONDSEQUENCE property. Its current value is '1'.

Action ended 14:14:10: ExecuteAction. Return value 3.

I tried to install twice on this system. First just clicking the .exe file and answering the UAC prompt. The restarted the computer and tried again right-clicking the .exe file and running as administrator. Both instances failed. Ideas??

↧