Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all 10484 articles
Browse latest View live

Endpoint Clients Components Malfunctioning/Corrupt Definitions

March 31, 2017, 7:20 am
$
0
0
I need a solution

Hello everyone. This is going to be a long one, so I will try and be as brief as possible.
First, here's some background: 

We have Symantec Endpoint Manager, and clients with version 14.
We've migrated from 12.1. (some older PCs that run Windows XP still have 12.1.7 due to OS limits).
I work in IT, and I manage all of this. We have about 70 PCs and Servers linked up to the manager.
The clients have been saying they're definitions are failing (components are malfunctioning) at random. 
Usually, the manager shows it's the Download Insight. Sometimes, the Tamper Protection. Sometimes, SONAR. Sometimes all. But the clients will always show them all malfunctioning if you went to the PC.

We've had our Symantec Manager migrated from a physical server, to a new VMWare virtual server while it was at version 12.1.
After that, I noticed a lot of clients started saying they were "Out of date". The reason was because of these failing definitions. Brand new computers that we would install it on would start saying this. It was not just our PCs we've had no problems with. 

Long story short, I've put in 2 tickets to Symantec support, clean wiped and reinstalled Symantec numerous times on many of the clients (including via push in the manager), played with the policy settings to try and eliminate it being a network problem (getting updates from the manager). I've even clean installed the SEPM onto another separate VMWare server, updated communication with all of the clients, pushed version 14 to as many clients as possible (not including Windows XP machines). I still have clients saying they are "Malfunctioning". I've even tried installing clients without the Download Protection component. Either other components malfunction, or they say that the Download Protection defs are out of date (because it's not updating because it's not installed). This all took place over 2 months.

I put in a third ticket to Symantec seeing if they have something like their SymTool.exe that can clean the definitions remotely. It seems to help, but some computers will still show malfunctioning after rebooting. Even then, I can't clear the manually, because I have not been able to get around Symantec's folder security. Since I have no other solution yet, this is all I can do. The last thing the tech told me was to go around to the PCs and do "smc -stop", "smc -start". There's no way in h*** that I'm going around to all of the computers to stop/start the Symantec services to fix the malfunctioning components each time they mess up. Which, may or may not solve my problem, because it seems that the problem returns after a reboot. I've enabled Group Providers to further eliminate any network problems.

I've come to the forums to see if anyone has had this issue, and if they've tried anything that may have helped.
I'm at my wits end. I don't know if it's something installed in Windows like updates, web browsers, a service/process. It could possibly be that Symantec has memory problems, or some kind of bug. I know there's many posts about people having this problem, but after a lot of Googling, it seems there's not a permanent solution.

If anyone has any tools to clean defs, or any insight on how I can isolate any network issue with SEPM, or know of any programs/services interfering with SEP, or just any firewall rules that I need to add (even though Symantec should be compensating for it's on communications), it would be great. If anyone would like information on some of the things I've done, I would be glad to share that also.

Thank you for your help, and thanks for taking time to read this.

0
Search

SEPM criteria to show clients online or offline

March 31, 2017, 11:46 am
$
0
0
I need a solution

Hello,

I am using SEPM 12.1.6 (2700 clients), I am interested to know, what is the criteria or time limit of SEP Manager to show a client online.

Suppose one of the client is showing online (green) in Client view in Manager console, and if I shutdown that machine, in console how long time manager will take to show this client as offline.

0

CVE-2016-9093, CVE-2016-9094 - Mitigation

March 31, 2017, 1:13 pm
$
0
0
I need a solution

I am running SEPM 12.1 RU6 MP5 and the same version of client.  I noticed in the mitigation it just says to update the client to MP7.  I downloaded the Full Package and noticed there is a newer SEPM 12.1.7166.6700.  Are there any notable changes to the SEPM?  Should the SEPM and SEP "normally" be the same version?  I will be patching and I wanted to make sure I could just patch the clients without issue.  Thanks! 

0
1490991857

SEP Firewall - enable and disable

April 2, 2017, 4:13 am
$
0
0
I need a solution

How can I generate the report for the systems from SEPM where administrators are disabling the firewall manually ?

