I need a solution
0
↧
Host Integrity reports not working properly
↧
Host Integrity logs not working properly
I need a solution
We recently enabled Host Integrity policy in the environment and we are trying to pull the compliance logs for past 24 hours/past week but the logs retrieved is not consistent. Some times the count of machines is high and sometimes less number of clients and at times no entries. Is it expected behaviour while retrieving the Host Integrity logs ?
0
↧
↧
Last Connected time needed for script
I need a solution
I am writing a script to check the status of SEP 12.1.6 on our servers. One of the items they want in the report is the time the client last connected to the management server. I can see the time they want under Help > Troublshooting > Last Connected. Does anyone know where this time is stored on the client computer? It seems like it should be in the registry but I can not find it. Any help would be appreciated.
Thanks
Mark
0
↧
Some mailbox file of Lotus Notes (.nsf) is quarantined starting form the end of April 2017
I need a solution
I find that some mailbox file of Lotus Notes (.nsf) is quarantined (Reason: Trojan.Pidief) starting from the end of April 2017, it seens that Endpoint Protection can be scanned the actural content of each mail to identify if the attachment of each email is affected for not.
In our case, we have a specific mailbox to collect such affected email, but that nsf file is identified and quarantined, we don't know the protection to have such behaviour. Also, I would to know if it is related to the patch update or other reason, thx!
0
↧
list of deleted clients
I need a solution
Hi,
is it possible to get a list of deleted clients that have not connected for a specific time to the manager?
I mean the clients that drop from the manager via the settings in the domain properties.
0
↧
↧
Overdeployed SEP
I need a solution
So when deploying Symantec I overdeployed by 1 license, and I am getting a warning saying that if I don't renew my network may be exposed to security risks. I am curious as to how that works? How does it impact SEPM and SEP?
0
↧
SEP 12 Firewall disables NIC - Dells/Win 7
I need a solution
Good morning and thank you for taking a moment to look at this.
We are noticed an issue that is slowly growing in scale. We have several machines that are losing network connection because the NIC gets disabled. Every time this happens the SEP client reports a issue with the FIrewall. Our solution thus far has been too uninstall and reinstall the Firewall portion of SEP. Once the Firewall is removed and readded and then the machine rebooted the NIC is back up and running as if nothing ever happened.
Has anyone experienced this issue before? I found some posts about issues somewhat like this, but they were from 2012. Any input on this would be much appreciated. Sorry I did not have a screen shot of the exact warning that SEP gives when the Firewall goes haywire, but if need be I may be able to track one down. Thank you again for your time and consideration in this matter.
Damien
0
↧
serveur SEPM 14MP1 ne télécharge pas la mise à jour
I need a solution
bonjour,
Sa fait une semaine 13/05/2017 , le serveur SEPM 14MP1 avec une base de données integré ne télécharge pas la mise à jour
0
↧
SEPM LiveUpdate Error 4
I need a solution
Hello there, since 10.05.2017 we cannot update our viruses definitions file. We are receiving ERROR 4 code in LiveUpdate log window.
18. Mai 2017 15:43:56 MESZ: Fehler bei LiveUpdate [Standort: SEP für SV Schwedt] [Server: sdtv15]
18. Mai 2017 15:43:56 MESZ: Ausführung von LUALL.EXE beendet. [Standort: SEP für SV Schwedt] [Server: sdtv15]
18. Mai 2017 15:43:56 MESZ: LiveUpdate hat Fehler erkannt. Rückgabecode = 4. [Standort: SEP für SV Schwedt] [Server: sdtv15]
18. Mai 2017 15:43:55 MESZ: Keine Updates für SPC AntiVirus Client Mac 12.1 (German) gefunden. [Standort: SEP für SV Schwedt] [Server: sdtv15]
18. Mai 2017 15:43:55 MESZ: Keine Updates für Symantec Endpoint Protection Win64 14.0 (Deutsch) gefunden. [Standort: SEP für SV Schwedt] [Server: sdtv15]
18. Mai 2017 15:43:55 MESZ: Keine Updates für Symantec Endpoint Protection Win32 14.0 (Deutsch) gefunden. [Standort: SEP für SV Schwedt] [Server: sdtv15]
18. Mai 2017 15:43:55 MESZ: Symantec Endpoint Protection Manager konnte Symantec Endpoint Protection Manager Content Catalog 14.0 nicht aktualisieren. [Standort: SEP für SV Schwedt] [Server: sdtv15]
18. Mai 2017 15:43:55 MESZ: Symantec Endpoint Protection Manager konnte Zentrale Reputationsseinstellungen 14.0. nicht aktualisieren. [Standort: SEP für SV Schwedt] [Server: sdtv15]
18. Mai 2017 15:43:55 MESZ: Symantec Endpoint Protection Manager konnte Common Network Transport Library and Configuration 14.0 nicht aktualisieren. [Standort: SEP für SV Schwedt] [Server: sdtv15]
18. Mai 2017 15:43:55 MESZ: Keine Updates für AP Portal List 12.1 RU5 gefunden. [Standort: SEP für SV Schwedt] [Server: sdtv15]
I have already few things tried:
1. Cleaning up a LiveUpdate download directory
2. /forcedupdate
3. IE settings
4. Added *.symantec.com to trusted sites
Nothing helped.
