I need a solution
What are the Windows versions that are supported in SEPM 12.1.7?
0
↧
Windows versions that is supported on 12.1.7
↧
command line to pull the latest Definition
I need a solution
Hi,
We are creating our Windows 10 image and want to provide a nice clean first user experience. Typically on the first logon users get a “Your virus definitions are out of date”. I am attempting to add a step to our imaging process to pull the latest definitations. I tried using SepLIveUpdate.exe but it appears to be disabled.
SepLiveUpdate.exe & luall does not fulfill our requirements
Is there any command-line I can use to force the SEP client to get the latest definitions from the SEPM Server?
Thanks in advance.
Regards,
Pravash
0
↧
↧
Is latest Satana variant detected by SEP 12.1.7?
I need a solution
Read this article today about Satana and was wondering if it can be detected by the latest version of SEP as a cryptolocker variant. Is anyone else familiar with it or had any encounters with it? Staff do quite a bit of travelling to hotels and other locations that are not secure.
0
↧
how to show progress bar
I need a solution
hi Symantec Expert,
i would like to ask your advise on how can i show progress scan of full scan, so that i can pause or snooze the scan.. i manually run a full scan of a machine, at first there is a show progress bar but when i logoff i can only see full scan progress (clickable link- please refer on the attached file) but i cant see or pause/snooze the scan.
is there a way that progress scan show again after i logoff the machine?
client: windows server 2012
SEP: 12.1.ru6 MP1 and manage (already a policy)
0
↧
SYMANTEC NETWORK ACCESS CONTROL OVER DEPLOYED
I need a solution
Hi All,
I am looking for your valuable advice on below issue I wonder we did something wrong or we missed some steps that's why it is coming like that.although we are not using SNAC still we are gettting below error on SEPM home page.Error-You do not have enough valid seats to cover all of the computers in your deployment. Over-deployment exposes your network to security risks. To purchase additional licenses for Network Access Control, contact your preferred reseller.
For more information, visit the Symantec Endpoint Protection licensing Web site.
Before anyone comment on it let me explain the background picture of it. We are using sepm version 12.1.3 we have 2000 Seats licence it is about to expired last month we renewed it after that for SEP 2000 seats it shows it is acitvated and valid till date we have renewed that sound's good but at the same time on sepm admin tab once we go to licences tab it was showing earlier SNAC also but it is not implemented in our environment. when we renewed and it was showing we logged a case with Symantec and techincal person explained me on 12.1.6 now onwards snac is integrated with SEP only. so you don't need additional licence or steps then we ask why it is showing here expired he says you can remove it from sepm console and he shared the steps also and we followed the steps and after that also home tab of sepm it shows attention required and once we go into details it shows that error which i pasted above. pls share your input.
Regards
Prem
0
↧
↧
SEPM Replication Partner Questions
I need a solution
I currently have a Windows 2008 R2 server running Symantec Endpoint 12 with a SQL 2008 R2 database. I want to add a replication partner and was wondering if my replication partner could have Windows 2012 R2, and a SQL 2012 database? I understand the version of Symantec needs to be the same on both servers.
0
↧
SEP in Systray missing
I do not need a solution (just sharing information)
About 2 weeks ago the SEP icon started to disappearing from our system trays. Sep policy is still set to display it, and this persisted prior to MP5 and post MP5. The only thing I can think is a Microsoft patch is causing this. SEP opens fine, but Wed prefer it to be displaye din the tray.
Thoughts?
0
↧
Possible reason for an SEPM notification to trigger with false information?
I need a solution
Hey guys,
I recieved an email from our SEPM notification about an SEP agent that is outdated. But upon checking the actual server it is updated. What's the possible reason for this?
Thank you,
Daryl
0
↧
Export Unmanaged Detector result
I need a solution
Hi guys,
I wonder how to export the Unmanaged detectore result in .csv or .txt filetypes.
what i am doing is i will check the notification on home tab, then copy the unmanged detector to excel.
do you have any other suggestions.
thanks in advance.
0
↧
↧
Ports or URL needed for SEPM virus def download
I need a solution
I need to lock down my internet connection on SEPM, what needs to be open so SEPM can still download def?