0

Unable to deploy version 14 install package over network

April 3, 2017, 7:04 am
$
0
0
I need a solution

Hi,

I'm trying to update our network endpoint clients to SEP 14.0.2332.0100 (from 12.1.7004.6500).

I've deployed it to one group of 6 clients and it updated without any issues (restarting over night as per the schedule).

The next group I've tried to deploy it to contains 22 clients and only 8 of the have updated. The rest all show 'The client is ready to accept the upgrade package' and 'Client has accepted the upgrade package, version 14.0.2332.0100' but they don't seem to be upgrading.

Both 64Bit and 32Bit install packages are available to the group and the upgrade schedule is: From 14:00 to 17:00 and distribute over 1 day (reduced it to within office hours and over 1 day in an attempt to have the user present when the restart machine box appears).

Any ideas?

0
1491232039

SEP 14.0 MP1 2332 ccsvchst.exe continues scanning when defwatch is off

April 1, 2017, 1:37 pm
$
0
0
I need a solution

This is a continuation of https://www.symantec.com/connect/forums/scheduled-...

I have installed v14.0 MP1 2332 on a 2008 client hoping that it would stop ccsvchst.exe from scanning at random intervals and it has not. I have unchecked "Scan after arrival of new definitions" and I can see form the logs that that has not happened since i unchecked that box but ccsvchst is still scanning. see screenshot:

newCapture.JPG

The backend is sepm v14 running on 2012r2. Last check in time is in screenshot below

newCapturetrouble.JPG

0

Basule emplacement

April 3, 2017, 3:32 am
$
0
0
I need a solution

Bonjour,

Tous nos clients rencontrent des problèmes de connexion réseau, quand l'utilisateur reconnecte le poste sur le socle.

Ils ont du mal à récupérer leur réseau en passant di Wifi Entreprise au réseau public.

Après une première analyse, il semblerait qu’il y est deux adresses IP qui rentrent en contact (celle d’Ethernet et celle Wifi).

De ce fait SEP trouvant cela anormal, applique ça règle, jusqu’à temps qu’au bout de quelques minutes, le Pc sélectionne l’IP Ethernet.

Y aurait-il une configuration à mettre ne place coté SEP afin dès que le poste soit en Wifi ou Ehternet ?

Le temps de la bsacule est de 4 secondes

Merci par avance

0

Performance issues on HVM Windows Machines

April 3, 2017, 8:07 am
$
0
0
I do not need a solution (just sharing information)

Hi,

We are having a problem with AntiVirus solution. We are running XenServer environment with HVM Windows machines
The storage is a set of RAID10 SSDs. When we installed AntiVirus on those Windows machines we could see a significant drop of the performance.
We have performance tool which measures certain values on those Windows machines. It seems we can't find the reason why this is happening.
1. Significant impact on writing throughput
   Without AV:              190%
   With AV:                 150%
   Current physical:        160%
2. Significant impact to CPU (generating data to write)
   Without AV:              160%
   With AV:                 107%
   Current physical:        108%
3. Significant impact to SQL insert statement <- primary problem
   Without AV:              4.5s
   With AV:                  19s
   Current physical:        1.4s (dedicated SSD helps this)
   
   
Our INSERT test directly inserts 10000 rows via JDBC into a test table. 
a.    these rows all have the same content: a single long value and 9 text columns, around 200 Bytes per row
2.    The select test runs a single SELECT statement via JDBC on the test table: 
a.    SELECT * FROM test_table WHERE ID > 0
-> That should return approx. 2MB in total (10000 records of around 200 Bytes each)

Can you please explain why or what can cause this issue ?. This is the first time we have seen something like that.
Many thanks for your help.

Regards,
Luke J.

0
Search

Should We Upgrade to Endpoint Protection Manager v14.0.0MP1 ?

April 3, 2017, 9:49 am
$
0
0
I need a solution

Hi all.

We have Endpoint Protection Manager 12.1 RU6MP5.  As its performance is dreadful and it's riddled with bugs, I'm considering upgrading to v14.0.0MP1.  Is it worth upgrading ?  Does the newer version have better performance and fewer bugs ?

