Hello,
i try to block media files by SEP. I have manuals from this topics:
https://www.symantec.com/connect/downloads/block-a...
https://www.symantec.com/connect/forums/how-can-i-...
but policy does not work.
Please see screens below, where i have mistake?
regards,
Hi,
We have some trusted files that are detected by SEP as virus, they have extensions of .exe, .jre or .vbs.
These are portable files, so exclusion policy will work or not, i dont know.
If any one has any answers pls let me know
Thank you.
Hi All,
I noticed that SEPM uses port 21 and 80 to download its virus definitions. Is there no way to configure SEPM to use port 443 to obtain updates? Are there any links other than the ones listed below?
Thanks
Because the documentation is the same for both versions: Do I have to upgrade the complete Management (SEPM) to use Clients 14mp1?
I have an environment with 4 SEPM servers. several thousand clients devices with a hundred or so GUPs serving them.
we use an internal liveupdate server which distributes Symantec content updates 24h later than they are official released.
On the Symantec home tab i have worked out that only the GUPs are reporting as being "Up to date" (green) on the pie chart, and the rest are considered "out of date" (Red)
I have checked the majority of the Desktops and i have claculated aproximately 90% of them are running as up to date from what i can see.
Any idea why is this not reflected in the Endpoint status report in the home page?
I have a security status - attention needed allert on the home page and when i view the details, it says content category download problems.
when i scroll down the details window only "download protection content faileures" has its maximum acceptable failure ratio exceeded, but is still under 50% failure.
there is still a green tick next to this cateory as well which doesnt seem right considering its exceeded the maximum accepted threshold...
Any help would be much appreciated.
We've just completed our SEPM upgrade to v14, SEPM server and all clients have been upgraded to v14. Our next challenge revolves around a merger that is taking place with another company. That other company does not use SEP for endpoint protection however we have decided that going forward the new company will be using SEP. My question is about the best way to accomplish this.
I assume we will need to create a new SEPM server so my first question is can I use Windows Server 2016 as my SEPM server?
Will all of the endpoints in our company currently running the v14 client need to have the client reinstalled from the new SEPM server?
TIA for any advice you can provide as this will be my first experience setting up a SEPM server from scratch.
I am looking for some information and guidance on trying to resolve what appears to be a seemingly random issue we are seeing with our SEP 14 clients. On any given mornign when I come in and check the console I will have a handful of computers that are listed as disabled in the management console. If I look at the computer stauts on these machines all of them are listed as having the same components malfunctioning. The three components that have the Component is Malfunctioning status are Sonar Status, Network Intrusion Prevention Status, and Download Insight Status.
Typically a reboot will resolve these issues but that is not a workable solution. I can not request that a handful of different users reboot their machines each morning because symantec goes into a disabled state. Is there any way to troubleshoot or resolve what is causing these clients to go offline. Preferably something that can be done from the console and doesnt require a reboot?
Has anyone else seent this behavior in symantec 14? Thank you
Bonjour,
Afin de tester l'upgrade vers la version 14 de SEPM, j'aurai besoin d'une aide pour la configuration de la base SQL Serveur 2016.
Quels sont les pré-requis pour la configuration (ports, compte etc...)
Je vous en remercie par avance.
=========================================
Hello,To test the upgrade towards the version 14 of SEPM, I shall need a help for the configuration of the base SQL server 2016.
Which are prerequisites for the configuration (ports, account etc.)
Thank you for in advance.
Hi All,
Just simple question. I need to migrate my SEPM 12 (w2k8 32bit) to 14 (w2k8r2 64bit). My plan is to:
1. backup database from and cert from old 12 (32bit), i have ca 400 PCs in database, all W7 64bit in AD.
2. install fresh 12 (64bit), recover database from old one on it
3. upgrade 12 (64bit) to 14 (64bit)
Will it work?
Or maybe sholud I make it in quite different way? Maybe someone have some experience with that and can share it?
I having an issue deploying SEP 14 pushinng from the management console. I saw on the task manager of the machine the symantec services services trying to install but of all of the sudden gone or not successfully installed. I tried to build a packaages to install manually to the machine but the system not allowed me to install not compatible apps.
Thanks,
erwin
Does anyone know how to upgrade multiple clients from 14.0.1904 to 14.0.2332?
