Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all 10484 articles
Browse latest View live

SEP Design Bandwidth Usage Calculations

June 16, 2016, 3:44 am
$
0
0
I need a solution

Hi guys, I need to desgin a SEP solution for a customer, However I am trying to fine some estimates for Bandwidth consumptions that will be used by SEP. I have tried to do some research but couldnt find any useful information. If I am not mistaken then there used to be a bandwidth calculator that we use to do the calculations, any 1 have that ?

I am specifically looking for the following estimates.

Client to Server communication usuage daily ( downloading policies uploading logs etc etc)

Clients to GUP communication usuage daily ( for downloading content updates)

Client to SEPM communication for downloading updates daily.

If anyone can provide with me the approximate numbers for the latest version for SEP is highly appreciated. Thanks and Regards 

0
Search

LUA unable to download due to no disk space

June 16, 2016, 3:49 am
$
0
0
I need a solution

We use LUA to download and distribute defs to the SEPM servers but it has failed this morning due to no disk space being available.

I have gone to delete the distribution centre and then recreate it to clear old defs but the account for "Login credentials for distribution access to location:" we dont seem to have the password for the account so the new distribution centre keeps failing. The account seems to be a local account and not a domain account but I cant see the account on the local users on the server either.

Is there anywhere this account would be created during setup so i can recreate it or reset the password. The account is not in managed users either on LUA.

Or is there another way to clear space without having to recreate the distribution centre?

0

Replication - Updating SEPM 12.1.5 to 12.1.6 MP4

June 16, 2016, 5:10 pm
$
0
0
I need a solution

What actions I should do with the replication, before that I upgrade the SEPM since v12.1.5 to 12.1.6 MP4 version. I have to servers that use the same site.

Should I only stop the  SEPM service, or  do need I to do something more. I read that some case the replication should be stop.... I need help. 
Can you give information about this?

Thanks for your help. 

0

Replication - Upgrating SEPM 12.1.5 to 12.1.6 MP4

June 16, 2016, 5:21 pm
$
0
0
I need a solution

What actions I should do with the replication, before that I upgrade the SEPM since v12.1.5 to 12.1.6 MP4 version. I have to servers that use the same site.

Should I only stop the  SEPM service, or  do need I to do something more. I read that some case the replication should be stop.... I need help. 

Can you give information about this?

Thanks for your help. 

0

How to automate the scan schedule of SEP client through Command line?.

June 16, 2016, 11:20 pm
$
0
0
I need a solution

We have SEP client and configured with server, We are able to schedule the scanning in client through GUI (SEP Wizard),

How to do the same through command line.

0

False error on AVDEF update install 2

June 17, 2016, 8:31 am
$
0
0
I need a solution

Please reference previous thread with same title, sans 2.

In July 2015, we had a set of laptops that we due a scheduled update with the latest Nav Def file. The laptops are in a controlled environment, no internet access. The had Windows XP and SEP 11.0.6000.550 . After the update was executed, the pop-up window read "Intelligent Updater session complete.  All updates failed to install on the machine.  For more details about the processing, please check the log file "Log.IntelligentUpdater.txt" created in the user's temporary directory.” Going to the SEP GUI, it was determined that the status was green, and all was good despite the pop-up window error message.

This caused a lot of panic about our systems being protected. We know about the EOSL for SEP and the risks of Windows XP, but that is just what we have to live with. In discussions on this website, it was said that the computers are still protected even though the pop up box says the update failed. Since then, we have made updates in October, 2015, Dec 2015, and several times in 2016, with no mention of the pop-up error message again. Is there any explanation for this? We have also updated to Windows 7 in December 2015.

0
1466180448

various question

June 17, 2016, 9:26 am
$
0
0
I need a solution

The company i work for have about 10 SEPM servers, i need some info about :

1- Replication partner; should i make only one server to replicate from?

2- from wich SEPM server should I generate a package to be installed on a client?

3- All servers share the same License key; is this a problem?

0

Symantec Endpoint replication with diferrent policy each server

June 17, 2016, 9:43 am
$
0
0
I need a solution

I have 2 sites of server management.It is lastest version 12.1.6 MP4.

Site A have 1 management server and 1 SQL server.

Site B have 2 management servers with load balancing and 1 SQL server.

In this case the site A and site B are not replicate.
And each site have different policy ,group client ,config at all.

I want to setup replicate and merge the config ,policy ,group client ,client status.Is it possible?

Because when I setup to replicate it notice that the existing on database will be delete ,that I don't need it to be.

