Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all 10484 articles
Browse latest View live

During Fresh Install of 12.1.6 with older version recovery files giving message "recovery file is missing some required settings"

May 31, 2016, 4:49 am
$
0
0
I do not need a solution (just sharing information)

I have a SEPM 12.1.4013 Server, we need to Migrate the it to the new Server with SEPM 12.1.6 MP4.

1) What is the Best Practice to do it

2) If I try to Restore Recovery Config files of 12.1.4 over the Installation of 12.1.6, During install message "recovery file is missing some required settings" is showing. 

What Shall I do, I do not wish to Install same version of SEPM first and then do the Migration and Disaster recovery best Practice procedure. I just would like to retreive the older config for ver 12.1.4013 to ver 12.1.6. what info I will miss with this install. 

Please suggest or adivce for the same. 

Any or All help is appreciated.

Thanks.

0

Search

Notification on firewall malfunctioning

May 31, 2016, 6:52 am
$
0
0
I need a solution

Hi all,

Is there a notification in the SEPM that can be created if a clients' firewall is malfunctioning ?

I want to be notified even this happens in  a single client machine.

Any help....

0
1464703661

Symantec/Defwatch.dwh

May 31, 2016, 7:35 am
$
0
0
I need a solution

Hi Guys, 

I have a question that I hope you will be able to answer for me. I work for a worldwide organization and am in charge of monitoring SEPM and all of the client workstations/servers on it. The version of Symantec that we are currently running is mostly 12.1.6 MP3, though some machines have been upgraded to the new MP4 version. The OS for virtually all machines that we are currently using is Windows 7 Professional. A month or so ago, I started receiving reports stating that various .exe files in the Symantec/Defwatch.dwh folder were being quarantined on a single machine, and through some research, I came across an article stating that it was a false positive, but this morning, when I pulled a risk report to get more information on any other alerts that came in, I found that in the last few days alone, these .exe files in that folder got flagged 1,769 times on multiple machines. Is this something that I need to be concerned about? I have been told that because it has been labelled as a false positive in the past, I do not have to worry about it, but I wanted to make sure that this is still the case. What do you guys think?

Here is an example of a .exe file that was flagged: C:\ProgramData\Symantec\DefWatch.DWH\dwhde1c.exe

0
1464706292

Endpoint Status, chart & Windows definition is not showing.

May 31, 2016, 7:41 am
$
0
0
I need a solution

Hello Everybody,

I'm looking for a solution on SEP forum and Tech news but i don't find how the way to show "Endpoint Protection chart" and "windows definition" on Home page using SEPM Console.

Attached you will find a sepm console home page screenshot.

There is not error when sepm console open and no error working.

It's a Server 2008r2 java 8.40, sep version 12.1.6  ru6 mp3 built 6608 and I already tried to repair sepm from add,change, remove programs; checked the proxy and Internet Explorer Enhanced security disabled.

Could you please help me with this issue?

Thanks a lots!

Ale

untitled2.png

0

How to filter for "still infected" Clients

May 31, 2016, 8:20 am
$
0
0
I need a solution

Hi all,

first of all I am sorry sorry for this basic question, but I cannot, for the sake of god, figure out how to get the mentioned list.

I have the following Situation:

SEPM Version 12.1.5

Total Endpoints 11000

On the "Home" Page under "Viirus and Risks Summary" it tells me that I have 10000 "Still infected" Items o the Network.

Of course this does not mean 10000 compromised Endpoints, as I have machines that, on their own, produce well over 100 Alerts in this List.

The question is: What Filter do I have to use to find those 20-30 (rough estimate) Endpoints that are generating all these errors. I cannot go through the Report I get by clicking the Number and when Using the "Monitors or Reports feature I somehow get no Results?

So can you please point me on that one hidden option that tells me which Clients are still infected? (BTW: Shouldn't this Button be the Biggest on the Start-Screen? I cannot understand why such a Report is so well hidden (or maybe I am just too stupid...)

thanks a lot for your help in advance!

Stephan

0
1464709546

Anyone Using the automatic Update of File Finger Print List for System Locdown

May 31, 2016, 1:19 pm
$
0
0
I need a solution

Hi guys, have anyone of you using the process of automatic updates for the file fingerprint lists for System Lockdown. I have gone through the documentation but it is somehwat not clear as how it shold be actually implemented into real world. I am refering to the automatic updates of the fingerprint list with hashes as the manual process of update is very cubersome.

