SEP 14 unmanaged MSI - need to prevent restart

January 23, 2017, 6:35 am

≫ Next: Clients are not reporting into a new SEPM with same hostname and IP as the old SEPM.

≪ Previous: Internal Error while accessing SEPM Web Console

$

0

0

I need a solution

A handful of our clients need to run SEP in an unmanaged state because they rarely, if ever, connect back to our network.  I set up an install using the MSI and I use the property SYMREBOOT=ReallySuppress but the client still restarts after the install.  I believe it is the symantec software itself and not the installer which initiates the restart because of what I found n the event viewer (below).  This unexpected restart is throwing our Operating System Deployment procedure into an error state.  (We use Microsoft SCCM). 

Here is a snippet from the System event log:

Event 1074

Source User32

Detail:

The process C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.1904.0000.105\Bin\ccSvcHst.exe (COMPUTERNAME) has initiated the restart of computer COMPUTERNAME on behalf of user NT AUTHORITY\SYSTEM for the following reason: Legacy API shutdown
 Reason Code: 0x80070000
 Shutdown Type: restart
 Comment:

0

---

Clients are not reporting into a new SEPM with same hostname and IP as the old SEPM.

January 23, 2017, 10:09 am

≫ Next: SEPM 12.1.4

≪ Previous: SEP 14 unmanaged MSI - need to prevent restart

$

0

0

I need a solution

Clients are not reporting into a new SEPM with same hostname and IP as the old SEPM.

The only thing I can see being different are the policy serial numbers. SSL on the new SEPM is disabled.

I ran the SymDiag tool and it says client\server communication is fine.

What am I missing?

Thanks, Steve.

0

1485203393

SEPM 12.1.4

January 23, 2017, 11:12 am

≫ Next: SEP 14 Clients Not Updating Definitions While Pending Reboot for Client Upgrade

≪ Previous: Clients are not reporting into a new SEPM with same hostname and IP as the old SEPM.

$

0

0

I need a solution

Hi,

I have SEPM 12.1.4 running to update few Windows 2000 machines with SEP 11.0.6 installed. I used to get virus def for this old version but recently stopped updating. Are virus def not being created for sep 11 anymore?

0

SEP 14 Clients Not Updating Definitions While Pending Reboot for Client Upgrade

January 23, 2017, 11:35 am

≫ Next: [SEPM] Does not list Mac OS SEPM Client

≪ Previous: SEPM 12.1.4

$

0

0

I need a solution

Recently upgraded to SEPM 14 and started migrating ~300 endpoints to the new version 14 client from 12.1.6. Since the migration started we started seeing a lot of new issues with clients getting out of date virus definitons. There seems to be a coorelation between clients that got the updated client, but haven't rebooted and those are have old virus definitions. Is this expected behavior? I'm hoping to not have to reboot my endpoints right after the client upgrade if I don't have to.

Running LiveUpdate on the clients does fix the issue as they get the definitions from the Internet instead of our local SEPM server.

I can validate that the SEPM server itself is getting the definition updates and is properly deploying them to most of our endpoints.

0

[SEPM] Does not list Mac OS SEPM Client

January 23, 2017, 11:49 am

≫ Next: Quarantine an .exe for 32 Bit but not 64 Bit

≪ Previous: SEP 14 Clients Not Updating Definitions While Pending Reboot for Client Upgrade

$

0

0

I need a solution

Good afternoon everyone,

I trying since several day to remotely set up (Push), a silent install for an EndPoint Protection on a Mac computer.

Installation seems to complete correctly, but I can't find the client in SEPM.

filter are correctly set up to "Show Windows" and Show Mac".

Please advise.

0

Quarantine an .exe for 32 Bit but not 64 Bit

January 24, 2017, 12:47 am

≫ Next: fullscan stuck / hangs on file

≪ Previous: [SEPM] Does not list Mac OS SEPM Client

$

0

0

I need a solution

Hi,

We have a problem with the 32 bit computers. We have an application on windows mobile 6.0. when we run on 64 bit machine with symantec it works but when we run on 32 bit machine with symantec it does not work and it takes the exe to quarantine area and delete the original one. 

The symantec version 12.1.6 (12.1.RU6 MP5) Build 7004 (12.1.7004.6500)

What will the problem and solution. Is there anybody who have lived the same problem and somehow solved. We will be gratefull. Thanks. 

0

• Symantec.png

fullscan stuck / hangs on file

January 24, 2017, 12:50 am

≫ Next: Log Error: "A content update package from the management server failed to unzip"?

≪ Previous: Quarantine an .exe for 32 Bit but not 64 Bit

$

0

0

I need a solution

Hello ,

i have upgrade my server to V14 and  same Clients to 14.0.1904 . 

Now its that some of the upgraded clients hangs or stuck in the weekly full scan.

The Files are random on clients

smc -stop not help

Only reboot  works as Workaround because its no solution

0

Log Error: "A content update package from the management server failed to unzip"?

