Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all 10484 articles
Browse latest View live

Lan Enforcer not connected to Policy Manager & reflected Offline at SEPM

January 8, 2017, 7:13 pm
$
0
0
I need a solution

Hi All,

    I am cuurrently runnning SEPM v12.1.4 and my Lan Enforcer is also on v12.1.4 .

    I need to change Policy Manager IP from the original SEPM to another SEPM of Servers. When i run configure spm ip <ipaddress> group <group> HTTPS <port:8014> keyhash <kcs>, then reboot my Enforcer and see  it's coming from my SEPM on Servers tab after, and after that i run "show status" command, it reflected

Policy Manager Connected : NO

Enforcer Status :Online

    Although the Enforcer appeared on my SEPM's Servers tab, it reflected "Offline".

    On the Enforcer CLI I entered "capture start",I didn't see any response from the SEPM.

    Both my Lan Enforcer and SEPM are able to ping each other, and I have tried reboting my Lan Enforcer. Seems like their's status still the same.

Please help!

Thanks!

0
Search

Unable to start SEPM service

January 9, 2017, 1:28 am
$
0
0
I need a solution

Hi All,

We are using SEPM 12.1 RU6 MP5 on Windows Server 2008 R2. Till today it was working fine but all of sudden SEPm service got stopped and received below message in Event Viewer.

The Apache service named  reported the following error:
>>> AH00558: httpd.exe: Could not reliably determine the server's fully qualified domain name, using xx.xx.xx.xx. Set the 'ServerName' directive globally to suppress this message.
Source: Apache Service
Envent ID: 3299

The SEPM service is getting stopped automatically even if I restart it.

0

SEPM sur serveur Sharepoint/RDS

January 9, 2017, 2:08 am
$
0
0
I need a solution

Bonjour,

J'ai actuellement un vieux serveur W2003 pour faire tourner SEPM 12.1 RU5. Je souhaite migrer vers SEPM 14, je dois donc changer de serveur. J'ai un autre serveur W2008R2 qui est utilisé comme RDS et également comme serveur Sharepoint. J'ai de la RAM disponible (50%), le processeur n'est pas trop sollicité et j'ai 400 Go d'espace disponibles. Puis-je installer SEPM sur ce serveur sans risquer un problème avec mon Sharepoint et RDS ? Merci beaucoup. Aymeric

0

Component is malfunctioning/disabled

January 9, 2017, 3:54 am
$
0
0
I need a solution

Having an issue on workstation farm whereby PC/Laptop are showing as component is malfunctioning /disabled.

Security Team has advised that in these type of issues, same need to be cleanwiped and SEP12.1.6  package re-installed. However, this is very time consuming as there are a lot of workstation with Win7/8/10 having this issue.

Is there any way to address this issue in a simpler  even if it is from SEPM ?

Many Thanks

0

Domain computers showing up in default group

January 9, 2017, 1:22 pm
$
0
0
I need a solution

I have AD sync turned on, and for the most part its working just fine.

However, I have about 25+ computers that are on the domain (Windows computers) that are showing up in Default Group and I cannot move them to the correct AD group because you can't move to AD groups.

0
1483999330

Application & Device Control - Blocking Apps Running From Smartphone Storage

January 9, 2017, 3:09 pm
$
0
0
I need a solution

I'm trying to block apps from running on removable drives. I've got it working for USB drives, but can't get it working for smartphones.

Using the default application control rule set, I can block USB drives by matching USBSTOR\* The default rule of USBSTOR* doesn't work by the way. You have to put the \ before the wildcard *

USBstor.JPG

But when I try something similar for smartphones it doesn't work. I've tried using wildcards at various positions in the id string, and even using the dev id specific to the phone I'm testing with as reported in DevViewer doesn't work.

USBVID.JPG

Does anyone have any tips or ideas as to how I can block apps from running from smartphone storage?

0

SEP scan took unreasonably long time, stuck at some simple files

January 9, 2017, 7:01 pm
$
0
0
I need a solution

This problem occcurred on many of our servers of Windows 2012 or 2012R2.

The installed SEP versions are 12.1.6 or 12.1.7.

A full scan can take 2 to 3 days while it only took at most 10 hours with older versions of SEP.

And from the scan progress, we usually see the scan stuck at scanning some very simple files. It can stuck for 1 or 2 hours on 1 single file. Below screenshot is one of the examples. It's stuck at a shortcut .lnk file for 30 minutes already.

Is this a bug? Or what's SEP doing? Is it trying to do some cloud thing? e.g. Upload/download files through Internet and got jammed by bad Internet traffic?