Have anyone of you actually using this in your enviroments and how do you manage the automiatic updates. Appreciate your real world insights on this. Thanks

If anyone can share screenshots for this process it would be really awesome. 

0

How Remove SEP Managed Client from Laptop?

May 31, 2016, 2:46 pm
$
0
0
I need a solution

I have been assigned the task of removing/uninstalling a managed Symantec Endpoint Protection client from a laptop.  The managed SEP client was originally installed when the laptop was a member of a former domain (the laptop is no longer joined to that domain, and the owner wants to move the laptop to a new domain).  I tried to remove the SEP client while the laptop was running on a local/standalone basis using the usual Windows Control Panel remove program process.  It worked initially, but then I got a series of "file not found" errors and I had to reverse the uninstallation process and restore the SEP managed client.  I have removed unmanaged SEP clients in the past using the Windows Control Panel program removal process without any problems.  I assume that the uninstall routine is trying to find some expected files that were on the original domain when SEP managed client was installed.

Given this, what is the best way to completely remove the managed SEP client from this laptop?  The plan is to install Norton Security on the laptop, which is what is on the other workstations on this new domain.

My understanding is that there is a special tool available from Symantec to unconditionally remove the SEP client.  I am aware of the problems that can result from having even parts of two anti-malware/anti-virus programs running on a machine at the same time.  Hence my wish to completely remove SEP prior to installing Norton.

Thanks for any help you can offer.

0

Exclude an application in SEP

May 31, 2016, 6:53 pm
$
0
0
I need a solution

Hi,

I face a issue where unable to exclude an application in the exception policy. I am follow below link to do the application monitoring, but 2 week already but the application is not appear in the list of application.

https://support.symantec.com/en_US/article.HOWTO61...

the application is located in below path.

C:\Windows\System32\inetsrv\myapp.exe

C:\Windows\SysWOW64\inetsrv\myapp.exe

SEPM version 12.1.6 MP3

SEP version 12.1.6 MP1

Please advice.

0
Search

NOX.exe free download from EA Origin quarantined as Trojan.Gen.SMH

May 31, 2016, 7:15 pm
$
0
0
I need a solution

As the title says, after taking advantage of a free download offered by EA through their Origin client, the game was flagged as a generic Trojan and quarantined. 

Just trying to bring this attention to get the false positive corrected (or if somehow it's not false, to get the word out about that!). 

Sorry if this is the incorrect place or medium for these types of inquiries; this is my first post to Symantec Connect.

Thanks!

Oh, I'm running Windows 10 Education; there was no option for 10 in the drop-down. 

0

Serivce pack 2 installation

June 1, 2016, 1:55 am
$
0
0
I need a solution

Can any one help me to install SEP in XP service pack 2 system ?

0

Windows 7 Ultimate upgrade fails

June 1, 2016, 3:20 am
$
0
0
I need a solution

In a small network < 25 clients SEPM was seamlessly upgraded from 12.1.4100 to 12.1.6867.6400.

After the Autoupdate rollout; One host (Windows 7 Ultimate x64) fails on re-boot and has required re-image from a daily backup.

Other than deleting the update package in SEPM

NB: I cannot locate any instance of a "Sis_inst.log" on the Server (Windows 2003 x86).

0

Application and Device Control policy for LOCKY and Cryptolocker

June 1, 2016, 11:15 am
$
0
0
I need a solution

hi everyone,

Good day

can someone share a polciy for ADC for locky and cryptolocker, that i can export to my SEPM 12.1.6MP3. or some can share a step by step guide for ADC polci creation for locky and cryptolocaker ransomware.

thanks

0

Old locked posts now showing since maintenance

June 1, 2016, 10:34 pm
$
0
0
I do not need a solution (just sharing information)

Hi,

Anyone else notice that since the forum just came back online from maintenance, all the posts are old and locked?

The new ones should be at the top, but these are all from 2014/2105.

I've tried changing sort order, cleared browser cache, regresh, etc.  Looks like someone restored an old backup :-D

Steve

0

SEP 12.1.6 MP4 agent installation fail

June 2, 2016, 12:28 am
$
0
0
I need a solution

Hello,

I have SEP Manager already upgraded to version 12.1.6 MP4 . I generated agents and I would like to update GUP servers right now. Most of them can be updated without issue, but I have an issue with 3 GUP server. When I try run 'setup.exe' on the server I have recieving error: 
"The installer integrity check failed. Common causes for this failure include an incomplete download, damaged media or problems with the Trusted Root certificate store".