0
Search

Last scan status on the manager is showing wrong information

June 15, 2016, 7:11 am
$
0
0
I need a solution

On the manager under protection technology, last scan column is giving a very old information where as when we look in the client itself the last scan is the latest date.

Have cleared the agent info folder ...

Any suggestion that could be done.

Version : 12.1.4013

0
1466430919

liveupdate -firewall

June 19, 2016, 8:00 am
$
0
0
I need a solution

Hi I would ask about specific situation .I use SEP Firewall as individual firewall for my user station.

For my issue I notice SEP do some connection .for  liveupdate.symantecliveupdate.com several time .I don't allow him to connect .But SEP do this.And logs not show my this connection .Why it is doing and where I can stop it.Please advanced users about advice.

SEP put it here

C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6867.6400.105\Data\Lue\Downloads

sepc$20submission$20control$20data_12.1$20ru6_symalllanguages_livetri

Attachment is on bottom.

0

Do offline machines take up a license in SEPM?

June 19, 2016, 9:51 pm
$
0
0
I need a solution

Hi

Does anyone know if offline machines take up a license in SEPM?

We have AD synch with SEPM.

One issue with this is that, an old machine sitting in AD will still synch with SEPM.

Does this offline machine count towards the SEP license? (Does it depend on how long it has been offline for?)

Thanks,

DM

0

Pushing Intelligent Updater through SEPM or SCCM or Altiris

June 20, 2016, 1:33 am
$
0
0
I need a solution

Hello guys, I need to know if we can push the Intelligent updater through SEPM ? If yes can we push it silently from the SEPM becuase manually when we try to run the package we have to click on OK when we execute it.

Simialry what are they steps we need to follow if we want to push it from Altiris or SCCM and can we push it silently on user machines?

Appreciate your feedback. Thanks 

0

Symantec endpoint protection manager for emails

June 20, 2016, 2:18 am
$
0
0
I need a solution

Is there any option in symantec endpoint protection 12.1 manager through which emails can be scanned .... i know there are anitspam solotuions such as symantec email security for exchange and messaging gate way but i dont want to use them just basic protection of emails 

 i just want to know if there is any option in sepm manager like in the emails under signature there is mention that this emails is scanned through .. this anitvirus   ... if there is an option please let me know 

0

vd49a802.jdb 6/20/2016 corrupted?

June 20, 2016, 9:57 am
$
0
0
I need a solution

I have a disconnected SEPM and update the definitons manuallly  using .jdb files. I never had any issues until this morning. Couple of minutes after I copy vd49a802.jdb to \Program Files(x86)\Symantec\Symantec Endpoint Protection Manager\data\inbox\content\incoming, I get an error the file gets renamed as vd49a802.jdb.err

I tried to re-download and copy the files but same issue persists.

Anyone have the issue?

Thanks,

0

Importing Sylink File Directly into installer file set

June 20, 2016, 11:45 am
$
0
0
I need a solution

Hello,

Quick question.  Our deployment environment requires each computer be registered to the correct set of policies by use of a Sylink.xml file.

If you see the screenshot below, you can seee that I copied our current sylink.xml file into the install folder (replacing the old one--though I renamed the old one to .old so I could keep it for reference).

Just want to make sure this is a) functional and b) good practice.

Thanks,

Adam

0

Search

SONAR engine (UMEngx86.dll) linked to CPU spike (100% utilization)

June 20, 2016, 10:50 am
$
0
0
I need a solution

We are having Windows servers spiking the CPU randomly; suddenly CPU spikes to 100% in all the servers at the same time, this is ~25 servers experience the issue simultaneously. All the servers have Symantec Endpoint Protection ver 12.1.6318.6100 installed. The issue is sporadic (happens once every 2 or 3 weeks) and unfortunately it cannot be reproduced at will.

The process spiking the CPU is the Goliath Performance Monitor agent from Breakout Technologies, the service is listed in Windows as "MonitoringIT Agent service") => either RpmAgent.exe or its parent process AgentService.exe are affected. When the issue occurs stopping or restarting the MonitoringIT Agent service resolves the issue.

The reason for this post is that recently we found that when the issue happens the affected process contains 2 instances of the SONAR engine (UMEngx86.dll), where servers that are not affected do not contain any (screenshot attached):

We also noticed shortly before the issue occurs (~15 mins) there's an isolated error on the Application log of every affected machine:
Event ID 74, Source: Symantec Antivirus, "SONAR has generated an error: code 0: description: Definition Failure"
We have memory dumps of the affected process in case they're necessary.

We don't see UMEngx86.dll hooked into any other processes, whether they are already running or when we start applications, so we wonder why is it for the Goliath agent.