SEP.jpg

0

Upgrade Process of SEPM

January 9, 2017, 10:05 pm
$
0
0
I need a solution

I need to upgrade my SEPM server from SEPM 12.1.6 (12.1 RU6 MR4) SEPM 14. Please tell me the proper upgradation prcess without any data loss.

OS: Windows Server 2008 R2 Enterprise

0
Search

Upgrade Process of SEPM 14

January 9, 2017, 10:09 pm
$
0
0
I need a solution

I need to upgrade my SEPM server from SEPM 12.1.6 (12.1 RU6 MR4) to SEPM 14. Please tell me the proper upgradation prcess without any data loss.

0

BSOD on win 7 64bit after upgrading to SEP v14

January 9, 2017, 5:37 pm
$
0
0
I need a solution

Hi All

I posted last year regarding an issue we got on our win 7 64bit computers after upgrading from SEP v12 to v14 in that whenever we run our corporate software the computer would crash with a BSOD (mup). Our windows 7 32 bit, windows 8 64bit and windows 10 64bit computers run fine.

I opened a case with Symantec and got this today:

We have found that Microsoft has released a hotfix for Windows 7, that appears to be related to the BSOD issues we have been seeing with customers upgrading to SEP 14. The hotfix can be found here:  https://support.microsoft.com/en-us/kb/3015999

They said that they had had positive results with other customers but unfortunately our windows 7 64 bit computers still get BSOD, has anyone else tried this fix?

Cheers

0

Unable to install SEP on a Server

January 10, 2017, 1:32 am
$
0
0
I need a solution

Hi,

I am trying to install SEP on a server,

SEP version: 12.1.RU6 MP5 (tried installating MP6 and still the same issue)

Type of installer: 1. Exported from SEPM, 2.Downloaded Unmanaged client from file connect

Features set: Basic Protection for servers, also, tried to install just the core files

OS: Windows Server 2008 R2 Standard (x64) with Sp1

Installation fails with the below error,

Capture.JPG

Is it some kind of permission issue ? I need your help to figure it out.

Because when I asked our Wintel team, they said that the account I use to install is a part of Administrators and Domain administrators and has enough permissions on that server.

I have attach the recent SEP_INST log. Unfortunately SIS_INST is not getting generated.

The server does not have SEP now but the it had RU3 some months back and it was uninstalled a while ago.

Tried running cleanwipe twice, Still no luck..

0

SEP 14 - RDP Access is Denied

January 10, 2017, 6:10 am
$
0
0
I need a solution

Need some help. Whenever I go to use RDP to a server, I have no issue what so ever connecting. Once the connection starts to load my desktop, I get "Access is Denied" for all users. If I disable Symantec, no one has any issues. All necessary users have permissions to remote in. I have made sure that 3389 is open on the firewall (even though we are making it past that point).

0
4985121

Notification Granularity - [Device Control]

January 10, 2017, 7:58 am
$
0
0
I need a solution

Good Morning,

        We are using Device Control policies to block USB Devices such as Mass Storage Devices and we have exclusions setup for Keyboard and Mice devices and other things that would show up as a usb device that are necessary for staff to get their job done. Staff members know that there is a policy against USB Devices such as Mass Storage Devices and so we also have notifications setup to email us whenever a usb device is plugged in to a computer so that we can contact that person to see what it is they are trying to accomplish.

The problem we are running into is that I can't seem to find a way to make it where just notifications for mass storage devices come through, instead we are getting notifications for anything that is trying to be blocked even things that are in the exclusion list.  Below are a couple examples.

Device control disabled deviceDefault
My Company\Desktop and Laptop Machines		XXXXXXXXXXXXWindows 7 Professional EditionDevice Manager Message Disabled the device. [name]:USB Optical Mouse [class]:Other devices [guid]:4d36e97e-e325-11ce-bfc1-08002be10318 [deviceID]:USB\VID_0461&PID_4E22\6&2B2F421&0&1
Device control disabled deviceDefault
My Company\Desktop and Laptop Machines		XXXXXXXXXXXXWindows 7 Professional EditionDevice Manager Message Disabled the device. [name]:Dell USB Entry Keyboard [class]:Other devices [guid]:4d36e97e-e325-11ce-bfc1-08002be10318 [deviceID]:USB\VID_413C&PID_2107\6&2B2F421&0&2

In the above examples you scan see that the Event Types "Device control disabled device" was logged and an email was sent out with this information.  In reality though these devices were in the exclusion list and were never actually blocked.  

Why do you think it was logged as such with the notification having been sent to me? 