I have generated package many times and on these three server I've get the same error. I checked registry with this document: https://support.symantec.com/en_US/article.TECH214426.html and all seems to be configured properly. I'am able to uninstall/install old version but I can't install latest one (12.1.6 MP4). Only three machines have this issue. 

Can you please help me with this?

regards

0

Finding out which machines genuinely aren't connecting

June 2, 2016, 1:07 am
$
0
0
I need a solution

On a large estate where you have a mixture of laptops, desktops and servers, it can be virtually impossible to work out which machines aren't connecting properly. As some laptops will be turned off due to people being on leave etc. but how do you find out which machines aren't connecting to the SEPM correctly without logging onto every single one and checking the local SEP client? 

Can anyone think of an easy way to check this? or a service on the SEP client that con be monitored by another product to confirm it's connectivity to the SEPM as there doesn't seem to be an easy way to check this. An also if you have the SEPM set to delete offline machines that have not checking over the past 30 days you may not find out about the machine not connecting till someone is on the machine and raises an issues with SEP being out of date which is something alot of basic users will not know to do or check. 

I recently did some upgrades of some machines in a test group and upgraded about 100 machines I found that 5 of them after the upgrade for no reason had changed to offline/self-managed where they were fine before the upgrade and were checking in. The upgrade package was set to keep all existing settings. These upgrades were to the latest 12.1 RU6 MP4 package but have noticed it in previous versions also. 

0
Search

SEP - Mac Malware

June 2, 2016, 6:42 am
$
0
0
I need a solution

Hi Group!

We wanted to run this by any of you to see if maybe something else needs to be configured/tweaked with our Mac community using SEP 12.1.6 (12.1 RU6 MP2). Some running Yosemite (10.10.5) and some running El Capitan (10.11.4) We found 3 instances of malware on several machines which SEP, for whatever reason, did not pick up. The three were:

SMOKYASHAN

JAVEVIEW

DOWNLITE

all residing in the users local Library/Application Support folder. Everytime these users would restart their machines, a pop up would appear to either install something or and option to abort it. Screenshot attached. We were able to manually tackle and remove it, THANK GOODNESS! but why SEP did not pick up these instances, is a bit concerning to us. Any thoughts?

0

SEPM 12.1.5 and SQL Server 2016

June 2, 2016, 10:36 am
$
0
0
I need a solution

Hi guys!

Well, that's the question... Can I install SEPM 12.1.5 with a database on SQL Server Standard 2016?

Hope anyone can help me.

Greetings!

0

Casper and duplicate entries in client list

June 2, 2016, 4:30 pm
$
0
0
I need a solution

I'm using Casper to push out the 6867.6400 client to about 3,000 MACs. I just noticed I now have duplicate entries for each upgraded MAC in my SEPM console. One has the older 6865.6200 client and the other has the new 6867 client.

Short of deleting 3000 entries, is there something I need to configure to not display duplicate entries?

I could just let them age out normally after two weeks, but I have automated jobs that run based on certain paramaters, old client versions is one.

ring_0.PNG

0

SEP under Windows 10 prevents EQ7 from running

June 2, 2016, 8:08 pm
$
0
0
I need a solution

My employer makes SEP available to their employees in another line of defense against anything bad making its way onto the corporate network. So for quite some time I've been running SEP (current version here is 12.1.6318.6100) on my home computers as unmanaged clients and things were working just fine under Windows 7.  Just recently I updated my wife's computer to Windows 10 and now her EQ7 software refuses to start (click on it, the cursor spins briefly, changes back to an arrow and nothing else happens).  Windows does produce an error (WER) report that in a nutshell says:

FriendlyEventName=Stopped working
ConsentKey=APPCRASH
AppName=EQ7 Quilt Design Software

I wrote the EQ people and described the symptoms and they wrote back to ask if I had SEP on the machine.  I answered yes to which they responded that EQ7 is not compatible with SEP and that I should look into getting different antivirus software.  This statement is somewhat contradicted by the fact that EQ7 was working fine alongside this same version of SEP under Windows 7.  I have tried disabling SEP through the taskbar and that did not help.  I have scanned the SEP logs and have not found any mention, pro or con, of EQ7.

As the EQ7 support at this point seems questionable, I'm looking for suggestions about how I might troubleshoot and fix this from the SEP end before my wife shoots me.

Thanks!

0

Limit file type copy to network folder by SEPM application and device policy

June 2, 2016, 8:18 pm
$
0
0
I need a solution

Dear Support,

Please let me know any suggestion.

Limit file type copy to network folder by SEPM application and device policy

Is it possible?

0
Viewing all 10484 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>