We're still researching this and trying to repro in a test environment to find more patterns. For now we're posting this in hopes of getting some ideas/suggestions. Any assistance sincerely appreciated.

Thank you

0

SEP for SharePoint Servers

June 21, 2016, 6:37 am
$
0
0
I need a solution

I am looking for more information on on Symantec Endpoint Protection for SharePoint Servers. 

I am specifically looking at this product -- https://www.symantec.com/products/threat-protectio... --  is that a totaly separate product than a SEP client on a workstation/server?

We run SEP 12 on all of our workstations and servers now, but we do not have anything that specifically scans files uploaded and downloaded to SharePoint databases.  I have reviewed the thread here -- http://www.symantec.com/connect/forums/sep-1212-an...

The post by ShadowsPapa is informative, but I am still curious why I need a product specifically for SharePoint?  Are the uploaded/downloaded files not scanned on a users PC before they are actually put into the SharePoint database?  Why would I need a different product to scan those files?  I was under the impression that I can configure our SEP12 clients to scan any file that is uploaded or downloaded from client/server OS.  Can someone elaborate on this?

Thanks in advance for any help.

0

Misleading SymantecTV ransomware video?

June 21, 2016, 7:07 am
$
0
0
I need a solution

Hi all. 

I was just browsing ransomware topics and happened across a SymantecTV short video, which somewhat explains ransomware as to a child, but at the end it rather weakly indicates that you can clean ransomware with the likes of power eraser.  Obviously these videos are made by the marketing people so there's no point in believing any of it without verification but from a technical standpoint does anybody here know if it has ever proven effective?   Given that removing the encryptor engine means you have no facility to decrypt the files, removing it really accomlishes nothing anyway I would think.  Unless you powered off the moment it began encryption so most files are still intact.  Even then you have to hope there is no way for that stuff to come back. 

And for the life of me, I don't know why, but every security vendor keeps saying "don't pay the ransom".  Just a minor rant here, but I doubt that will deter cybercriminals from the most lucrativec gold rush that ever existed in the cyber domain.  The intelligent ones likely realize that having high unlock rates means the market will not dry up and I might also point out that since the bad guys are always a step ahead, guess what happens if enough people take that advice?  The baddies will be prompted to evolve the game further and more quickly.  For example and if this doesn't exist I'm sure it will soon either way, with encrypting ransomware not only do your files get encrypted, but pehraps they'll threaten to share your stuff online with the world too.  Or maybe a thing where you pay once for decryption, and a second fee for non-sharing.  It's a natural evolution that is only limited by the imagination but it isn't likely to be prompted unless current methods start to become less effective.  And I don't mean antivirus detection rates, I mean if ransomware victims begin to just say no, the bad guys will have to find new ways for victims to have to say yes.  I would think we'd want to keep the enemy contained within known parameters and try to avoid causing them to feel they must innovate on the victim coercion front.  

I am very much hoping that this advice is based off of something more solid than a half-hearted hope that if we all just say no that somehow cybercriminals will throw their hands up in defeat and take up golf or musical instruments.  

Anyway, rants aside, I'm just wondeirng if anybody has observed or heard of Power Eraser doing anyting succesful with ransomware.  And another thought or question:  does Symantec have a specific incident response team for ransom-locked customers or is it just the standard support process? 

Thank you. 

0
1466519748

Upgrade confusion

June 21, 2016, 9:23 am
$
0
0
I need a solution

Hello!

I am currently running SEPM 12.1.6 (12.1 RU6 MP4) build 6867 (12.1.6867.6400) on Server 2012 R2. We have maybe 50 clients, mostly on Windows 7.

My boss told me we need to be at 12.1.6 to support Windows 10 which will be introduced to our network in the near future. The server is already there but the clients do not appear to be.

The Install packages tab only shows a single package and it is version 11.0.5002.333?

If I click on "Add a client install package" my only option is 12.1.4013.4013.

I have downloaded 12.1.6.MP4.All_Clients_En.

How do add that as an install package?

Thanks!

0

1466536522

Notifications from one policy?

June 21, 2016, 12:26 pm
$
0
0
I need a solution

We have a couple of different servers that we configured custom policies for.  We are quarantining files as a first action on these servers.  We would like notifications sent to the individuals who manage these two servers if a file is quarantined.  I have been trying to add this notification under Add Notification Conditions (New risk detected...), but I am not seeing the notifications come through. 

I essentially typed in the server name in the server field (all that was available in the dropdown is "all" and our sepm management server) and selected "quarantine" for action taken.  What am I missing?

0
Viewing all 10484 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>