Build 1904 was causing BSOD and is fixed by build 2332. Ive installed the "client-only" patches manually on a couple of workstations but I'd rather not do that for the entire firm.
Any help would be appreciated.
Thanks,
Hello!
I reinstall SEP clients 12.1.7004.6500 and the client stopped connecting to the server.
Status:not connected
error: erro in heartbeat response(4).
secar test:OK
I delete client from SEPM console, replace sylink(using SylinkDrop.exe), delete the following keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
I Uninstalled client cleanwipe utility and install again. no RESULT.
The client only once successfully connected to the server after reinstallation
clien server log
The client computer has been added to the group BBB SSS V-SEP s44000 user
Client has registered BBB Sberbank V-SEP s44000 user
sylink.log
04/20 18:23:26.271 [2136] ************CSN=537831
04/20 18:23:26.272 [2136] <mfn_MakeGetIndexUrl:>Request is: action=12&hostid=90ABA3560A77F42D006C5F1DF30A5F9B&chk=5B27CD95B9A4D4F3601DA37A6D2FFDDC&ck=94123D797FD1E70BF45919FFE8F6F765&uchk=F8E339C49DF689DBC378405F41F1B7C8&uck=A7AF0B210859F7B9510EB178A0DE63CF&hid=24C9AFC2992CB85FB9F324478B9D0ADF&groupid=A3A092470A77F42C01489BBC05D70B28&ClientProductVersion=12.1.7004.6500&mode=0&hbt=1800&as=537831&cn=[hex]73343430303075626F6666313730&lun=[hex]30312D6B6F726E65796368756B2D616D&udn=[hex]54455242414E4B2E5349422E534252462E5255
04/20 18:23:26.274 [2136] <GetIndexFileRequest:>http://11.12.33.44:8014/secars/secars.dll?h=2BF682D1C0388E3E377C4C6C90E781938C527B5B13C0AF4588BDEECE6F3D876736148C8568638EB8B9EE1F8F6CDE377F7FD81F9183BD6000FD97CA7B1A0C460D45D95E718B8ED5CDEF9E1E313594511ACD54754C6FBC8DCD0F6C08C41B980C41949995B290BB618873ECF841AF165C7C50A03A16961BB3BEE3A1A03BB92AB71681611587283B86C0BC40014B852983D0FBDFEA89208854D233769BBD54F764B6E3E4D373CBE73D5177C86D60B2209B90C77508D80134C61CC6B7CD0C4E18CBF301D28840A4CB67926211A79D81C5A9F93C9632D8879343423DDB24DDE445A9FCA902653AA5D73BAF3ED43D83C85C8F937CEF9939268DA47781CA8B2DCD9BF9B14A79073DECB6EE8D8F4D30238E593B125C604CAFFD781A9FFAD067727FE82BB563D7AB23BBC723D386DCCB781482866DF202C3CF664126AB70EFF5AC02C5AF77FD009C3B28C67BF3F7D46CC10526181141BAD51BD5366C79180FD783535436EFFF6F8DB0D1F813F57485A64FF706CBBADED08A165712F4F8BB7721B73CDA1773816EFFF9A75ECF494224D8E9D10F25A2A0C201C79104370CF3F63C6D8A257E4F9D56E9350BAFB072B420E29EDB2170069AA689C9CB38EDF1076BED8122EAA39D68FB09069DCFFA30DF031BA50E7D2137C2CD81ECE3F762A103D38275C6A8F392
04/20 18:23:26.278 [2136] <InternetCallback> HttpOpenRequest; Internet status: 60; CtrlBlk: 03438B00
04/20 18:23:26.405 [3784] <InternetCallback> HttpSendRequest; Internet status: 100; CtrlBlk: 03438B00
04/20 18:23:26.419 [2136] AH: (InetWaiting) bFinished is TRUE on CtrlBlk: 03438B00
04/20 18:23:26.419 [2136] <GetIndexFileRequest:>SMS return=200
04/20 18:23:26.419 [2136] <ParseHTTPStatusCode:>200=>200 OK
04/20 18:23:26.420 [2136] <FindHeader>Sem-HashKey:=>5B27CD95B9A4D4F3601DA37A6D2FFDDC
04/20 18:23:26.422 [2136] <GetIndexFileRequest:>Loading the current mode:1
04/20 18:23:26.424 [2136] <FindHeader>Sem-LANSensor:=>0