January 24, 2017, 3:57 am

≫ Next: SSL Medium Strength Cipher Suites Supported vulnerability

≪ Previous: fullscan stuck / hangs on file

$

0

0

I need a solution

Hi all,

I have an issue affecting some of the application servers which act as GUPs.

some of them are unable to update their antivirus definitions and the log states the error:

"A content update package from the management server failed to unzip. The Update will be reattempted"

The servers download the content from themselves since the are GUPs, but the update package cannot be unzipped...

this is only affecting a few of the servers, the others are working fine.

Any explination on why this is occuring?

0

---

SSL Medium Strength Cipher Suites Supported vulnerability

January 24, 2017, 5:02 am

≫ Next: Pushed policy to have workstations reboot at a certain day and time through SEPM - Didn't work

≪ Previous: Log Error: "A content update package from the management server failed to unzip"?

$

0

0

I need a solution

  Hi all,

 On our latest vulnerability scan of our SEPM 14 server we got this message:

 ---------------------

Description

The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 56 bits and less than 112 bits, or else that uses the 3DES encryption suite.

Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.

 

Solution

Reconfigure the affected application if possible to avoid use of medium strength ciphers.

 

Output

Here is the list of medium strength SSL ciphers supported by the remote server :

  Medium Strength Ciphers (> 64-bit and < 112-bit key)

    TLSv1
      EDH-RSA-DES-CBC3-SHA         Kx=DH          Au=RSA      Enc=3DES-CBC(168)        Mac=SHA1
      ECDHE-RSA-DES-CBC3-SHA       Kx=ECDH        Au=RSA      Enc=3DES-CBC(168)        Mac=SHA1
      DES-CBC3-SHA                 Kx=RSA         Au=RSA      Enc=3DES-CBC(168)        Mac=SHA1

The fields above are :

  {OpenSSL ciphername}
  Kx={key exchange}
  Au={authentication}
  Enc={symmetric encryption method}
  Mac={message authentication code}
  {export flag}

-------------------

  These vulnerability issues are on tcp ports: 443 and 8445, ports that are used by Symantec Endpoint Protection Manager.

  Is there any solution to this issue?

  Thanks in advance!

0

Pushed policy to have workstations reboot at a certain day and time through SEPM - Didn't work

January 24, 2017, 12:22 pm

≫ Next: SEP 14 stops Docker Windows from working

≪ Previous: SSL Medium Strength Cipher Suites Supported vulnerability

$

0

0

I need a solution

Hello,

I created a policy under the OU structure in SEPM to have computers restart at a certain time. I pushed SEP through SEPM. Once the time rolled around for me to reboot, I never received anything from SEPM to reboot on the workstation. Attached is a screenshot of my current configs. Did I configure something wrong? 

- Configured under parent OU

- SEPM version 12.1.6 RU6 MP6

- SEP version that was pushed was 12.1.7061.6600

0

SEP 14 stops Docker Windows from working

January 24, 2017, 12:56 pm

≫ Next: SEP 14 stops Docker Windows from working

≪ Previous: Pushed policy to have workstations reboot at a certain day and time through SEPM - Didn't work

$

0

0

I need a solution

I am running Windows Server 2016 with Microsoft Docker components installed.

I had to install SEP 14 (14.0.1904.0000) to be able to pull images.

Many people have reported problems with all manner of virus scanners & Docker:

  https://github.com/Microsoft/Virtualization-Docume...

With SEP 14.0.1904.0000 I was able to successfully pull images.

However, doing a simple docker run -it microsoft/windowsservercore hangs and never finishes.

Disabling SEP did not help. Only uninstalling it helps.

Is this a known issue? How to get it fixed?

0

SEP 14 stops Docker Windows from working

January 24, 2017, 1:20 pm

≫ Next: SEPM - Query Last Connected IP Field

≪ Previous: SEP 14 stops Docker Windows from working

$

0

0

I need a solution

I am running Windows Server 2016 with Microsoft Docker components installed.

I had to install SEP 14 (14.0.1904.0000) to be able to pull images.

Many people have reported problems with all manner of virus scanners & Docker:

  https://github.com/Microsoft/Virtualization-Docume...

With SEP 14.0.1904.0000 I was able to successfully pull images.

However, doing a simple docker run -it microsoft/windowsservercore hangs and never finishes.

Disabling SEP did not help. Only uninstalling it helps.

Is this a known issue? How to get it fixed?

(Sorry if this is a duplicate, couldn't find my first post)

0

SEPM - Query Last Connected IP Field

January 20, 2017, 11:15 am

≫ Next: Old EndPoint Installer->Windows 10

≪ Previous: SEP 14 stops Docker Windows from working

$

0

0

I need a solution

I have a need get a list of the "Last Connected IP" addresses for our Symantec clients. In SEPM, if you go to a client's Properties and click the Network tab, there is a Last Connected IP field listed at the top. This isn't necessarily the same as the main IP address listed for the client - the main IP is usually a private IP and the Last Connected IP is external.