0

Last scan date as old as 12/25/16

January 10, 2017, 8:45 am
$
0
0
I need a solution

i have been noticing more and more that a large group of our servers with the version 14 client are showing a last scan date voer a week old.  we have daily active scans that do essentially a quickscan and a weekly scan that does a full scan. the reason these are showing an outdated last scan date is because they are still running a scan.  what can i look at to determind why the client still feels it needs to be running a scan.

thanks

Ian

0

Sep 12 client turned itself off on a win 7 machine

January 10, 2017, 12:19 pm
$
0
0
I need a solution

someone in our call center stated that their AV client was showing as off in the Action center in windows.

in the action center under security, SEP was shoing as OFF for spyware and unwanted software procteciton and un virus protection.  see the screen shot.

my co-worker went to the machine and tried to open the sep client from the tray icon in the notification area, and it would not open the client.

his inly way to make it work again was to restart the client machine.

he also noticed that in the AV console, the client was showing as offline.

i have looked at the logs on the av console and windows logs on the machine (using a third party log server called splunk)

i can not find anything about the status of the av client from this machine. 

any suggestions on what else i can look at?

To my knowledge, this has happened only on other time. i did not look into when it previously occured so i can not tell you any specifics about that case.

thanks. let me know if you need any further informaiton.

Ian

0

Search

Is there way to import list of malware domains or IP addresses?

January 10, 2017, 1:55 pm
$
0
0
I need a solution

SEP and SEPM 12.1.7061.6600 with mostly W7 clients and Server 2012R2 management servers for SEP.
We routinely get lists of IP addresses or domains that the folks in central IT have collected that are related to risks/malware/phishing/bots and so on. The list is simply a text list of either IP addresses or domain names like risks-R-us.com or IP addresses or ranges for same.
I also get lists of currently known spammers, botnet locations, you know, "malware domains", same as from the central state folks, a list of domains and/or IP addresses.
Instead of sitting for 24 hours and typing in over 1,000 domains or addresses is there any way at all to IMPORT these into SEP - like OTHER firewalls can do?
Many firewall products allow you to subscribe to lists that help keep things up to date, or you can search and find lists of stolen IP addresses like spamhaus and phishtank publish and import these lists into other products. So far I've not found any way in SEP, and when I mention to others about their lists and such, they say "gee, we simply import the list into our firewalls"...... and they sound surprised when I suggest I find no way to do this with SEP.

So - do I spend hundreds of hours a year typing these lists into the SEP console, which always times-out after a while and then I have to log in and start over again if I get up for a, wel, uh, restroom break after a few hours........... or can they be imported somehow?
(Please tell me they can be imported, unless that would be untrue.............thanks)

0

SD card detection.

January 10, 2017, 11:20 pm
$
0
0
I need a solution

How to create policy for SD card detection on the system.

0

Risk Reports from SEP 12.1.6

January 11, 2017, 3:13 am
$
0
0
I need a solution

Hi All, I now have to supply Risk reports from SEP, something no one has been interested in before at work. My problem is that I run the "Quick Report\Risk\Infected and At Risk Computers" and I have set the date range for 1 year and I only ever seem to get no more that 2 to possibly 3 months worth of data. Has anyone got any ideas as to where the other 3 years worth of data has gone. I have checked with our SQL admin person and I know that the database has no size restrictions set. So it is left to just keep on getting bigger. Maybe there are some settings in SEP that I can tweak. Any advice is, as usual, gladly received.

Cheers

PaulC

0

Support for Server 2016

January 10, 2017, 8:25 pm
$
0
0
I need a solution

Hi guys, we currently have SEPM 12.1.6 RU6 MP3 but it doesn't appear to support Windows Server 2016 machines.

Which version do I need to be on to be able to deploy AV endpoints to Server 2016 machines?

0

Can't install SEP 14 remote java console

January 11, 2017, 8:04 am
$
0
0
I need a solution

Good afternoon,

I can't seem to get the remote java console in a new SEP 14 installation. 

Environment:

New environment with SEP 14 RPM, with embedded database. Nothing configured yet, just installed and added the client for itself. It's in a windows 2012 machine.

JRE on clients 101 and 111 (tried with both in all the machines)

Things that I've tried:

Install the remote java console in 4 different machines W7, W8 and Windows10. 

Install the remote java console from IE11, Chrome (last version) and FF 50.1.0. 

I've added the certificate in IE in two of the clients

I've added SEPM as a trusted site both in Internet options and in Java settings

I can't find any log anywhere where I can read anything about what's going on. I just get the Java starting window for some seconds and it closes itself and nothing happens. 

Can anyone point me in the right direction to where I cant get some information about what's happening? Any log for this (already tried windows logs and SEPM logs with no luck)

Has anyone experience problems with the remote console in SEP 14? 

* I'm not in a FIPS environment

Kind regards,

Juan

0
Viewing all 10484 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>