Hellow
I found an article about a new threat.Link below.
The article describes the new virus TwoBee.Also called Trojan-Banker.Win32.TwoBee.gen.The virus substituting the requisites in payment orders in the programs of interaction with banks (Bank-Client or "Банк-Клиент").
Does Symantec protect endpoint security from the TwoBee virus? https://securelist.ru/blog/intsidenty/30264/finansovaya-kampaniya-twobee/
Hi dear firends ,
I faced interesting thing on customer site today. SEP Manager 14.0 scheduled LiveUpdate can't start automatically and can't update itself for one week. The odd thing is when i triggered the LUALL manually SEP Manager can update itself properly and distribution of virus definitions to clients are ok. When i trigger SEPM LU on SEPM interface it gives a notification and it says "A scheduled LiveUpdate session is running. You cannot run another LiveUpdate session at this time."
I found Brian's article who has previously live same issue on the Symantec forums. Hello Brian by the way, according to this discussion did you find something as solution for this issue ?
https://www.symantec.com/connect/forums/sepm-liveu...
I think i will create a case for this and also i write a windows scheduler task on server which is triggering LUALL.exe hourly and at least this temporary solution is saving my day for now.
Best Regards,
Batuhan Çalın
Agilis Tech. Solutions / Symantec Gold Partner
Hi,
I've been trying to install endpoint protection client 12.1 on a Win 7 computer for the last few hours..
Remote install, success on pushing the installation, but nothing happens on the remote computer.
Manual installation, Setup running for few minutes, finishes and doesnt actually install the software.
After a restart, I receive on the SEPM, Install failed, rolled back.
I have no clue how to procced from this point.
I ran SysDiag and I have no errors on install the software..
I'm installing 32bit version on win 7 32 bit.
Seperate SQL Server, SEPM Version 12.1.6 Ru6 - 7000 clients
SQL Server memory usage is holding steady at 89% for the last 24 hours.
(Total 8gb)
No Jobs are pending
According to Article TECH169953 - This is normal and will release at some point.
Anything to be concerned about - this is throwing monitoring team into panic mode.
I have been running Symantec Endpoint Protection Manager 14 on my Windows 2012 server for about a month. This week I started having issues during a remote push to clients. At first it told me that the computer browser service was not running. So I looked in Windows Services and found it disabled. I enabled and started the service and tried again and received the following error that I am stuck on. Network Provider: Microsoft Windows Network Error: The service has not been started.
No other details on the error message. I have tried turning on network discovery and still receive the same error. If I search the network for the client IP address I am able to push to the client, but I can no longer use the Browse Network tab in the Client Deployment Wizard.
Please help.
SEPM Version 14 MP1 build 2349 (14.0.2349.0100)
I have a question about what can be imported into the Symantec Endpoint Protection Manager from AD. I'm already familiar with how to import user accounts and groups of client endpoints from an AD OU, but I am unsure if the same thing can be done with Policy Components.
Rather than manually manage Host Groups that we use in some of our firewall rules, we'd like Host Groups to be linked to a group in AD and automatically updated. That way, for example, if we had a custom Allow Server Farm firewall rule, we would not have to manually edit the associated Host Group that lists every IP address, range, or hostname in the server farm - it could be added to an AD group by another team, and automatically imported.
Is that possible?
Hello everyone,
Recently I made the migration of the entire environment version 12.1 ru7 to version 14 mp1 without problem.
Daily I export the log comprehensive risk report from the last 24 hours to treat infections from the table Risk distribuition by Computer.
After exporting the query in the field Monitors / Risk / via hostname (or computer or ip address), but the search result is empty.
Searching without the fields (computer or ip address) filled in, it is possible to view the data of the infection.
Anyone have this same problem?
Hi,
I have an existing SEPM installation managing 10 clients at present with SEP only, licensed correctly. We have recently taken over another site of 11 clients which we wish to use this instance to manage also. We have purchased new licenses.
Q: Can I import the additional license into SEPM to keep the license count correct? The existing and new licenses do not expire on the same dates!
Hello
Not sure if anyone performed this ! I currently have a SEPM server at 12.1.5. I was running Windows server 2008 32bit on it ( not sure why but might have been a licence issue at the beggining ). So i want to migrate to version 14 and have another VM server running this time Windows 2008 R2 64 bits.
Now my question : Is it possible to perform a server to server migration to import my config / clients from the old server then push the workstation to the newer client ?
If you have any question please ask :)
SEP clients not getting updated through liveupdate.Getting below error
Wed Aug 13 10:40:44 2014 : REG SUCCESS: Success while opening key
Wed Aug 13 10:40:44 2014 : REG FAILURE: Failed while fetching the path from registry.