The issues I'm referring to relate the SEPM console.  Often information does not display and workarounds have to be employed, such as rescaling and refreshing the browser.  The console is achingly, painfully slow.  The console connection timeout setting is ignored and and admin user is randomly chucked out after a few minutes of inactivity.  And the list goes on ... Point being I'm just telling you about these issues as I know someone will ask.

So is it worth upgrading ?  Is v14 any better ?  Honest and impartial answers only please!!!

0

Mac OS 10.12.4

April 3, 2017, 10:39 am
$
0
0
I need a solution

Hello,

Can someone tell me what versions of SEP support Mac OS 10.12.4? I am running 12.1.ru6 mp5

0

Unable to open secured email .msg file more than once that saved on desktop

April 3, 2017, 7:55 pm
$
0
0
I need a solution

Hi,

I had XXX add-in that sign & encrypted emails (the secured email will be embedded with a lock and attachment icon) and also had SEP Outlook Add-in in the Microsoft Oulook.

I had issue opening secured email (.msg) file more than once that was saved on the desktop. Error message prompted "We can't open 'Path Directory\XXX.msg' It's possible the file is already open, or you don't have permission to open it. To check your permissions, right-click the file folder, then click Properties."

However, I had no issue opening secured emails in Microsoft Outlook pst and ost, but only .msg file saved in desktop. Previously without the SEP Outlook Add-in, we does not encountered the issue too.

My vendor claimed that SEP Outlook Add-in was not doing anything to the secured emails saved on desktop as SEP Outlook Auto-Protect was not enabled, thus it will not be scanning emails and attachments if any. Is this correct?

Based on the testing we conducted as shown in the table below, the secured email was able to open more than once after disabling the SEP Outlook add-in. If SEP Outlook add-in was enabled, the secure email will not be able to open more than once with encountered error message unless we modified the file attributes to "Read-Only", then we will be able to open more than once successfully. In scenarios 1 & 2, XXX add-in was enabled and the difference lies on SEP outlook add-in. 

My claim was when SEP Outlook add-in was enabled, user only need to modified the file as read-only to make SEP Outlook Add-in believe that there is no modification of the secured email (Saved on Desktop). Restart Outlook, SEP Outlook Add-in scanned and discovered that the secured email will not be able to modify and allowed the file to be open more than once. Is my understanding correct?

What does SEP Outlook Add-in do? Attachment scanning and Auto Protect?

Does SEP Outlook Add-in do attachment scanning on .msg files saved on desktop? Even when SEP Outlook Auto-Protect was not enabled? 

Note: We should not be disabling XXX add-in as it will defeat the purposed of the secured email. When we disable XXX add-in, the secured email is no longer consider as a secured email but as a blank email.

No.

XXX add-in

Symantec EndPoint outlook add-in

Secure Email

Normal Email

1

Enable

Enable

Unable to open more than once as a SECURED EMAIL on the desktop.

Unless set the .msg attributes as "Read-Only". Restart Oulook and the Secured Email can be open more than once.

Open Twice Successfully as a Normal Email on a desktop

2

Enable

Disable

Open Twice Successfully as a Secured Email on a desktop

Open Twice Successfully as a Normal Email on a desktop

3

Disable

Enable

Open Twice Successfully as a Blank Email on a desktop, not open as a Secured Email.

Open Twice Successfully as a Normal Email on a desktop

Thanks and Regards,

Ash 

0

Your email server was unable to be sent because your mail server rejected the message 550 5.7.1. client does not have permission to send as this sender. 1003, 10.

April 3, 2017, 9:38 pm
$
0
0
I need a solution

Hello All,

User is creating a code where it executes and sends two emails from our company portal 1. To the user and 2. To the approver / user's manager. However it was working fine before and after period of time it stopped now and it gives an error message as below :-

"Your email server was unable to be sent because your mail server rejected the message 550 5.7.1.
cleint does not have permission to send as this sender. 1003, 10."

Please advice !!!

0

ITAnalytics For EP 14 MP1

April 4, 2017, 6:52 am
$
0
0
I need a solution

Hello,

i have some question about ITAnalitics usage whit EP 14 MP1:

is it compatible ?

do i need a licenece for it ?

does some documentaion existe for intsalling and using ITA whit EP 14 management console ?