04/20 18:23:26.425 [2136] <FindHeader>Sem-Signatue:=>13F018188262818B94677EFBE45E309F80894490C3991159106607E4FD0C870597B1A58A6B56B7759AABC7CF5BD633C1FEF806435DA6EC98DD78AB33BE079F428FF9FB653B2E9306C0D485057134B0244F03CB425179FF6E312C64EAF06619EA8D60FF3B896886FC86FBE60094B64DDC213DEFAA3B31AD134F2E5AB30F932CBE
04/20 18:23:26.427 [2136] <FindHeader>Sem-CommandGUID:=>E8FF02040AAEC70600867BA9E095C543
04/20 18:23:26.428 [2136] [Command] New command(s) arrived from SEPM: E8FF02040AAEC70600867BA9E095C543
04/20 18:23:26.466 [3784] <InternetCallback> InternetReadFileEx; Internet status: 100; CtrlBlk: 03438B00
04/20 18:23:26.470 [2136] AH: (InetWaiting) bFinished is TRUE on CtrlBlk: 03438B00
04/20 18:23:26.470 [2136] <mfn_DoGetIndexFile200>Content Length => 2502
04/20 18:23:26.472 [2136] <mfn_DoGetIndexFile200>Signature verification FAILED for Index File Content..
04/20 18:23:26.472 [2136] <GetIndexFileRequest:>RECEIVE STAGE COMPLETED
04/20 18:23:26.475 [2136] <GetIndexFileRequest:>COMPLETED
04/20 18:23:26.476 [2136] <IndexHeartbeatProc>GetIndexFile handling status: 101
04/20 18:23:26.478 [2136] <IndexHeartbeatProc>Switch Server flag=0
04/20 18:23:26.481 [2136] HEARTBEAT: Check Point 5.1
04/20 18:23:26.481 [2136] <ScheduleNextUpdate>new scheduled heartbeat=128 seconds
04/20 18:23:26.483 [2136] HEARTBEAT: Check Point 8
04/20 18:23:26.485 [2136] NextProxySetting: Cycled through all proxy settings.
04/20 18:23:26.486 [2136] Get Next Server!
04/20 18:23:26.488 [2136] <IndexHeartbeatProc>switch to another server
04/20 18:23:26.490 [2136] <DecrementScheduleTime:>New scheduled heartbeat=64 seconds
04/20 18:23:26.491 [2136] ResetProxySetting: Will now use proxy setting 1
04/20 18:23:26.994 [2136] HEARTBEAT: Check Point 1
04/20 18:23:26.994 [2136] HEARTBEAT: Check Point 2
04/20 18:23:26.994 [2136] <PostEvent> going to post event=EVENT_SERVER_CONNECTING
04/20 18:23:26.996 [2136] <PostEvent> done post event=EVENT_SERVER_CONNECTING, return=0
04/20 18:23:26.998 [2136] HEARTBEAT: Check Point 3
04/20 18:23:26.999 [2136] <IndexHeartbeatProc>Setting the session timeout on Profile Session to 30000
04/20 18:23:27.001 [2136] HEARTBEAT: Check Point 4
04/20 18:23:27.003 [2136] <InternetCallback> InternetConnect; Internet status: 60; CtrlBlk: 03438B00
04/20 18:23:27.005 [2136] <IndexHeartbeatProc>===Get Index STAGE===
Hi,
it seems that all other threads regarding the SEP 12 MP6 and Windows 10 Creators Update are ignored. It still does NOT work to upgrade an existing Windows 10 Anniversary Update installation to Creators Update having SEP 12.1.6 RU6 MP6 Build 7061 installed. The Windows 10 installer still asks to uninstall SEP. According to the Symantec compatibly page the mentioned SEP version still supports the Creators Update. I don't know why there's no word from Symantec and/or Microsoft on when this block will finally be removed.
Allowing the installer to do updates prior to the upgrade also does not work and it's not an option to uninstall/reinstall SEP.
Please advice.
Thanks and best regards,
Ronny
Hi,
Few users in our organization are facing slowness when compiling the code in armcc. When we disable SEP by 'smc -stop' it is very much faster.