I haven't found a report that includes this information; I've tried the Computer Status>Client Inventory Details report and the Computer Status log, but the external "Last Connected IP" is included. I am also unable to locate the attribute in SEPM's SQL database to query it, although I know it must be there somewhere. 

Can anyone find a way to retrieve a list of Last Connected IPs?

0

Old EndPoint Installer->Windows 10

January 20, 2017, 11:54 am

≫ Next: Does 12.1.6RU6 client require 12.1.6RU6 server

≪ Previous: SEPM - Query Last Connected IP Field

$

0

0

I need a solution

Hello,

Recently a florist was attempting to install their vendor's included copy of Endpoint.  The problem is the vendor has not updated the software in a Greek age and therefore the FTP is offering 12.1MP1, something well before Windows 10 let alone AE.  The goal is to install EndPoint with a newer install, as that one will not complete, and employ the license included from the vendor's dated EndPoint.  Can anyone assist in this process?

Thank you in advance.

Ryan

0

Does 12.1.6RU6 client require 12.1.6RU6 server

January 20, 2017, 1:55 pm

≫ Next: AVRunningStatus value = 2

≪ Previous: Old EndPoint Installer->Windows 10

$

0

0

I need a solution

Hello,

I have a 12.1.6Ru5 SEPM server and users would like the 12.1.6RU6 SEP. Do I need to upgrade the server or how can I make the RU6 SEP client available?

Thanks

0

1484961710

---

AVRunningStatus value = 2

January 21, 2017, 4:49 am

≫ Next: Internal Error while accessing SEPM Web Console

≪ Previous: Does 12.1.6RU6 client require 12.1.6RU6 server

$

0

0

I need a solution

Running SEP 12.1.7004.6500 and finding AVRunningStatus set to '2' in the registry. Usually is '0' for disabled or '1' for running. Hoping to find out if '2' is valid or an indication of corruption. SEP appears to be working fine. Searched online without success. Thanks for your help.

0

Internal Error while accessing SEPM Web Console

January 23, 2017, 5:42 am

≫ Next: SEP 14 unmanaged MSI - need to prevent restart

≪ Previous: AVRunningStatus value = 2

$

0

0

I need a solution

Hi,

we are getting an internal error when trying to log in to SEPM web console. It does not matter if you try to log in remotely or locally from the SEPM.

The error is just "Internal Error - The request resulted in an internal error."

This has started just recently and what makes it interesting is that on some SEPMs you can log in but in the others with exact same configuration you cannot.

Have any of you guys seen this lately? Also, I know how to google so I have been trying all the tricks that was suggested in the past but without any success.

0

SEP 14 unmanaged MSI - need to prevent restart

January 23, 2017, 6:35 am

≫ Next: Clients are not reporting into a new SEPM with same hostname and IP as the old SEPM.

≪ Previous: Internal Error while accessing SEPM Web Console

$

0

0

I need a solution

A handful of our clients need to run SEP in an unmanaged state because they rarely, if ever, connect back to our network.  I set up an install using the MSI and I use the property SYMREBOOT=ReallySuppress but the client still restarts after the install.  I believe it is the symantec software itself and not the installer which initiates the restart because of what I found n the event viewer (below).  This unexpected restart is throwing our Operating System Deployment procedure into an error state.  (We use Microsoft SCCM). 

Here is a snippet from the System event log:

Event 1074

Source User32

Detail:

The process C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.1904.0000.105\Bin\ccSvcHst.exe (COMPUTERNAME) has initiated the restart of computer COMPUTERNAME on behalf of user NT AUTHORITY\SYSTEM for the following reason: Legacy API shutdown
 Reason Code: 0x80070000
 Shutdown Type: restart
 Comment:

0

Clients are not reporting into a new SEPM with same hostname and IP as the old SEPM.

January 23, 2017, 10:09 am

≫ Next: SEPM 12.1.4

≪ Previous: SEP 14 unmanaged MSI - need to prevent restart

$

0

0

I need a solution

Clients are not reporting into a new SEPM with same hostname and IP as the old SEPM.

The only thing I can see being different are the policy serial numbers. SSL on the new SEPM is disabled.

I ran the SymDiag tool and it says client\server communication is fine.

What am I missing?

Thanks, Steve.

0

1485203393

SEPM 12.1.4

January 23, 2017, 11:12 am

≫ Next: SEP 14 Clients Not Updating Definitions While Pending Reboot for Client Upgrade

≪ Previous: Clients are not reporting into a new SEPM with same hostname and IP as the old SEPM.

$

0

0

I need a solution

Hi,

I have SEPM 12.1.4 running to update few Windows 2000 machines with SEP 11.0.6 installed. I used to get virus def for this old version but recently stopped updating. Are virus def not being created for sep 11 anymore?

0