Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all 10484 articles
Browse latest View live

External Logging to Syslog server not working

May 25, 2016, 10:26 pm
$
0
0
I need a solution

We have symantec 12.1.6 - external logging is enabled . This was working fine until few days back when we found that no logs are

received from SEPM to RLC - Remote log Collector

Is there any troubleshooting we can do to confirm configuration from SEPM is working fine ? Is there any logs in SEPM  we can check ?

I have run through below article https://support.symantec.com/content/unifiedweb/en_US/article.TECH234688.html

however upgrade has happened some months  back and issue appeared only few days back. So I believe this is not related to the

upgrade.

0
Search

Workaround for Remote deployment of SEP on multiple Linux machines

May 26, 2016, 12:44 am
$
0
0
I need a solution

Hi All,

I'm looking for workaround or way to install SEP on multiple remote Linux machines.  As I'm aware that SEPM doesn't have any deployment tool for Linux but I would like to address this issue as most of our systems are at remote location and getting putty session copying the files remotely is quite different and a lot of change request needs to be done.

Any help or suggestions are highly appreciated 

Thanks,

-Syed Hussain

0

Need vietool download for SEP version 12.1.6.MP3

May 26, 2016, 1:15 am
$
0
0
I need a solution

We need vietool.exe for SEP version 12.1.6.MP3

Is it still available for download somewhere? I now have only access to 12.1.6.MP4 (latest version)

0

Replication Failed (Failed to submmit)

May 26, 2016, 8:36 am
$
0
0
I need a solution

Hi guys!

I have a SEPM 12.1.5 with a replication partner and it was working good. Last night it failed to replicate so, I try to make it manually and in the logs I see this:

26 de mayo de 2016 10:24:15 AM CDT:  Replication from remote site Site SCDSAV03 to local site Site SCDSAV02 finished unsuccessfully  [Site: Site SCDSAV02]  [Server: SCDSAV02]
26 de mayo de 2016 10:24:15 AM CDT:  Unexpected server error.  [Site: Site SCDSAV02]  [Server: SCDSAV02]
26 de mayo de 2016 10:24:15 AM CDT:  Unable to fetch changed data from remote site [Site SCDSAV03]: Failed to save downloadedContent for 

ContentReplicationDetail:
FullPath= E:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\data\temp\replication12CAC22E0A0115DC00EF17E90BDE9BA91464274954300\content\{810D5A61-809F-49c2-BD75-177F0647D2BA}\160525017\Full
fullFolderExists=true fileCount=5
clientMoniker= {810D5A61-809F-49c2-BD75-177F0647D2BA} serverMoniker= {C5B1F4E2-0AB4-F6D4-00D3-77DFC6E95DE1}
sequenceNum= 160525017 sequenceTag= CurDefs product=SEPM Iron Revocation List 12.1 RU5
version=MicroDefsB.CurDefs language=SymAllLanguages luType=686
deltaFileName=E:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\data\temp\replication12CAC22E0A0115DC00EF17E90BDE9BA91464274954300\content\{810D5A61-809F-49c2-BD75-177F0647D2BA}\160526003\xdelta160526003_To_160525017.dax
deltaExists=true deltaSource=160526003 deltaTarget=160525017
fullFolderPathForDeltaSrc= E:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\data\temp\replication12CAC22E0A0115DC00EF17E90BDE9BA91464274954300\content\{810D5A61-809F-49c2-BD75-177F0647D2BA}\160526003\Full
PhysicalFile= E:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\data\temp\replication12CAC22E0A0115DC00EF17E90BDE9BA91464274954300\metadata\BASIC_METADATA\092D7CB18C63D1EF0BE8EE42CBDE1657
BinaryFile= E:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\data\temp\replication12CAC22E0A0115DC00EF17E90BDE9BA91464274954300\metadata\BINARY_FILE\EA570B9F8AE88D412F61B1B41C0AC865 code=-1  [Site: Site SCDSAV02]  [Server: SCDSAV02]

Someone knows what's going on?

Hope yo can help me.

Greetings!

0

HI Policy Working for Part of the Population

May 26, 2016, 12:04 pm
$
0
0
I need a solution

We are running SEP 12.1.6 MP4 on three Server 2012 R2 Standard SEPMs.  We set up locations for our workstations in response to applications that still needed us to run IE 8 on some machines.  We set up the policy initially to detect registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version Vector\IE = 8.0000.  When the value is detected iexplorer.exe is blocked from access to anything outside a 1918 address and a white list.  In testing it worked brilliantly and we rolled it out to the workstations in phases.  