I have already disabled Firewall, Auto-Protect, given exceptions to the paths. Still compiling is slow.
Could you please help me?
Thanks!
Ayush
Hi All,
We have had to move machines with SEP client to a new SEPM servers. Basiclly the clients are now checking in with say X sepm and we are trying to point to Y sepm on a different server. We tried using the communication link but seems like it is not working. Is there any other way ?
Bonjour,
Lors de la préparation d'un poste de travail en matriçage, nous avons l'installation de toutes les applications depuis l'image wim.
Les sources sont exécutés depuis un setup se trouvant dans C:\Temp.
Dans ces applications se trouvent l'application PDFCreator_fr_2.msi en version 2.I.2, exécuter depuis le répertoire C:\TLDCache\PDFCreator_FR_2_I_2.
SEP le considère comme un risque PUA.Candy et le met en quarantaine.
Nous souhaiterons savoir si nous pouvons purger la qurantaine soit en automatisant, soit en sélection spécifique afin d'éviter les pop-up lors du matriçage de spostes de travail.
Nous ne pouvons pas créer une règle d'exclusion pour ce fichier car le répertoire possède des droits admin que tout utilisateur puissent exécuter le msi et ainsi déposer n'importe quel fichier.
Pourrions-nous ou existe-t-il une règle afin d'affiner le mode qurantaine en exclaunt simplement ce fichier dans ce répertoire ?
Merci pour vos réponses.
================================================================================================================================================
Hello,
During the preparation of workstation , we have the installation of all the applications since the image wim.
Sources are executed since a setup being in C:\Temp.
In these applications are the PDFCreator_fr_2.msi application in version 2. I.2, execute since the directory C:\TLDCache\PDFCreator_FR_2_I_2.
SEP considers it as a risk PUA.Candy and quarantines it.
We shall wish to know if we can purge the qurantaine either by automating, or in specific selection to avoid pop-up during the matrixing of spostes of work.
We cannot create a rule of exclusion for this file because the directory rights admin that every user can execute the msi and so deposit any file.
Would we do can or is there a rule to refine the mode qurantaine exclaunt there simply this file in this directory?
Thank you for your answers.
Hi,
I'm planning to upgrade my SEPM to the latest version which is 14. But in my environment i have bunch of client pc's running xp.I just figured it out for xp i need to install legacy client packages.
1. Is there any way that i can upgrade xp client machines only sorting out by OS ?
2. Also what happens to the offline clients while upgrading as a group ?
3. After the upgrade do i need to upgrade LUA also or i can add the upgraded SEPM into my current LUA ?( current version is 2.3.4.16 )
If anyone can help point me ina right direction , I'd be truly grateful.
Just wondering if 12.1.6 MP7 (Build 7166) will be the last version released in the 12.1.x branch.
If not, any word on when the next update would be released and any date for 12.1.x EOS?
Thanks,
Seth
In order to install the Windows 10 Creators Update I need to upgrade our SEP 14.0.1904 to SEP M1 but have been unable to do so. It progresses through the SEPM install and 62% of the Server upgrade, including updating database schema, installing packages, and finally rebuilding indexes before crashing. The last message printed in the Server Upgrade Status window is "error occurred"
The web service does not get installed and in the log there is a message about it failing to install Apache service. We have two SEPM servers, one on Windows 2012 R2, the other on 2008 R2, that have been functioning fine on SEP 14. If I try to continue with the installation, it then errors out because the Logon as Service right isn't present for semwebsrv, which isn't surprising due to the Apache install error. The necessary user rights are all present prior to the upgrade.
I disable replication between the two servers, take down the SEPM services, done system restarts, etc., but get the same error. I opened a case with Symantec today, but let's just say that has been less than satisfactory up to this point, so any thoughts would be appreciated.
Hello
I have 5 servers that were created using one master image and they suppose to report in SEPM but there is something weird happen .
They do report but not in one time .
i.e serve SEV1 is reported for one minute and then it is replaced by SRV2 . After another minute it is replaced by SRV3 and so on .
When server is replaced, previous server disappear from console . It is not place in "offline "group . It's look like SEPM consider it as one server but with changeable name :)
I have tried to upload new symlink to them but without results .
Do you have any idea what going one and how to fix it . I have checked mac addresses but they are different.