HTTP port 80, 443 to:
liveupdate.symantecliveupdate.com
liveupdate.symantec.com
update.symantec.com
Will this work? any issues or concerns with this setup?
0
↧
IPS definitions are updating on machines where IPS is disabled by policy
I need a solution
Hello,
I'd like to ask you if this is expected behaviour, that IPS definitions are updating even on machines where IPS has been disabled by policy?
In my company we deploy SEP agent to workstations with full feature set. After deploymen we decide to disable IPS on small group of machines. Since then IPS definitions are still downloading (SEP Manager says so). On some of machines from this group definitions are not up to date - but as far as I understand when IPS is disabled by policy it is not used on affected machine, right?!
Please take a look on screen below:
best regards
0
↧
Auto movement of clients to the respective location folders(based on IP range)
I need a solution
My requirement;
I want to intall all unmanaged clients with a default group Package(sylink) and from there the SEPM should automatically detect the endpoint IP address and move to the respective folder on the SEPM.
This would reduce lot of manual effort for an administrator.
Please let me know if we already have this option.
Thanks,
Nizamnath
0
↧
SSL TLS Certificate Error: sec_error_unknown_issuer
I do not need a solution (just sharing information)
It seems the latest version of Google/IE/Firefox does not allow SSL bypass of self-signed certificates. SEP doesn't support using third party certs, or using non-self signed certificates.
As a result, none of my technicians can access the web front for SEP Managment Console. You can't load the certificate into your browser as a trusted root, because as a .jks file it requires a password. Would really like to find a work around for this that didn't require using old versions of each browser.
TIA
0
↧
↧
Querying excetions via PowerShell and SQL query
I do not need a solution (just sharing information)
Hello, I've been tasked with reporting on our exceptions, and because we support a large numbers of users and applications, we support hundreds of them. This function can report on thousands exceptions in just a few seconds, and you could output the results to a CSV if you wanted.
You'll need to provide credentials which both have access to the server hosting the SEPM and read access to the database (I strongly recommend against using an account with write access, such as the SEPM's database account).
Example: Get-SEPMExclusions | export-csv c:\temp\yourfile.csv
Function Get-SEPMExclusions {
param (
[Parameter(Mandatory=$true)]
[Alias('Name','ComputerName')]
[string]$ServerName,
[Parameter(Mandatory=$true)]
[System.Management.Automation.PSCredential]
[System.Management.Automation.Credential()]
$Credential
)
begin{
$Parm += @{ComputerName = $ServerName;Credential = $Credential}
$query = @"
SELECT e.NAME
,CONVERT(varchar(max),CONVERT(varbinary(max),e.CONTENT)) as XML
,e.DESCRIPTION
,s.NAME as DOMAIN
FROM BASIC_METADATA e WITH(NOLOCK)
INNER JOIN IDENTITY_MAP s
ON s.DOMAIN_ID=e.DOMAIN_ID
WHERE e.TYPE = 'PolicyOverride' AND E.DELETED = 1 AND s.TYPE = 'SemDomain'"@
$connectionString = "Server=LocalHost;Database=sem5;Trusted_Connection=True;"
}
Process{}
End{
$table = Invoke-Command -HideComputerName @Parm -ArgumentList $Query,$connectionString{
param($query,$connectionString)
if (!($connection)){
$connection = New-Object System.Data.SqlClient.SqlConnection
}
$connection.ConnectionString = $connectionString
$connection.Open()
$command = $connection.CreateCommand()
$command.CommandText = $query
$result = $command.ExecuteReader()
$table = new-object “System.Data.DataTable”
$table.Load($result)
$connection.Close()
$table
}
foreach ($item in $table){
([xml]($item.XML)).PolicyOverride.OverrideItem.SecurityRiskOverride | ForEach-Object {
if ($PSItem.InnerXML -eq $null) { return }
New-Object PSObject -Property @{
Domain = $item.DOMAIN
Name = $item.Name
ExclusionType = ($PSItem.innerxml -split "" -replace "<")[0]
XML = $PSItem.InnerXML
Path = $PSItem.DirectoryOverride.DirectoryPath,$PSItem.FileOverride.FilePath -join $null
ExcludeSubDirectories = $PSItem.DirectoryOverride.ExcludeSubDirectories,$PSItem.FilePath -join $null
Prefix = $PSItem.DirectoryOverride.PrefixVariable
ScanType = ( $PSItem.FileOverride.ProtectionTechnology.ScanType,$PSItem.DirectoryOverride.ScanType,$PSItem.Extension.ScanType | Where-Object {$_ -ne $null} ) -join ","
Extension = $PSItem.InnerText
} | %{ $PSItem.PSObject.TypeNames.Insert(0,"SEP.Exclusion");$PSItem }
}
}
}
<#
.SYNOPSIS
Queries a Symantec Endpoint Protection Manager for exceptions.