Thanks

0

Client is receiving policy updates, but fw rules not applying

April 4, 2017, 2:52 pm
$
0
0
I need a solution

Client is receiving policy updates, but fw rules not applying

Dropping a new client in existing group.  Policy is updated, client appears to be working normally, however fw rules and logging is not applying??

I have no clue where else to go with this.  Have verified everything in SymDiag, dug through every log I can find.  Enabled client side debugging..

I cannot figure out why 2 clients in the same SEPM group act totally differently.

Possibly missing something easy here???

0

Supported 3rd Party Deployment Tool

April 4, 2017, 4:53 pm
$
0
0
I need a solution

Hi All,

Good day! Is there a symantec whitepaper that shows the list of supported 3rd party deployment tool, such as SCCM, Tivoli, etc.. Thank you.

Regards,

Roy Bacani

0
Search

Symantec Endpoint Protection managed client trial license key issue

April 5, 2017, 1:59 am
$
0
0
I need a solution

I am deploying SEP14 with trial key while waiting for our actual key to arrive. I was told by our supplier the trial key cannot be replaced with actual key. We have to unstall the SEP manager and export the manage client exe file again. All managed client have to be uninstalled and resinstall with the new managed client exported exe file. The trial key software that i downloaded from Symantec website can only be activated with actual license within US only. I have 130 user in HQ office and 60 user in branch office. So is this true. Appreciate any advice. Thanks.

0

End of Support Life for Endpoint Protection 12.x

April 5, 2017, 2:36 am
$
0
0
I do not need a solution (just sharing information)

Hello all,

The new SEP 14 has been available since October 2016.  Just raising awareness that, as is normal and expected, the clock has started ticking down for the older version SEP 12.1.  Originally released in July 2011, SEP 12.1 will reach its End of Life in coming years.  Full details, dates and a FAQ can be found in the following article:

End of Support Life for Endpoint Protection 12.x
http://www.symantec.com/docs/TECH239769

I recommend migrating SEP 12.1 endpoints and management components to the newer SEP 14 in the medium term rather than putting it off to a far distant date.  The improved security features in SEP 14 are proving to be excellent at stopping malware.

Upgrade or migrate to Endpoint Protection 14
http://www.symantec.com/docs/TECH236071

0

Is anyone using SEP 14 MP1 in a production environment with at least 1000 clients?

April 5, 2017, 8:12 am
$
0
0
I do not need a solution (just sharing information)

I have been testing SEP 14 MP1 in the lab with 20 clients since it came out.  It seems to be working fine, but many of the issues on the forum mentioned that it worked well in a lab, but issues were seen after pushing out to a larger population.

Currently running SEP 12 RU6 MP7 on 2000 windows clients with no issues.  But management has heard about the new features of SEP 14, and are interested in the increased protection.

I just don't know if the current reported issues are isolated to specific environments and if the majority of SEP 14 installations are running fine or not.

So I am curious if anyone is running SEP 14 in installations of around 1000 clients or more, and what, if any, issues are being seen.

Good or bad, please respond so that I and others can get a feel for the number of production installations using SEP 14, and advice on whether to proceed with a upgrade, or wait for another maintenance patch and go from there.

Thank You,

Robert.

0

What is size of client package from SEPM 14.1 to SEP 14.1 client

April 4, 2017, 2:59 am
$
0
0
I do not need a solution (just sharing information)

Hi Team,

What is size of client package from SEPM 14.1 to SEP 14.1 client. and what is method of upgrade for future clients.

0

Email Settings for SEPM

April 4, 2017, 6:20 am
$
0
0
I need a solution

Hello All,

I am having issues setting the email server for Symantec Endpoint Protection Manager, the server setting are as follows: smtp.office365.com and port 587 with SSL enabled. We use an external Microsoft Exchange server and I created an email address called symantecmanager@emaildomain.com and when I tried to set up the email server withing SEPM I got the following error. The server version SEPM is 12.1.7061.6600.

Any help will be appreciated Capture.PNG

Kind Regards

Zak

0
Viewing all 10484 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>