I have found a new detection alert from Symantec endpoint Manager as
When i check the Sonar Logs, I dont find any detections related to this.
This is my first time and i need to know, what needs to be done for such detections?
Hi,
We have customer who are has VDI environment @ Client site
Current VDI environment@ client side
One image shared by 50 clients through Thin client Platform is VMWare ESXi
Now in this Environment, where & How we can install SEP client?
appreciate any help
Hello,
Our company currently has 12.1 RU6 MP5 installed on all clients, a mix of laptops and servers, approx 200 total. Laptops are running both Win7 Pro/Win10 Pro, servers primarily Server 2012/R2. We are considering upgrading to v14 and wanted to ask if any admins have had any negative results or "gotchas" with their upgrade.
Thanks!
I am running with an external SQL database and this is primarily a Virtaul Environment. Our Cyber Security Team is requesting justification for javafx.com that shows up on my server. Can anyone tell what is the purpose of this?
Greetings,
In SEPM, I've been trying to create a policy to restrict our XP machines to our LAN only.
I figured it would work similarly to an ACL, so I've made a Firewall policy that is set so the first rule allows all access to our local LAN (Allow Local:Local Subnet) and the second rule denies all traffic, both are checked as enabled, as is the policy itself. I applied the policy to a test group, but any machines I place in the test group can still access exterior sites.
I've pushed the Update Content action to these hosts as well as restarted them, still no dice. Any ideas of what I'm doing wrong or is this just not possible to do with SEP?
Thanks in advance.
i just try backup my sep, and succesfully and then i try to restore sep database to another server, and then any issue, my issue is : why client-client in new server is no update? but in sep manager date is update, how to update client2 in new server
thx all
pls help my sepm v.12 mp3 cannot backup database, error command : " Backup failed due to a databse problem [Sybase][JDBC Driver][SQL Anywhere] connection terminated
thx all
Hi There,
I'm using SEPM 12.1.6, we did update recently, and found "insufficient disk space" logs are not being forwarded to Syslog server from which we are able to fetch the clients which are running on low disk space(because of which SEP clients can't perform updates or scans), and i verified all the log forwarding settings which seems normal. Only "insufficient disk space" logs are not being forwarded, remain all logs are being forwared to Syslog, can anyone please help me how to fix this problem?
Thanks,
Phani.
I have a script that downloads jdb files daily. This morning after entering anonymous, I get Invalid command.
ftp
ftp> open ftp.symantec.com
ftp> anonymous
Invalid commnd.
I do not think this is a firewall issue as it does get past the open command.
I'm looking for a report that will list the machine names of all machines with virus definitions > x days. I can get a report that lists the number of machines with each signature and a report of machines "not recently updated". Any help would be appreciated.
Hi all,
I know that there is a SEP HI template for checking to see if SEE is installed and running. However , what I require is
a script or what to add to get SEE downloaded from a local server and then start the install?
Anyone use SEP HI to get SEE installed yet? and working?
How do I know when the SEE instal file is downloaded to start the installation silently?
Thanks in advance for any assistance as always
I do some consulting about Windows Deployment for my company, so I have to use Microsoft Deployment Toolkit (MDT) to prepare USB sticks when I need to deploy Windows by using offline media.
Microsoft Deployment Toolkit has an Import Operating System operation that copies all files from any drive to the shared folder and It its failing when starts coping:
It says "Access is denied".
I then ran Proccess Monitor from Sysinternals and found nothing about ACCESS DENIED with the Count ocurrences feature. I asked the guy responsible for the AntiVirus here in my company and told me they have some security policies for some kinds of files like .INF, .LNK, and they would not create an exception.
I decided to run Process Monitor from Sysinternals and see what was going on. I searched for autorun.in and found some operation at the end of the trace; however, it seemed like everything was just find, but I remembered that Procmon would not see anything from kernel mode, so I opened the stack trace and found that SYSFER.DLL, from Symantec, was injected in the file operation:
| 9 | SYSFER.DLL | SYSFER.DLL + 0x19c19 | 0x74679c19 | C:\Windows\System32\SYSFER.DLL |
When I opened the properties it said that it belongs to the Symantec CMC Firewall sysfer.
I then ran Autoruns and fount that there was a driver called SysPlant.sys that had the same description, but I could not stopped from whitin Windows, obviosly.
I created a Windows PE media, copied Autoruns.exe and booted the machine from the PE media, using an USB stick. I ran Autoruns, went to the Drivers tab and disabled the SysPlant.sys driver; I restarted the machine and now I was able to import the operating system using MDT.
So... have a couple of questions:
1. What is the relationship between SYSFER.DLL and SYSPLANT.SYS?
2. What does Symantec CMC stand for? What does CMC mean?
3. Is there anything I can suggest to my company so they can keep the policy and I can work with MDT?
Thanks a lot!