Wed Aug 13 10:40:44 2014 : DEPLOY DLL LOCATION: IU will read the DLL location from registry - SSEIUDeploy
Wed Aug 13 10:40:44 2014 : REG SUCCESS: Success while opening key
Wed Aug 13 10:40:44 2014 : REG FAILURE: Failed while fetching the path from registry.
Wed Aug 13 10:40:44 2014 : IGNORE ENTRY: Ignoring entry for VIRSCAN.zip because of registry read failure. Error occurred while reading the path for the Authorization DLL from the registry.
Wed Aug 13 10:40:44 2014 : The product corresponding to this entry in iuconfig.xml is not installed on the system.
I would like to know when Symantec has definitions to detect TA17-117A Intrusions Affecting Multiple Victims Across Multiple Sectors (https://www.us-cert.gov/ncas/alerts/TA17-117A ) and then the corresponding definition versions, which will detect this threat.
Thanks,
Scott
We just recently upgraded our SEPMs from 12.1.6 MP 5 to 14.0.2 (MP 1), 3 servers running Server 2012 R2 Standarad and connecting to a SQL database on a cluster of two similar servers, and from my one machine I was able to connect fine through the Java applet. However from another machine after the Java console is giving me the error that it is failing to connect to the server.
I tried with the IP, confirmed that all servers are in the Java sie exceptions, can telnet to 8443 and 8445. Cerrt is installed properly and I can access through the web console without issue. I restarted the SEPM web server with no result. Both workstations are running Windows 7 Proffessional though the one it is working on is 32 bit and the one it is not working on is 64 bit.
A co-worker of mine can access the web console and the Java console however both are failing run any reports. He is running windows 7 proffessional as well and I believe his has a 32 bit machine.
Our consultant has no issue as I did not on that machine at our other office. He is also running windows 7 proffessional.
Not sure what to try next.
Hi everyone,
i tried to open Resource Monitor on my notebook. But i got blocked by Symantec
False positive or silently hacked? ;)
NB-X | (None) | 1 | 04/29/2017 16:40:35 | Default | Access denied | c:\windows\system32\perfmon.exe |
NB-X | None) | 1 | 04/29/2017 16:40:04 | Default | Access denied | c:\windows\system32\perfmon.exe |
Can someone check the checksum with a Windows 10 (us-en) latest patches:
SHA-256
f6b6bfca5f7483b3 140735f7753cefcf 33265db3b7113ed0 15b9a37299c7f90f
Best regards
Stephan
Hello All,
Is there a way SEP can be configured to block all potentially unwanted programs/applications when initiated?
We are on SEP 12 currently, and are on the path of migration to SEP 14.
Please advise.
Best Regards,
Jimmy
=-=-=
Hi Symantec Team,
Good day! I try to download GNS3 verion 1.5.4 (latest one) but when I try to install it my Symantec version 12.1.6 automatically quarantine it.
I cannot whitelist the entire directory of GNS3 since my Symantec is being manged by our Server Admin and some features such as whitelisting
is not visible. I am planning to uninstall the Symantec using the latest Clean Wipe Tool and install the GNS3, but it is safe doing that way? I dont want
to messed around with my Laptop since there is a lot of important files and security is the number one priority in our organization.
I am hoping you can help me in this one, since I really need the GNS3 for my CCNA.
Thank you
Arvin.
Hi All,
I want to understand why i am getting this notification. " Informational: Symantec Endpoint Protection Computer List Changed".
Would appreciate your help and solution for the same.
There are no new computers getting added/deleted/modified. There are few. No to the extent of the alerts we are getting daily.
Thaks,
Ranga
Article https://support.symantec.com/en_US/article.TECH172... talks about using the VIE tool on the base line image, before creating virtual machines from these images. However we have a VDI environment that is actively used by users that is facing serious performance issues and we would like to find out if its possible to use this VIE tool on each individual virtual machine. We are willing to take some downtime where a user will not be able to use their virtual machine.
Can we run the VIE tool on an existing virtual machine that has been previously created from a image.
Virtual machines are Win 7 machines.
Thanks
Aspi Engineer
Currently I am trying to create a query against our database to pull hosts and their information from specific groups within SEPM. Is it possible to query the database to pull from these locations to gather the Clients hostname and IP address from these groups?
If so, what would we specifially need to querry within the database according to the SEP database schema.
Thank you,
Jack McAloon
Hı
I did a system restore on my computer. But the app error :
"Symantec Endpoint Protection cannot open because some Symantec services are stopped. Restart the Symantec services, and then open Symantec Endpoint Protection. "
So what can I do ?
Thank you.
just got this alert on one computer running W2012R2, SEP12.1.6MP5, managed by SEPM with version V14MP1. Any idea what happens and what to do?
thanks guys!