Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all 10484 articles
Browse latest View live

How to get notified about new releases for SEPM and SEP

April 26, 2016, 1:51 am
$
0
0
I need a solution

Is there an update to this post?

https://www-secure.symantec.com/connect/forums/how...

As far as I can see the links to get notified on product updates no longer exist on the new support pages.

The solution marked as correct was:

  1. Navigate to Symantec’s Enterprise Support Home Page.
  2. Choose one of the product families listed under the Top Products section or click on theSupport Products A to Z link and navigate to the desired product landing page.
  3. Login using your SymAccount credentials by clicking on the Login link found on the upper right-hand side of the page.
  4. Click on the Product Alerts link, located on the right-hand side of the page.Click on the Subscribe: Email link found on the upper right-hand side of the page.
  1. After clicking on either of the subscribe links (SymWISE articles or Common Topics), you should see a confirmation screen. Click on the Subscribe button.
  2. To manage product-specific Software Alerts subscriptions, ensure you are logged in via SymAccount. Then click on the Manage Subscriptions link found on the right-hand side navigation menu under the MySymantec header.

After searching for "Symantec Endpoint" in "Products A-Z" I can't find a Product Alerts link as in step 4.

( Nor  can I find a "Top Products" link. )

Thanks

0
Search

How to monitor JSP files with Custom IPS Signature?

April 26, 2016, 3:11 pm
$
0
0
I need a solution

Hi guys!

One of my clients is asking if the IPS module of SEP can monitor the JSP files in their servers. They want to know when and who is using those files and the conections to databases that the files make, or see if in a network package for those files there are queries like SELECT, UPDATE and DELETE, also they want to give only some users privileges to use some of the JSP files.

Is this possible with a Custom IPS Signature?

Hope anyone can help me.

Greetings!

0

Computer not Showing up in SEP Man.

April 28, 2016, 7:56 am
$
0
0
I need a solution

I have been doing an audit of a client’s AD and found about 8 computers that have the current SEP client installed but do not show up in the management counsel.  I’ve removed the client software and reinstalled it.  I get an email that it has been deleted and re-added  but it still doesn’t show up.

Yes the computer is a member of the domain.

Yes I am a domain admin.

0

How to block a user's ability to disable Symantec Endpoint Protection on Clients

April 28, 2016, 8:27 am
$
0
0
I need a solution

So I figured this should be a popular request and sure enogh I found the tech note:

https://support.symantec.com/en_US/article.TECH102...

However there's no such thing as "Allow users to enable and disable Network Threat Protection"to uncheck?

180px_setp1.png

I do see "Allow the following users to enable or disable the firewall"but I do NOT see the first setting which the tech note calls for?

Thank you!

~B

0

1461884265

Machine search

April 29, 2016, 4:18 am
$
0
0
I need a solution

Is there a way to search multiple machines in the SEP console so I can move them to a different group? Thanks

0
1461929691

SEP client package

April 29, 2016, 4:44 am
$
0
0
I need a solution

I am trying to create a new SEP installation package and it runs but never completes. I let it going for 5 hr and ended up just canceling. Done the manager need internet connectivity to create a package? This console doesn't have internet.

0
1461935254

Can Symhelp run with services stopped

April 29, 2016, 8:00 am
$
0
0
I need a solution

Hello - I have a network of over 10000 PCs - we have found that there are about 100 - 200 PCs a day that are found to be on but the services have stopped for some reason.  I need to run Symhelp on a PC with this issue but the SEP services are stopped.  Will it work or does the services need to be started?  I need to find out why the services are stopping for some reason and not starting back up.  Service is set to auto.

0
1461942262

SymDiag - symdiag failed to schedule scan after restart

April 29, 2016, 1:14 pm
$
0
0
I need a solution

SymDiag - (latest version)

Error: "symdiag failed to schedule scan after restart"

When using SymDiag to do a scan including rootkit scan, it reboots, but fails to run. If I try to start over, it will generate the error above. Didn't find a fix on google, I'm thinking it may be a reg value on win7. Any suggestions?

0
Search

Old ver of SEPM / Windows 2012

May 2, 2016, 5:39 am
$
0
0
I need a solution

Hi all, I have a SEPM 12.1.671.4971 and I need to install sep client on Win 2012. From what I found this ver of SEPM dosent support Win 2012. Besides upgrading is there anything else that can be done? install newer ver of sep client?

Thanks

0
1462194041

SEP 12.1 RU6 MP4 - What gives?

May 2, 2016, 6:53 am
$
0
0
I need a solution

In March there was this forum announcement that MP4 had been released. Because there were security vulnerabilities announced for all previous versions, I downloaded the new version as soon as it was available on FileConnect, and just completed the upgrade. The version of that download was 12.1.6860.6400.

SEP Versions_0.JPG

On April 12th, there were indications of a newer version of MP4 being released because there was a post to the announcement above asking about the versions. On April 19th, the Symantec employee author of the original announcement wondered where 6860 came from, and hasn't been heard from since.

Last week I received a notification from the "Released Versions"TechNote that there was an update. When I went to the page, it said that the version number of MP4 is now 12.1.6867.6400, but no mention of what changed, other than the version number was different from what I downloaded from FileConnect.

I have a few questions.

  • Has anybody been able to find out why the version numbers changed?
  • Was there another security vulnerability?
  • Did the other security vulnerabilities not get fixed?
  • Do I need to do another upgrade?
  • Do I need to wait because one of the versions of MP4 breaks Windows 10? I don't know which version of MP4 breaks Windows 10, because the forum post doesn't specify which version of MP4. This probably doesn't apply to me because we're not rolling out that version of Windows 10 anyway, but it would be nice to know.
0

Block or delete files

May 2, 2016, 9:34 am
$
0
0
I need a solution

Hi,

Is it possible to block or delete some files by Symantec Endpoint Protection 12.1.4?

for examle to blcok file "document.js".