It has, however, recently come to my attention that three members of the IT Security Commitee for one one of our hospitals are running IE 8 and have normal access to the internet.  I spoke with tech support and they told me that I either a)  need to set the Quarantine location to default or b)  add another location for NOT that registry value.  I also noticed that in the groups General Settings remember location is checked.

I started by moving these three individuals to a seperate group and copied the policies from their original group and unchecked the remember location toggle. They reported in, downloaded the new policy but did not move.  I next moved on to select the Quarantine location as the default but again they checked in, updated but did not move.  As a third step I created a rule for an Access location that does NOT have the registry value but only got the same result.  At this point the Access location is the default and is the first in my list of locations, Quarantine is second in the list and the Default group is disabled and I am seeing no result in the Client Activity log.

This is working for a number of clients as we have had 1225 switch to the Quarantine group in the past week.  The next step is to reach out to work on the user's machines.  I was just wondering if anyone had any ideas as to the described set up.

0

Load Balancing Console Access for Admins

May 26, 2016, 12:16 pm
$
0
0
I do not need a solution (just sharing information)

I know there is the load balancing/failover solution for clients checking into SEPM but I am looking to implement load balancning for my admins logging into the SEPM console. We have over 100 administrators and I do not want at any point one of our 3 management hosts to become overloaded because they are all logging into one directly at the same time. I would like to implement load balancing this access through an F5. Or if one host is down, when an admin logs into the load balancer name they will be redirected to available hosts. 

Example:

server1.domain.com:8443
server2.domain.com:8443
server3.domain.com:8443

Users typically log into any of the above 3 server names to the manager console.

I would like them to log into sepmserver.domain.com:8443 instead. Which this would hit the F5 load balancer and their session would be directed to any of those 3 hosts. 

Again, this is for Console log in to administrer policies and clients not clients checking into SEPM. We already have that set up with Management Lists. 

My environment does have AD authenication and SQL setup. 

Is anyone doing this or with round robin in DNS? Symantec support said it isn't supported but just curious from the community.

Thanks!

0

Linux Ubuntu 16.04 LTS with kernel 4.4

May 27, 2016, 1:34 am
$
0
0
I need a solution

Hello,

I have noticed that it is not possible to compile autoprotect on a Linux Ubuntu 16.04 LTS with kernel 4.4.
When will you release support for Ubuntu 16.04 LTS with kernel 4.4 or is there a workaround to get SEPFL working with autoprotect on a Ubuntu 16.04 LTS operating system?

Thank you.

Best regards,
Joern
 

0

Not able to login to SEPM console

May 27, 2016, 2:10 am
$
0
0
I need a solution

Hi,

Not able to login to SEPm console,restarted the sepm services,still not able login...Please help on this

0
Search

Not able to login to SEPM console,veersion of SEPM is 12.1.6 and all the SEPm services running

May 27, 2016, 5:02 am
$
0
0
I need a solution

Hi,

Not able to login to SEPM console,version of SEPM is 12.1.6 and all the SEPm services  are up...

Getting error"he Symantec Endpoint Protection Manager database has gone down and needs immediate attention"

SQL and SEPm are in diffrent systems.I am trying to reconnect the DB using wizard

"The certificate on disk does not match the certificate in the database. Do you want to use the certificate on disk to replace it? Click yes to use the certificate on disk. Click no to return to the welcome screen and select a recovery file."

what to do here,please give me solution?

0

MISCHA RANSOMWARE

May 27, 2016, 6:13 am
$
0
0
I need a solution

Hi Team,

One of our computer is infected with MISCHA RANSOMWARE! (Sophos alias). What is the Symantec alias for this threat.

0
1464359390

SEP SBE Finding 1000s of .tmp files in Quarantine

May 27, 2016, 10:16 am
$
0
0
I need a solution

Hello

This morning our fileserver(server 2012 R2) started finding tons of files it wants to quarantine in the symantec directory

C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\SRTSP\Quarantine\APQ6439.tmp

They are all Detected As:Trojan.Gen

All the files have random filenames like APQ9A4D.tmp and APQ7F31.tmp

At the rate its going it seems to find 1 new files every minute.

Anyone else run into this problem or have any ideas on how to stop or fix it?