I cannot update with liveupdate on the SEPM server and on workstation as well (standalone version)
0
↧
↧
CCN-CERT NoMorecry - Opinions?
I do not need a solution (just sharing information)
Dear all,
I have recently recieved the following Informations via Corporate News:
I have learnt that this seems to be a legit source, but we are not sure at the moment if we should implement this on our Clients, as SEP is telling me this is malware.
Has anyone of you had experience with this? Any opinions?
I'd really appreciate your expertise if you would have a look at this...
---
I have been informed that there is a tool to immunize the outbreak of wanacry.
CCN-CERT has updated to a version 3 tool to prevent the execution of malware WannaCry 2.0. They are: NoMoreCry-v0.3 (for Windows XP and higher) and NoMoreCry2000-v0.3 (for Windows 2000). This new version includes a text file that must be saved to the same folder as the executable. Within it, there is a list with the names of the mutexes to be created (NoMoreCry_mutex). This new version can be run in silent mode by executing it from the command prompt with the "-s" argument. eg.: c:\NoMoreCry.exe -s
This tool is not intended for already infected machines !
it should be run after every reboot for the successful prevention of the threat. This can be performed by the modification of the Windows registry or by the application of group policies in the domain.
Both tools are found in the platform in the cloud of the CCN-CERT, LORETO. Previously access to their corresponding file is needed: README_v0.3. (for Windows XP and higher) and README_Win2000-v0.3.txt (for Windows 2000)
Further information on:
CCN-CERT NoMoreCry and script (V.0.3)
Please spread the info accordingly!
---
0
↧
Unexpected Server Error every 30 seconds
I need a solution
I just set up SEP 14 in a two site replicated configuration with external MS SQL 2008 servers. This morning I started getting "Unexpected server error." in the SEPM console. This is happening in both SEPM consoles. The error recurs every 30 seconds.
The scm-server-0.log has these lines recurring at 30 second intervals once the server service starts up.
2017-05-18 10:41:37.163 THREAD 834 SEVERE: in: com.sygate.scm.server.task.ExternalLoggingWorker
java.net.ConnectException: Connection timed out: connect
at java.net.DualStackPlainSocketImpl.connect0(Native Method)
at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:79)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:589)
at java.net.Socket.connect(Socket.java:538)
at java.net.Socket.<init>(Socket.java:434)
at java.net.Socket.<init>(Socket.java:244)
at com.sygate.scm.server.task.ExternalLoggingWorker$SyslogClientFactory$2.sendLog(ExternalLoggingWorker.java:2983)
at com.sygate.scm.server.task.ExternalLoggingWorker.handleLog(ExternalLoggingWorker.java:456)
at com.sygate.scm.server.task.ExternalLoggingWorker.run(ExternalLoggingWorker.java:322)
at java.util.TimerThread.mainLoop(Timer.java:555)
at java.util.TimerThread.run(Timer.java:505)
Connection to the SQL server is confirmed by Netstat.
Any ideas what's going on?
0
↧
Unexpected Server Error every 30 seconds
I need a solution
I just set up SEP 14 in a two site replicated configuration with external MS SQL 2008 servers. This morning I started getting "Unexpected server error." in the SEPM console. This is happening in both SEPM consoles. The error recurs every 30 seconds.
The scm-server-0.log has these lines recurring at 30 second intervals once the server service starts up.
2017-05-18 10:41:37.163 THREAD 834 SEVERE: in: com.sygate.scm.server.task.ExternalLoggingWorker
java.net.ConnectException: Connection timed out: connect
at java.net.DualStackPlainSocketImpl.connect0(Native Method)
at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:79)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:589)
at java.net.Socket.connect(Socket.java:538)
at java.net.Socket.<init>(Socket.java:434)
at java.net.Socket.<init>(Socket.java:244)
at com.sygate.scm.server.task.ExternalLoggingWorker$SyslogClientFactory$2.sendLog(ExternalLoggingWorker.java:2983)
at com.sygate.scm.server.task.ExternalLoggingWorker.handleLog(ExternalLoggingWorker.java:456)
at com.sygate.scm.server.task.ExternalLoggingWorker.run(ExternalLoggingWorker.java:322)
at java.util.TimerThread.mainLoop(Timer.java:555)
at java.util.TimerThread.run(Timer.java:505)
Connection to the SQL server is confirmed by Netstat.
Any ideas what's going on?
0
↧
SEPM14 upgrade
I need a solution
Hello all,
Quick question. My organization is in the process of upgrading to SEPM14. We also are moving from an older database to a new cluster that supports 2016 and we are running into some issues. When installing SEPM14 over our previous version we are trying to move the databases from a 2008 database to 2016.
Within our environment our application(SEPM) is installed on a different server. How do we migrate to one server to another. We have completed the back up of the old database to the new database, but for actually connecting to the new database it is asking for the SQL path on the application server. Do we need to install SQL client tools even tho SQL isnt installed on that server?