.DESCRIPTION
Queries a Symantec Endpoint Protection Manager for exceptions. To format output, you can update formatdata for "SEP.Exclusion"
.PARAMETER ServerName
The name of the SEPM you want to query.
.PARAMETER filePath
A credential object with credentials with both remote access to the server and read access to the SEP database
.EXAMPLE
Get-SEPMExclusions <your sepm hostname> -Credential <credential object>
Connect with a credential object.
.EXAMPLE
Get-SEPMExclusions <your sepm hostname>
Connect with prompt for credentials.
#>
}
0
↧
GUP Policy for the GUP Itself
I need a solution
I have the a liveupdate policy configured so that under the Group Provider Settings, the Single Group Update Provide IP address or hostname is configured with the IP address of the GUP.
Here is the question: In what container do I put my GUP under the Clients tab on the left? Is the GUP supposed to reside in the same container as the clients that it will be serving? If so, the GUP server will know to reach out to the SEPM server for its content and know it is a GUP in this situation or does the GUP need a special container of its own with its own liveupdate policy?
Thanks!
0
↧
Where does Endpoint Protection install / which dirs are used?
I need a solution
The storage requirements for Endpoint Protection as listed in the technical requirements are fairly large so I will need to repartition to accomodate. Please let me know which directories the application is using so that I can plan accordingly. Where is it installed, which directories are used, and space needed for each. Thanks.
0
↧
Symantec Endpoint Protection requires restart AFTER installation
I need a solution
Hi all,
I am rolling out SEP version 12.1.7004.6500 and sometimes clients keep asking to reboot computer after installation. Now when I try to find information about this I can only find the pending system changes issue where you need to remove some registry keys. However this is after installation. When the client reboots the message don't dissapear and stays. Even after several days and multiple reboots.
In the above example this SEP installation was installed within our W10 image. I have seen several cases already going wrong. We also rolled out clients which are not having these problems. These were upgraded from a previous version (12.1.6860.6400).
OS is in all scenarios W10 Enterprise. Hope someone can bring some light to this.
Best regards,
0
↧
↧
Symantec Endpoint protection web filtering
I need a solution
Hi,
Does Symantec endpoint protection has site advisor tool as mcafee has, from SEP firewal rule can we block websites category wise such as social websites etc.
any help would be appreciable.
0
↧
Taskkill - Access Denied
I need a solution
We have a server running an app that has an uptime requiremtne of 24/7 with 1 scheduled monthly reboot. The server is 2008 R2 Standard running 12.1.6 MP4 and has downloaded the files for MP5. It was getting behind on Virus defs and we discovered that the defs were corrupt as there were multiple def folders so the app owner sought to follow the procedures to clear them out. SMC got stuck in the stopping state however and, considering the requirements of the server, we sought a way to kill the process. We tried the taskkill command on the PID of the SepMasterService and got access denied with standard command line, admin and domain admin. As there is another week until this server is rebooted I would really appreciate if anyone that has another way to go about killing the task might share it. This would also definitely be useful elsewhere with the servers as app owners are understandably gunshy of rebooting their servers.
0
↧
Device Whitlelisting for Vendors
I need a solution
Hi guys, I know how we can block a specific USB via its device ID. But I need to know how can allow all USBs from a one particular vendor I.e Kingston or HP. Appreciate if anyone can share the procedure for allowing or blocking from a particular vendor. Thanks
0
↧