Thanks

Chris

0

Unable to install SEP to Debian Linux

May 28, 2016, 9:58 pm
$
0
0
I need a solution

Hi,
 
I am following the link below to install SEP to Linux:
 
http://www.symantec.com/connect/articles/how-install-symantec-endpoint-protection-1215-ru5-linux-operating-system
 
I am using Debian Linux (kernel 3.4.67+)
 
But it fails in performing pre-check, it returns 2 errors and 1 warning: to install Java 1.5 or above and jce files, 32bits glibc library and X11 libraries are missing.
 
Then I installed openjdk-6-jre (which can be provided by Debian) and jce policy files, also glibc library. But it still return the above errors in pre-check.
 
Do anyone has any ideas why.
 
Thanks!
 
Danny

0

Should I use Shared Insight Cache Server or Security Virtual Appliance

May 29, 2016, 2:47 am
$
0
0
I need a solution

Hi guys, For virtual enviroments what is best to use Insight Cache server or Secrutity Virtual Appliance ? Both will prevent from AV storms in Virtual enviorements by not scanning the file again which are clean. However which is more practical to use ? please share your real world experience.

Appreciate your inputs and suggeestions. Regards 

0

SEPM 12.1.6 MP3 Report with device control: show user system

May 29, 2016, 9:52 pm
$
0
0
I need a solution

Hello everyone,
I havean incidentwhen generatingreportrisksand showsmeasthisimage,ofa total of 344events generated342are generatedwithusernameSYSTEM, knowing thatauthenticates userswithaccountscreateddomainandtheadministratoraccountaslocal computer.Lockpoliciesand exceptionsarecreated tolockUSB, CD/ DVD.andI generated342lockingeventsis notaffectedusers,and when I goto the path wherethe .exefileregistration andnothing is found.

agradecereyour help ..

report1.PNG

report4.PNG

report2.PNGreport3.PNG

report5.PNGreport6.PNG

0

New ransomware ZCryptor

May 29, 2016, 11:31 pm
Search

Configuring SEP Heartbeat through proxy

May 30, 2016, 5:30 am
$
0
0
I need a solution

Hello,

We have some SEP Clients scattered across the globe communicating with a public IP representing the SEPM.

After moving the systems behind a firewall, and restricting Liveupdate through proxy successfully, the clients are now unable to communicate with the SEPM's public IP. The connection attempts are getting dropped on the firewall.

Can we make the SEP Client communicate with the SEPM through proxy?
 

Thanks,
Jimmy

=-=-=

0

Help with Shared Insight Cache

May 30, 2016, 5:34 am
$
0
0
I need a solution

Hello everyone, So I installed shared insight cache to evaluate the effectivness. I installed Shared Insight cache on a dedicated server running on Server 2012. I have also set up AV policy to connect to this server. However I am not seeing any activity meaning I cant see if the SIC is working properly.

I can telnet fine from the agent to SIC on port 9005 and 9006 fine.

I am attaching the screenshots for your reference, your kind help is highly appreciated. Thanks

0

Cannot stop endpoint protection

May 29, 2016, 1:11 am
$
0
0
I need a solution

Hi, so i was wondering, i have the Endpoint Protection at out machines, but i'm not able to stop the service (and i'm administrator at one of the machines).

i saw people said to stop the tamper protection, but i'm not able to do it, it doesn't respond.

i'm scratching my head - what am i missing?

0

Integration with Multi-forest AD setup

May 31, 2016, 1:18 am
$
0
0
I need a solution

Hi

We have 3 AD forests. All have two way trust. SEP server is joined to one of the forest. We want to integrate our SEP server with all three Forest. Is it possible as I see an option to put LDAP Server IP. But can I put LDAP IPs of each forest and sync specific OUs from each forest? Will appreciate the suggestions with links to achieve this task if possible.

Thanks
Rafay

0

SEP Unmanaged clients

May 31, 2016, 3:44 am
$
0
0
I need a solution

Hi All,

          Any advice gladly received as usual. I have been asked to supply a SEP client for approx 40 VM's that are not on our corporate network but in a separate disconnected domain ussed for testing. The only way I can see to do this is to supply an unmanaged client install for this team to use on these machines. As per usual I have very little time to solve the problem. My questions are:-

What would the licensing issues be for this?

Will the unmanaged client contain our current set of SEP policies in use. But obviously will not get updated?

Wiil the definitions get updated if there is an external connection the internet?

Any other ideas of what I could do to provide this service to our people?

Cheers

PaulC

0
1464713368
Viewing all 10484 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>