Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all 10484 articles
Browse latest View live

netstat.db-wal grows out of control

April 5, 2017, 8:56 am
$
0
0
I need a solution

My apologies up front. I'm very frustrated.  EndPoint 14.0.2332.0100 has been nothing but one frustration after another. One gotach after another.

Anyway, after reading multiple artlces on 14, ones I wish I'd read before leaving 12.1.7, it's really becoming clear Symantec doesn't release a stable version of EndPoint until a dozen or so builds later. Right now I'm ready to go back to 12.1.7166.6700 after the problems with 14.0.2332.0100.  I think I'd spend less time reconfiguring 12.1.7 than trying to deal with 14.  The latest problem is netstat.db-wal is making equipment unusable because Symantec doesn't appar to know how to stop it from consuming 100% of available disk space.  https://support.symantec.com/en_US/article.TECH239793.html implies this should have been fixed by now with new defintions, the article is a week old so surely new defintions have been released by now, but clearly it hasn't given my latest server at 0 bytes free space.  The article also only addresses an OLD version of 14, 14.0.1904.0000.105, NOT the current 14.0.2332.0100 so I guess those of us on MP1 are just out of luck for a new .dll.

A call to support got me a rep who told me 'uh, there's a known issue' and all he wanted to do was "consult" a senior tech.  That's ridiculous.  After 30 minutes I finally asked for a supervisor.  If your front line reps have to consult with other reps, just escalte the call to that rep so there's no lost-in-translation and lengthy delay issues between one tech and the other.  It's also a TOTAL waste of the customer's time to do this back-and-forth consulting.  When customers have equipment becoming unresponsive and unusable becuase of your buggy product, at least show us the respect of getting people on the phone who know how to address the issue without telling us an escalation call back is at least 24 hours away.

Anyway, has anyone figured out a fix for this issue?  smc -stop and smc -start do indeed reduce the file size, but then I get the error saying "Firewall is not functioning correctly. Your definitions damaged or your product installation may be corrupt." This time a reboot fixed it, but rebooting a production server is not always convieient and the two times before that a reboot didn't fix it, the only solution was to CleanWipe and reinstall.  

So again, my apologies for being so frustrated, but this is just not acceptable code for Symantec's flagship "enterprise" security product.

0
Search

Install package not working on Win 10

April 5, 2017, 9:39 am
$
0
0
I need a solution

When I create a SEP 14 deployment package (from SEPM 12.1.5) it won't install on Win 10. I get a generic Windows error saying "This App can't run on this PC"

If I download the SEP standard client and install it on the same Win 10 system then it goes on with no problems.  Is this because I'm creating it in SEPM 12.1.5?

0

No definition updates if no one logs onto workstations

April 5, 2017, 10:09 am
$
0
0
I need a solution

I have a few worksations that are used rarely. I am constantly getting email warnings that these machines have outdated definitions.

I log into these workstations and they update automatically and all is well for a couple weeks

Is there a reason why these workstations do not update their definitions without a login or reboot?

Thanks

George

0

Clients have stopped auto upgrading from 12.1.7 to 14

April 5, 2017, 12:27 pm
$
0
0
I need a solution

I would like to reference this post, which was marked as solved, but wasn't really solved since the customer simply found a way to work around the issue.  I would also like to point out that my organization is experiencing the exact same thing:  https://www.symantec.com/connect/forums/clients-have-stopped-auto-upgrading-1217-14#comment-11767431

Test upgrades went fine, as did the initial auto-upgrade process for most clients.  Around 60% of the clients auto-upgraded from 12.1.7004.6500 to 14.0.1904.0000, then suddenly, the auto-upgrades stopped.  We have no bandwidth limitations in place, no throttling, etc.  All of these clients are on the internal network, and all are Windows 7, 8.1, or Windows 10.  For redundancy, and because of network routing issues, we have a separate SEPM server installed in the DMZ, only to manage Windows servers.  These also stopped auto-upgrading.  Same SEP client versions (old and new).

I've tried forcing a policy refresh from a few of the clients, made sure the last check-in time is the current time and checked the application logs, and the install isn't even attmepted on the client.

I enabled Sylink logging, moved a problem client to a new upgrade group with the same upgrade package assigned that was working before and have the logs available.  Can someone let me know what I should be looking for?

0

Any issues with Win10 Creators Update and SEP 12.1.6_MP6? (or ver 14 too)

April 5, 2017, 1:33 pm
$
0
0
I need a solution

I saw issues with SEP ver 14 so I'm still on SEP 12.1.6_MP6, the last upgrade on ver 12 I believe.  Programs and Features on a client machine lists 12.1.7061.6600.

I'm going to test out installing SEP 12.1.6_MP6 on an insider preview fast track Win10 test machine.  When Anniversary Edition came out SEP had issues and prevented the AE upgrade.  I don't mind manually doing the upgrades.  TH2 had very little issues and was practical invisible for the upgrade process.

Is anyone having any issues with the Creators Update for Win10?  It would be an insider preview machine so not a perfect match for the April 11th release to Current Branch, but it should tell us if there will be issues.