Thank you,
Jack McAloon
0
↧
↧
SEPM Server failover for multi-site considerations
I need a solution
Hi Guru's,
I'm looking to setup Symantec Endpoint Protect in a multi-site design with Centralized Management.
My requirements are as (Clustering is not an option).
- There are 2 Data Centers
- I want to place one SPEM with off box/on-box SQL Server on each data center and want failover functionally.
- Clients at one data center reports to its own SPEM and Clients on 2nd data center reports to its own SPEM and I want to set up the environment like
- If SPEM server or SQL server at 1st Data Center goes offline or shutdown in that case all clients shift to SEPM at 2nd Data Center.
- If SPEM server or SQL server at 2nd Data Center goes offline or shutdown in that case all clients shift to SEPM at 1st Data Center.
- When any site which was down comes up in that case clients shifts back to its original SEPM server.
I already setup two SEPM with SQL Servers on each Data center with Replication partners and I have tested that when one SQL Servers goes down and then I turn off the SEPM services manually it shifts the client on other server and when Site goes online again its client shift back.
I want to know is there is any way to automate this process..
SEP version is 14.x
Please provide your expert suggestions
0
↧
getting alert message "download insight our inforamtion on the file is incobclusive
I need a solution
Hello All,
getting alert message "download insight our inforamtion on the file is incobclusive,how to exclude file from insifgt scanning.
0
↧
UIWIX Ransomware
I do not need a solution (just sharing information)
Hi Everyone,
Just want to ask if symantec already aware with this new threat "UIWIX Ransomware".
Please advise if SEP do have signature to this.
Please find below link about UIWIX Ransomware
http://www.hindustantimes.com/world-news/china-war...
Thanks and Regards,
0
↧
Automatically remove Computers from SEPM Database with SQL-Statement
I need a solution
Hey everyone,
we are looking for a solution to automatically remove Clients from the SEPM Database. The script should delete them from the Database directly and not over the Web-Frontend. So we basically need an SQL-Statement which removed a certain client from the Database without harming it/putting the database in an inkonsistent state.
While searching the Web i found the following statements that should work. Now i need someone (preferably from Symantec) to confirm this or propose a better solution.
--DELETE FROM
-- SEM_COMPUTER
DELETE from [sem5].[sem5].[SEM_COMPUTER]
where [COMPUTER_ID] in (SELECT [COMPUTER_ID]
FROM [sem5].[sem5].[SEM_CLIENT]
WHERE [COMPUTER_NAME] in
(SELECT SEP_Clients FROM SEP_ClientToDelete))
GO
-- SEM_CLIENT
DELETE from [sem5].[sem5].[SEM_CLIENT]
where [COMPUTER_ID] in (SELECT [COMPUTER_ID]
FROM [sem5].[sem5].[SEM_CLIENT]
WHERE [COMPUTER_NAME] in
(SELECT SEP_Clients FROM SEP_ClientToDelete))
GO
-- SEM_AGENT
DELETE from [sem5].[sem5].[SEM_AGENT]
where [COMPUTER_ID] in (SELECT [COMPUTER_ID]
FROM [sem5].[sem5].[SEM_CLIENT]
WHERE [COMPUTER_NAME] in
(SELECT SEP_Clients FROM SEP_ClientToDelete))
Kind regards,
Julien
0
↧
↧
SEPM Display issue
I need a solution
Hello All,
I have a display issue on my manager after installing the KB4012212 for MS17-010.
i have two managers whit the same kb installed but one of them gave me a bizzar dispolaying
i have an EP 14 MP1 installed on WS 2008 R2 Standar 64Bits(Java 8 Update 121) (Whit the issue) and WS 2008 R2 Datacenter 64Bits (Java(TM) 6 Update 24 (Whit no issue)
Kind regards
N.Achraf
0
↧
SEPM 14 - Windows Installation Packages disappeared
I do not need a solution (just sharing information)
Hello,
we have a problem with SEPM Version 14.0.2332.0100
Since this morning, all Windows Client Installation Packages (32+64 bit) disappeared.
We have 16 Servers in total, with hourly replication.
Each Server has his own Client Group and should install Windows Client Packages for his site.
Since today there is the following error message:
19. Mai 2017 09:29:14 MESZ: Die physische Datei [F04672439773F37514840789C2048E2A], auf die vom Softwarepaket[78A9CE8809B81BD2B4CD6E2649A53B9F,Symantec Endpoint Protection Version 14.0.2332.0100 für WIN64BIT ] verwiesen wird, ist nicht vorhanden. [Standort: Standort XXXXX] [Server: XXXXX]
For non-germans, the message is something like: the physical file XXX to which is directed from Softwarepackage YYY is not available
Under Admin - Packages - Clientinstallation, we had until yesterday 5 Packages, Mac, 2 x Linux and 2 x Windows, both Windows Packages are not longer there.
The Definition File is: 18.05.17 r19
Can someone help me?
Regards
Torsten
0
↧
Will a SEP 12 manager handle a SEP 14 client
I need a solution
Can I import the SEP 14 client into a SEP 12 manager and will it manage the client until I can get the SEPM upgraded to SEP 14?
0
↧