Hi,
Got to update our Sep Manager to version 14 (from 12.1.7) to test with Windows 10.
Will all existing 12.17 clients on Sepm just continue with 'old 12.1.7' policys until there upgarded to 14 ??
Need to make sure nothing changes on the clients (policys / features etc....) until i've got a cahnce to test properly
Thanks !!!
I have a machine the the viruis definitions are up to date but the console says there not. In the even viewer there is a 'Error while updating Symantec Endpoint Protection status to SECURITY_PRODUCT_STATE_ON (error BA060000).' message, I have tried sfc /scannow and DISM /online /cleanup-image /restorehealth and no change. This is the only machine I am having this issue with. Does anyone have any ideas? Thanks
Hi all,
Has anyone seen issues with Network shares being unavailabe or server hung at shutting down caused by SEP 12.1.RU6 MP5 ?
Request to help with Policy to block traffic the IP address from reporting to SEPM for specific reason
Hi,
I am using Symantec Endpoint Protection version 14.
I have an Application Control rules which block all install when trying to add some registry key into this path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\*\*
If there any way to add an exception to this rule if I know the key name? Or is there any way to add exception to this msiexec with MD5?
When installing Microsoft Office 2016, there is a need to write a new key into this registry.
Appreciate any kindness attention! Thanks in advance!
Regards,
BK
Hello Guys,
I am facing an issue where rtvscand is using more than 100% CPU, which i see is common but as i need to justify it to upper management. Kindly share what rtvcand fuction in details so that i can prepare analysis report. And where i can find running rtvscand logs to check what threads are scanning at the moment.
Regrads
Hi,
For some reason Endpoint Protection appears to intermitently block Google Drive and Calendar on some users machines. Disabling endpoint protect restores the users capability to access these sites, but otherwise there appears to be no rhyme or reason and to when and for how long this might occur.
Does anyone know why this may be or what I can begin to look into, to solve this issue?
Thank you for any response.
I have one user who is getting a popuo stating that traffic coming from 10.10.10.16 is being bloack for 600 seconds and that a Port Scan attack is logged. The IP address mentioned is the server that SEPM is running on. Why would this be the case? There are other things running on this server, but only one user sees this pop up.
Anyone has experience on SEP 14 with McAfee DLP?
Hello,
I have project for 300+ endpoints with SEPM (14.0.1904.000) installed on server under windows2012r2. Mostly all endpoints have 14.0 version, but few still under 12.1.
Whole network have no access to Internet so all definitions updates goes through .jdb files. Today i apply latest .jdb files and its applies ok (..\content\incoming is empty now, no .err folders). But latest on manager still remainis old (1/9/17 r1). On all endpoints "Proactive Threat Protection" and "Network Threat Protection" has been updated, but "Virus and Spyware Protection" remains old version.
Can someone advise?
When an admin adds exceptions in SEPM the exception list will grow over time and there is no way to idenitify who created the exception and for what reason.
This may lead to a security risk as admins will be afraid to remove exceptons in fair of breaking something.
The exception policy should contain a comment and date field next to the excluded file/hash.
This would allow the admin to see the purpose of the Exception and on what date the exclusion was added.
Please vote for this Enhancement request here.
https://www.symantec.com/connect/ideas/exception-l...
Hello all,
I am trying to move SEP 14 clients among different groups from outside SEPM.
I have tried the following with no success:
- Import a new sylink.xml from the client, exported from the target group
- Use sylinkdrop, both manually and pushed remotely.
- I have found an old tool in connect (sylinkreplacer), that apparentely would do just what we need, but it hasn't worked either. (https://www.symantec.com/connect/downloads/sylinkr...)
- I have play around some test modifying, deleting, importing different registry keys and no louck neither.
Does anyone know how to move clients in SEP 14 without using the console?
Kind regards,
Juan
Quick question about how SEP for Linux works:
Say I have a Linux server, and a typical policy set without exceptions. I make a install package using the policy set.