For others, any issues with ver 14 of SEP and Creators Update?

0

Quarantine vs. delete -- How does SEP determine that?

April 5, 2017, 2:35 pm
$
0
0
I need a solution

SEP is catching viruses on user machines.  Yeh!  In the alerts I see sometimes the file is quarantined.  Other times, it's deleted entirely.

How does SEP determine whether it will quarantine or delete something it flags?  It would be default settings for this.

0

How to move all my users to ver 14?

April 5, 2017, 2:44 pm
$
0
0
I need a solution

We're still on ver 12.1.6_MP6.  So is the server.

For ver 14 it sounds like a clean install is recommended (or the only option).  Uninstall SEP ver 12.  Install ver 14.

With users in several locations, desktops and laptops, etc. I don't see that being possible even if it's all automated, not to switch all users to ver 14 at once.

Standing up a new SEPM ver 14 server might be an option.  Easy way to move to a newer OS, and it's a fresh SEPM install of ver 14.  

I was told our license covers our current ver 12 and ver 14.  

Is it an option to keep our ver 12 SEPM server and ver 12 SEP users and set up a completely separate ver 14 SEPM server and start installing ver 14 on user machines?  Or can ver 12 user machines still pull updates from a ver 14 SEPM server?  I'm not seeing a way to switch to ver 14 without standing up a new server, at least not a way that doesn't leave machines hanging for a while.

0

Symantec console is automatically logoff after few hours(approx 2hrs)

April 5, 2017, 9:11 pm
$
0
0
I need a solution

Hi,

I have installed symantec console in my local machine.it is automatically logoff after few hours.I want to open the console continuously​(for monitorng).How to open the console continuously?

0
Search

Linking standalone client to SEPM

April 6, 2017, 2:33 am
$
0
0
I need a solution

I believe there is a way to link a standalone SEP client to SEPM (as opposed to having used a deployment package generated from SEPM) using a syslink.xml file.

Does anyone have any details on how to achieve this please?

If it makes any difference, this would be SEP 14 on Win 10, connecting to a SEPM 12.1.5 (and yes, I know SEPM needs updating!! Just need a quick fix for today)

0
1491484628

Facing issue with SEPM Sonsole Login with respect to TLS

April 6, 2017, 2:55 am
$
0
0
I need a solution

Hi,

Tried configuration settings and tried enabling only TLSv1.2 as per the below KB article, however unable to login to the SEPM console

https://support.symantec.com/en_US/article.TECH225...

Also observed that in case TLSv1.0 is enabled there are no issues

Hence, need to know whether there are any dependencies for TLSv1.0 protocol while logging in to SEPM 12.1.6 MP6 console.

Regards.

0

Any way to know if Cloud Defs arrives OK or not?

April 6, 2017, 5:26 am
$
0
0
I need a solution

Hey all,

Just playing around with SEPM v14 - very impressive so far!

Question: I installed the Standard client which means it's getting the defs from the 'Cloud'. But how do you know if it's actually grabbing the defs from the Cloud? Does it make any mention of it in the SEP client logs?

All I am seeing is this under View Logs -> Client Management -> View Logs -> System Log

"Downloaded new content update from the management server successfully" with the remote file path as my local server. No mention of the clouds defs.

Am I looking at the wrong place? If so, where should I look at? :)

Thanks all!

Tony

0

Application a Device Control policy not enabling exempt devices on client machines

April 6, 2017, 7:45 am
$
0
0
I need a solution

Hello,

I work for a L-3 Technologies division in the IT department.  We just recently (within the last month) upgraded our SEP Management server to Ver 14 MP1 build 2332.  We have upgraded two laptops on our network for test purposes and they're the only two machines currently showing this issue.  Since that upgrade we have had problems adding/enabling Device Hardware exemptions to the Applications and Device Control Policy our Corporate office gave us.  I may just have to end up talking with them but wanted to also try the forums to see if there was a known bug.

We usually just plug in the USB device drive (Flash drive or external, etc.) to a client machine and the device would disable via the policy.  We then go in to Device Manager and go to the properties of the disabled devices.  Some of these have two drivers (one for CDROM and one for drive) that we copy the Device Instance Paths for.  Once we'd add them to the exemption list the devices would eventually be enabled (might take 10 mins to a half hour).  Since we upgraded the SEPM console though the two laptops that are in our test group can't get any of the device drivers to enable and install.  Is there a known bug with this SEPM and client versions concerning exempting devices?

0

Http Error 407 Connection Status w/SEP 12.1.6

April 6, 2017, 1:14 pm
$
0
0
I need a solution

Recently had a need to create a Windows 2012 R2 VM and proceeded to install the SEP client (12.1 RU6 MP6) as I normally would using a package I previously created and have successfully used in the past.  However, it failed to connect to my SEPM server with an "HTTP error 407" under the client's Connection Status.  The Last Attempted Connection shows my SEPM server name/IP along with 80 for the port number.  Last Successful Connection says "Never".

