Hello,
I have been getting the below error msg on a Windows 7 Client with SEP 12.1.5
The Host integrity component is Malfunctioning
Error:
Fail to execute Host Integrity check
Error Type: 0x02000008, Error Code: 0x00000000
Hello - our ISO office sent me an email stating they got notification that a virus was detected but left alone. I checked the users hard drive and the file in question was not there anymore. Is there a way to print out a report that will tell us how it was removed.
Is there a way to read a users SEP logs without logging onto the users PC? like can i get the info from the SEPM.
If I sent a full scan to a user from the console - how do i find out the results of the scan?
I have updated our SEPM to the latest version (12.1.6 - (12.1 RU6 MP4) - 12.1.6860.6400) and exported Basic protection for servers installer for x64. Have installed it on various servers, but on one server setup launches, then SsaWrapper process appears and quits, then setup.exe quits also and nothing happens. The server is Windows Server 2008 R2 and i have already updated a few other servers with the same OS without problems. The server is currently running 12.1.6 - (12.1 RU6 MP1) - 12.1.6318.6100 client. I have tried uninstalling older client first, but it didn't help. Older client installs correctly with an exported setup.
This server has Ysoft SafeQ server running on it (java, tomcat, postgresql). I have tried stopping all the services of that system, but this didn't help either. And it never was a problem before, so probably not the cause.
Can't find any logs to see what is happening. EventLog also doesn't show any related errors.
Hi guys , can anyone please tell me how can I verify which port is being used for Web services without running the management server configuration wizard?? By default it uses 8446 however it was changed.
Is there any configuration file like http.conf where I can see ports that are being used??
Thanks and Regards
Is there an update to this post?
https://www-secure.symantec.com/connect/forums/how...
As far as I can see the links to get notified on product updates no longer exist on the new support pages.
The solution marked as correct was:
After searching for "Symantec Endpoint" in "Products A-Z" I can't find a Product Alerts link as in step 4.
( Nor can I find a "Top Products" link. )
Thanks
Hi guys!
One of my clients is asking if the IPS module of SEP can monitor the JSP files in their servers. They want to know when and who is using those files and the conections to databases that the files make, or see if in a network package for those files there are queries like SELECT, UPDATE and DELETE, also they want to give only some users privileges to use some of the JSP files.
Is this possible with a Custom IPS Signature?
Hope anyone can help me.
Greetings!
We recently did a patch update to our Windows Server 2008 R2 x64, and since I am unable to login to the Symantec Endpoint Protection Management Console on the server.
After login attempt I check the services, and the Symantec Endpoint Protection Manager service stops with the following errors in the event log:
Faulting application name: httpd.exe, version: 2.4.6.235, time stamp: 0x559f69ad
Faulting module name: secars.dll_unloaded, version: 0.0.0.0, time stamp: 0x55fbffc5
Exception code: 0xc0000005
Fault offset: 0x6ca290c0
Faulting process id: 0x6f4
Faulting application start time: 0x01d1a00946db8476
Faulting application path: D:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\apache\bin\httpd.exe
Faulting module path: secars.dll
Report Id: 855c419a-0bfc-11e6-805f-005056a61a6a
I am attempting to login from the Management Server itself.
On my main management screen the status suddenly became RED and says Security Status - Attention Needed.
When I click View Details it opens up but everything is showing green.
Im using SEPM 12.1.
Refered to this https://support.symantec.com/en_US/article.TECH164272.html and checked the date format and it is already in MMDDYY.
Still not changing to GREEN.
PLEASE HELP.
I recently began testing the SEP Host Integrity policies. We activated rules for antivirus, firewall, and Altiris to be required but put them in pass but log mode. In the time frame that this was done, workstations in one of two buildings had the programs listed in 'Uninstall or change a program' replaced with a message that the 'System Administrator Has Disabled Programs and Features.' Our senior network engineer has placed blame for this event on SEP and so I am inquiring if anyone has experience with the Host Integrity Policy doing this without a specific rule being added. My main reason for doubting SEP as the cause is that this issue only occurred in one of two buildings where the changes were made.