Next, I add in an exceptions policy for a directory on said Linux server. Scans on that directory could really mess with my server.
Because the package was created before the exception policy was made, will SEP run scans right after install on the excluded directory? Or will it check in with the SEPM server first or Liveupdate before actually doing anything?
I hope this question is clear. And all of this obviously assumes internet access so the client can check in with the SEPM server.
Thanks!
I have SEP 14 installed on my ubuntu machine and I'm struggling to get the auto protect to stop malfunctioning.
systemctl is showing that the module isn't compatible with my updated kernel. Another post mentioned that you could manually recompile the autoprotect module. But the documention doesn't show you where exactly to run ./build.sh from.
https://support.symantec.com/en_US/article.TECH132...
systemd[1]: Starting LSB: Symantec AutoProtect Modules...
autoprotect[685]: Starting AP: insmod: ERROR: could not insert module /opt/Symantec/autoprotect/symev-ub-ST-14-4.4.0-28-generic-x86_64.ko: Invalid module format
autoprotect[685]: insmod: ERROR: could not insert module /opt/Symantec/autoprotect/symev-ub-ST-14-4.4.0-21-generic-x86_64.ko: Invalid module format
autoprotect[685]: <11>Jan 19 16:29:05 symev: unable to load kernel support module (UNSUPPORTED-OS-ub-ST-14,15,16-4.4.0-59-generic-x86_64)
systemd[1]: autoprotect.service: Control process exited, code=exited status=1
systemd[1]: Failed to start LSB: Symantec AutoProtect Modules.
Hi all
It seems that users can now partially disable SEP client inspite both "Allow users to enable and disable..." options in Client User Interface Settings are ticked off. Specifically, "Disable Symantec Endpoint Protection" option (after right click on SEP icon in system tray) is no longer greyed out and when user selects it it disables Generic Exploit Mitigation (screen below).
I was wondering if this is by design? This is new feature, possibly with issues, but I still don't think it is a good idea to leave it to (my) users to decide if they are going to use it or not.
Is there a way to disable this behaviour? Am i missing something?
Regards
I have a need get a list of the "Last Connected IP" addresses for our Symantec clients. In SEPM, if you go to a client's Properties and click the Network tab, there is a Last Connected IP field listed at the top. This isn't necessarily the same as the main IP address listed for the client - the main IP is usually a private IP and the Last Connected IP is external.
I haven't found a report that includes this information; I've tried the Computer Status>Client Inventory Details report and the Computer Status log, but the external "Last Connected IP" is included. I am also unable to locate the attribute in SEPM's SQL database to query it, although I know it must be there somewhere.
Can anyone find a way to retrieve a list of Last Connected IPs?
Hello,
Recently a florist was attempting to install their vendor's included copy of Endpoint. The problem is the vendor has not updated the software in a Greek age and therefore the FTP is offering 12.1MP1, something well before Windows 10 let alone AE. The goal is to install EndPoint with a newer install, as that one will not complete, and employ the license included from the vendor's dated EndPoint. Can anyone assist in this process?
Thank you in advance.
Ryan
Hello,
I have a 12.1.6Ru5 SEPM server and users would like the 12.1.6RU6 SEP. Do I need to upgrade the server or how can I make the RU6 SEP client available?
Thanks
Running SEP 12.1.7004.6500 and finding AVRunningStatus set to '2' in the registry. Usually is '0' for disabled or '1' for running. Hoping to find out if '2' is valid or an indication of corruption. SEP appears to be working fine. Searched online without success. Thanks for your help.
Hi,
we are getting an internal error when trying to log in to SEPM web console. It does not matter if you try to log in remotely or locally from the SEPM.
The error is just "Internal Error - The request resulted in an internal error."
This has started just recently and what makes it interesting is that on some SEPMs you can log in but in the others with exact same configuration you cannot.
Have any of you guys seen this lately? Also, I know how to google so I have been trying all the tricks that was suggested in the past but without any success.