Looked at another existing W2012 R2 server with 12.1 RU6 MP6 which is connecting just fine using port 8014.  Thinking that perhaps our 2012R2 VM template might've become corrupted, I created another VM and installed the OS from scratch but the SEP client behaves the same way and fails to connect.  I even moved the VM to a different ESX host thinking that maybe something's goofy with the networking to the host but got the same result.

SymDiag reports the following error which I don't see on the known working SEP client I mentioned, above.  Again, I've used this same SEP client package to install on other servers before so don't understand why it's not working now.  Thanks in advance!

SymDiag.jpg

0

Symantec Endpoint Protection

April 7, 2017, 3:57 am
$
0
0
I need a solution

Hi Folk,

1.    Ability to manage roaming user through internet.
2.    Generate alert / log file and send it through email, whenever any change happen on the EU machine.
3.    Generate report about printer usage. How many and which document has printed by user.

appreciate any help

0

Install Package and Virus Definitions

April 7, 2017, 7:08 am
$
0
0
I do not need a solution (just sharing information)

Hello all,

I am facing some issues when I export a SEP14 MP1 package from the SEPM and install on Win7 or Win10. I am using "Dark Network" install and noticed that the package contains a file called V15Defs.zip, which I assume is the Full Definition set.

If I install this package on top of SEP 14 (the first version), everything looks good, no message about virus definition.

However, if I install in a machine running 12.1.6 MP5, the virus definition message is triggered (outdated) and in the logs, I see the client downloads a Full.zip.

The same happens in a Win10 machine without any SEP Client installed.

Question: If I am exporting a package with a Full Definition package on it, why are the machines downloading the "Full.zip" from the SEPM?

From my understanding, this shouldn't happen, since the install package already contains the ful definition file.

Thoughts?

Thanks everyone!!

0
Search

Replication between two sites - SEPM

April 9, 2017, 2:34 am
$
0
0
I need a solution

Dear Support,

We would like to ask some questions related to SEPM upgrade with replication.

Background Information

  • We have deployed two SPEM in our environment.One is in Hong Kong and other one is in Singapore. Currently we have enabled replication between two sites via WAN link.
  • SPEM are installed on Windows Server 2008 R2 and running embedded database. 
  • Current version of SEPM is 12.1.5337.5000 (RU5) , plan to upgr​ade to 12.1.6 (RU6 MP6).

Question
Q1.Have any issue if we disable replication between two sites for a long time ? 
Q2.How long can replication disable ? e.g. 1 week / 1 month / no limitation
Q3.What is impact if we disable replication for long time ?
Q4.Could we reenable the replication between two sites after long period of time?

Please kindly advise.

Thanks
Kidd 
 

0

Resetpass.bat for symantec 14

April 10, 2017, 3:56 am
$
0
0
I need a solution

Hi,

How to Reset  a forgotten Symantec Endpoint Protection Manager password in SEPM 14

0

Unexpected Error while Logging into SEPM Server(12.1 RU6 MP5)

April 10, 2017, 4:25 am
$
0
0
I need a solution

While logging to SEPM server (12.1 RU6 MP5) we are getting unexpected error. Home, Reporting and Monitor tabs show blank screen on Management console.

We have tried re-configuring the Mangement server.

Also tried upgrading the managment server to version 12.1 ru6 MP7, no go.Pls help..

0

Email alerts to admin when user tries to stop SEP services

April 10, 2017, 5:06 am
$
0
0
I need a solution

Hello,

I want to have alerts in SEPM (Symantec End Point Protection Manager), when user tries to stop the Symantec services in local PC’s.(Email Alert to ADMIN)

0

SEP 14 MP1 Preventing OSX updates and causing touch ID to crash

April 10, 2017, 10:11 am
$
0
0
I need a solution

On all of our organizations brand-new Macbook Pro with Touch Bar, the Touch ID function is gone after updating to OSX 10.12.4 on machines that have SEP 14 MP1 installed. No reaction to finger presses, and trying to add a fingerprint results in a message "Unable to complete Touch ID setup". On devices that are already using the Fingerprint Unlock feature of touch ID, the machine is unable to restart at all.  They get stuck in an update loop that you have to boot into recovery mode to fix, which leads me to what I had to do to fix the issue, and is easily reporudcible to the point that I am certain SEP is causing this issue.

If you move the following daemons out of the launch daemons folder, 

cd /Library/LaunchDaemons/

rm com.symantec.symdaemon.NFM.plist

rm com.symantec.liveupdate.daemon.NFM.plist

update the mac to 10.12.4 and then replace the daemons back into LaunchDaemons and restart SEP 14 MP1 and the Touch ID features work perfectly. If you dont remove those daemons, or symantec from the mac, you cannot upgrade to OSX 10.12.14 without it causing the upgrade death loop, or touch ID to fail beyond use. We have many new Mac devices in our environment, and we are not the only people experiencing this issue. This reddit post was not by me, but was the only place I found anything that helped with this issue. 

https://www.reddit.com/r/applehelp/comments/5jrrqg...

0
Viewing all 10484 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>