I'm starting my 12.1.6 MP4 upgrades and have a question on reboots. I have to schedule my server reboots during a maintenance window. What are the ramifications of installing MP4 during the week and then don't reboot until the weekend maintenance window when patches are applied?
If the client is pending a reboot, will the server still be 'protected'? Will the server continue to recieve new signatures? Or is the client just 'stuck' until a reboot enables the new MP4 client?
Appreciate the help!.....
Is it possible to set up a policy that so when the SEP client is installed on a server/workstation it disables the Windows Firewall?
Hi,
Is there a way to look at my list of out-of-date workstations sorted by Group? It would make cutting them down and fixing them much simpler.
I've been looking at SQL lately, so this could be my first actual use of it. If this is done through SQL, please give me the process as someone who has no idea where to go to do that. Can I do SQL stuff on a remote workstation that only has access through the Java terminal? What programs would I use?
Hi guys!
I have a SEPM 12.1.6 MP4 in a lab and a client enabled as Unmanaged Detector, but this client does not detect anything in the network.
Any idea what is causing this?
Hope sombody can help me.
Greetings!
can find SEP12 a virus what is compressed as a TGZ on a Windows 7 system.
on my system with SEP 12 there will not find any virus in a TGZ compressed file. If the file without compresion there will find the file and delet the virus.
Hi,
I would like to change the "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\content" folder to a different drive on the server. For this I tried the following;
1. Stopped all SEP related services.
2. Added a new disk to system without a drive letter.
3. Copied all files&folders in content folder to this new drive.
4. Deleted all files&folders in content folder.
5. Mounted this new drive to content folder.
6. Started all SEP related services.
After staring services tomcat seems to able to access content folder and download new definitions and other contents. But agents couldn't download definitions from SEPM. In the event log of agent's there were some events with message "Content download to the client failed." with event id 201. Also from agent machine I tried to open the http url which is contained in the event logs "http://sepm:8014/content/%7BD6AEBC07-D833-485f-9723-6C908D37F806%7D/160405012/xdelta160405012_To_160418011.dax" and it gives http 403 error code.
After these foundings I reversed the configuration which I made and everything got back working without any problems.
Was that a wrong approach or am I missing something about configuration ? May be tomcat can not work with mounted drives ?
P.S.: The reason I am trying to change this folder to another drive is; SEPM is running on Hyper-V environment and Hyper-V Replica is activated for this server. And as content folder is continuously changing, this increases Hyper-V Replica data transfer sizes. If I can able to change this folder to another drive then I will exclude this disk from Hyper-V Replica and it will be fine.
Hello,
I have been getting the below error msg on a Windows 7 Client with SEP 12.1.5
The Host integrity component is Malfunctioning
Error:
Fail to execute Host Integrity check
Error Type: 0x02000008, Error Code: 0x00000000
Hello - our ISO office sent me an email stating they got notification that a virus was detected but left alone. I checked the users hard drive and the file in question was not there anymore. Is there a way to print out a report that will tell us how it was removed.
Is there a way to read a users SEP logs without logging onto the users PC? like can i get the info from the SEPM.
If I sent a full scan to a user from the console - how do i find out the results of the scan?
I have updated our SEPM to the latest version (12.1.6 - (12.1 RU6 MP4) - 12.1.6860.6400) and exported Basic protection for servers installer for x64. Have installed it on various servers, but on one server setup launches, then SsaWrapper process appears and quits, then setup.exe quits also and nothing happens. The server is Windows Server 2008 R2 and i have already updated a few other servers with the same OS without problems. The server is currently running 12.1.6 - (12.1 RU6 MP1) - 12.1.6318.6100 client. I have tried uninstalling older client first, but it didn't help. Older client installs correctly with an exported setup.
This server has Ysoft SafeQ server running on it (java, tomcat, postgresql). I have tried stopping all the services of that system, but this didn't help either. And it never was a problem before, so probably not the cause.
Can't find any logs to see what is happening. EventLog also doesn't show any related errors.
Hi guys , can anyone please tell me how can I verify which port is being used for Web services without running the management server configuration wizard?? By default it uses 8446 however it was changed.
Is there any configuration file like http.conf where I can see ports that are being used??
Thanks and Regards