Hi,
I'm trying to install SEP client 12.1.7004.6500 on Win10 via single application in a task sequence. After the deployment completes, it comes back with:
Application Install - Symantec Endpoint Protection - x64 returned sn unexpected error code: 1639
I'm using the same command line that I use for the SCCM installation that's working nicely:
msiexec /i "Sep64.msi" /qn SYMREBOOT = ReallySuppress
I have another msi application (NetSupport Notify) that is returning the same error upon completion of the deployment, and another msi application that is installing fine. Any advice is appreciated!
-GB
I need to create an exception for an EXE that resides in D:\users\******\appdata\local\etc\****.exe
The first asterisks are the username and we have about 900 users, so the EXE in question is living in each one of these users profiles. The issue is this, when a user logs onto the environment, they are connected to 1 of 15 servers and this profile listed above is then copied to that server while they are logged on. When that copy happens is when the EXE is being caught.
How can I create an exception for this file no matter when or where it is found on the network?
Using Visual Studio 2015, part of our build and test process, generates an intermediate executable, which I will call test_example.exe.
Symantec Endpoint's SONAR tool is repeatedly quarantining this executable, blocking my development.
Removing the executable from quarantine is not helpful because the file is quarantined when it is needed.
By the time I can remove it, it is too late.
I also tried to disable the quarantine by going to:
Symantec Endpoint Protection->Change Settings->Exceptions->Configure Settings->Add
and added the directory path where the file is created.
However, the file is still being quarantined.
I'd rather not disable Symantec Endpoint, as much as that is a security issue.
Thank you!
I have a user that is trying to download and install a legitimate application. The file is able to be downloaded. On executing, the app seems to create an executable in a randomly-named temp folder. Because the temp folder is randomly created, I am not able to provide a full path to the executable for exclusion purposes.
How can I deal with files like this?
Error message snippets:
At least one security risk found:
Risk name: Trojan.Gen.8
File path: C:\Users\username\AppData\Local\Temp\is-KSG9M.tmp\PTDownloader.exe
At least one security risk found:
Risk name: Trojan.Gen.8
File path: C:\Users\username\AppData\Local\Temp\is-OV65Q.tmp\PTDownloader.exe
At least one security risk found:
Risk name: Trojan.Gen.8
File path: C:\Users\usernamel\AppData\Local\Temp\is-16R5O.tmp\PTDownloader.exe
At least one security risk found:
Risk name: Trojan.Gen.8
File path: C:\Users\username\AppData\Local\Temp\is-5QRS1.tmp\PTDownloader.exe
These are all multiple attempts to download the same file. How can I allow the users to download this file?
Hi,
After ugrade from SEP 12 to SEP 14 by using vmware, some of the clients facing BSOD.
Is that any solution for this problem ?
Thanks.
Hi, There
Recently I have a SEPM server running fine (204 Clients) with SEPM 12.1. However, due to some clients PC having licenses expired. And newly purchase licenses had became version 14. It looked like I am be enforce to upgrade current client to latest version 14. Kindly advice the procedure to upgrade the SEPM & Client licenses. I have total of 19 licenses in Version 12.1 haven't expire. Looking forward for your reply.
Best regards,
Wee
I am experiencing some issues and it does not appear to be any consistency except for the version 14 client.
let me explain...
We have various OS versions in play here any it is not limteded to a specific OS. these issue are being experienced on server 2008R2, 2012R2 and 2016
The issues occur on servers that have different work loads on them ( meaning: it happens on a SQL box, Exchange box, files server, etc...) it does not seem to be application specific is what I mean.
Now to the importan part, what are my issues you ask:
Issue 1: we have a small handful of servers that are showing outdated virus definitions. I have a notification set to email me if a client is showing outdated definitions older than 3 days. so far, one client meets this criteria (that it is 3 days old) the other clients (3 of them) are not quite 3 days old yet, but will be.
Each server is showing a last communication time with the server as recent. within hours in the same say
the servers have free space. 2 servers are 2016 and 2 and 2008R2. In this particular case, all these servers are VMs. what else can i look at for this?
Issue 2: a much larger portion of servers are show very very old last scan dates. if i look at the scan logs of these clinets, they are showing that they are still scanning and have not completed. if it was a file server or a vm server, i would accept this within a day or two. But i have clients showing as old as Jan 22nd. thats not right.
The mix of server (OS wise) is larger. 2008R2 - 2016; VMs and Physicals are affected. Also, the server applications are all over the place. SQL, Exchange, a proxy server, file servers, VM hosts etc...
I have issues an update content and scan command from the managemer console and it does not work. I have rebooted the boxes manually (as part of windows updates and maintenance cycles. this helped for some but not all. if anything it just changed the last scan date to that day or the day after not nothing more.
I am up for suggestion, i will upload logs, i will provide you with any additional infomation you need. please let me know what you need.
Thanks,
Ian
Currently running SEPM 12.1.6 on Server 2008 32bit, and want to upgrade to SEPM 14 but it no longer supports 32 bit, so I would like to install SEPM 14 on a new Server 2012 64 bit. Running SQL on a different server that is compatible. Server name and ip will be different for the upgrade to SEPM 14. Looking for the best route to take.