0

Need some Clarification on this

May 2, 2016, 9:41 am
$
0
0
I need a solution

Hi guys I have couple of things on which I would like to have you expert advise on.

1) when we execute any executable file usually a reputaiton lookup is performed on it to see whats the reputation of the file is on insight and a verdict is rendered on it ( I am not talking about Download Insight) now lets say for some reasons at that particular time when the file was executed there were some connectivity issues with Symantec reputation lookup couldn't be perfomed , then is it like this that when the connectivity is restored the lookup will be perfomed to see the reputation Or lookup is only iniated at the time of executation and if there is no connectivity then it will be simply skipped?

2) same scenerio as above but where we are focusing on while we are performing Schedule , On Demad and AP scans on files.

Thanks 

0

Cannot whitelist program

May 2, 2016, 12:56 pm
$
0
0
I need a solution

The 'normal' process to 'whitelist' files through the link https://submit.symantec.com/false_positive/standard/

In this link, a file or an url (that resolves the file) can be posted.

I am currently trying to install Docker 1.1 ... and get the following error

Scan type: Auto-Protect Scan

Event: Security Risk Found

Security risk detected: WS.Reputation.1

File: c:\data\tools\docker\dockertoolbox-1.11.1.exe

Location: Quarantine

Action taken: Quarantine succeeded

Date found: Friday April 29 2016  10:04:04 AM

The name of the program is “DockerToolbox-1.11.1”, and the url is https://github.com/docker/toolbox/releases/download/v1.11.1/DockerToolbox-1.11.1.exe

The issue ?

The file is to BIG to be uploaded .... and when the URL is provided ... it seems to 'time-out' ... 

In other words ... there is no way to white-list this file.

I've tried to 'harvest' e-mail from Symantec to let them know about this specific problem and the fact that there is no way to submit whitelist for large files .... without sucess

Hope that somebody out-there, from symantec, can help out.

Thanks in advance

0

Running SymDiag , error pop-up "out of memory" - SEP12RU6

May 3, 2016, 12:37 am
$
0
0
I need a solution

Hi,

I am trying to run the SymDiag - Proactive services option and I keep running into this error message? Any ideas?

Thanks in advance.

SQL 2012 - RAM 32GB

SEPM - Win 2008 - RAM 16GB

Clients: 51K +-

Error_SymDiagtool.JPG

0

sylink.xml replace problem, client MUST be deleted from SEPM first!?

May 3, 2016, 4:06 am
$
0
0
I need a solution

Hallo,

I have problem with replacing sylink.xml on the latest SEPM and clients (12.1.6 MP4 build 6867).

There is no problem to replace sylink (manually, GUI or sylinkdrop - each of method works successfull) BUT then client are still in the old (previous) group/container on the SEPM. Restarting smc.exe -stop / -start, restarting whole client pc, updating policy on the client - no success. Clients are still in the old group!

The only way is MANUALY DELETE client from SEPM console and THEN replace sylink (or update client policy if the sylink was already replaced before). But this steps must be done together (before hertbeat or refresh come).

Is this new bug?? Times ago there was no problem with replacing sylink (drop, replacer, xcopy ... just Tamper protection had to be off), so why it is not working now? I use SEP/SEPM nearly 10 years but this I a have never see before.

Please can you prove or disprove it please? Thank you!

Ondrej

0
Search

Action Type

May 3, 2016, 12:26 pm
$
0
0
I need a solution

Hi,

I am trying to figure out the meaning of "Action Type: 55" in the following log. Is there an action types table somewhere?

2016-03-28T09:15:35-07:00 ABC-001 SymantecServer: ABC09,Blocked,'C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin\ccSvcHst.exe',,Begin: 2016-03-28 08:59:26,End: 2016-03-28 08:59:26,Rule: ,1888,C:\PROGRAM FILES (X86)\KINGSOFT\KSDEF\KSDEFSERVER.EXE,0,,C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin\ccSvcHst.exe,User: SYSTEM,Domain: ,Action Type: 55,File size (bytes): ,Device ID: 

Thanks,

0

Submissions to Symantec

May 3, 2016, 1:32 pm
$
0
0
I need a solution

I'm considering whether to turn this on or off in our new environment.  I've read the info here:

http://www.symantec.com/connect/articles/submitting-information-about-detections-symantec-security-response

Can someone tell me a little more about how enabling these settings would benefit the security of our company?  Also, how much data would be uploaded through our network?  Does the data go from our client to the SEPM and then out to Symantec, or does it go directly from the client to Symantec?

0

DoScan.exe output to console?

May 3, 2016, 2:33 pm
$
0
0
I need a solution

Hi all,
I'm trying to run DoScan through the command line from my website, but I'm unable run the scan or see anything in the logs.  I see the logging when I manually run through the command line on the server itself.  I don't see anything in the console that way either.  Is there any way to get the output written to the console or does it only write to the log?  And any ideas as to why I cannot get the scan to run from the website?  I gave the user running the app pool full permissions to the Symantec folder in program files and program data thinking it was permission issues, but was unsuccessful with that as well.

0

DWH files appear in "Still Infected"

May 3, 2016, 10:47 pm
$
0
0
I need a solution

We have DEFWATCH files as shown.

What should be done to these files. Are they infected or quarantined? How can we remove such files if not infected from the Defwatch Scans?

0

Best Practice for Upgrading SEPM 12.1.5 RU5 Build 5337

May 4, 2016, 12:24 am
$
0
0
I need a solution

Hi,

is there a docu for an upgrade to SEPM 12.1.6 ?

Will all settings remain ?

Many thanks in advance

0
Viewing all 10484 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>