Since upgradig to SEP 14 (on Win 10) I'm getting a lot of notifications about applications that have changed since last usage. Whilst I thought it was quite good at first, it's just becoming a nuisance now. After a Windows update I have to acknowledge about 15 changes. Can this setting be toned down somewhere? Thought it would be under SONAR but unless I'm missing somehting (quite likely!!) I can't see it.
Hello I can't seem to find the list of apps which I clicked allow to access the internet. Please advice
Hello, we have installed the following options on our laptops : Virus and Spyware Protection, Proactive Threat Protection and Network and Host Exploit Mitigation.
The last option is giving us issues because our engineers sometime use special hardware that now is being blocked by the last option.
Is there a way to remove this from on the central server, or do I need to create a new install package and ask everyone to re-install ?
I would like an solution without reinstalling at every client laptop (to many :-) )
Please help me with teh Live update issue on Linux
I have RHEL with kernel (3.10.0-514.16.1.el7.x86_64) machine hosted on cloud
I have installed SEP 14 MP1 version
The Live is not happening on the machine
The connection to internet is via proxy
The symantec sites are allowed.
Few Clients are not getting updated
I get the below error in live update logs
It failed to connect to Hostname: liveupdate.symantec.com but later on the next sesion it successfully connected to Status Message: Server was selected
Protocol: HTTP
Hostname: liveupdate.symantecliveupdate.com
Available Updates: 0
Session Result Code: 0x00010600
Session Result Message: OK - no updates available
Result Code: 0x8001FFFF
Result Message: UNKNOWN
[Server Selection - START]
17:44:44.752217 Result Code: 0x00010000
17:44:44.752282 Result Message: OK
17:44:44.752326 [Server - START]
17:44:44.752370 Host ID: {113395A0-D3D8-4BE4-80B5-202C94EF4A75}
17:44:44.752407 Status Code: 1
17:44:44.752443 Status Message: Server was not selected
17:44:44.752483 Transport Return Code: 0x80010731
17:44:44.752529 Transport Return Message: FAIL - download failed
17:44:44.752587 Protocol: HTTP
17:44:44.752636 Hostname: liveupdate.symantec.com
17:44:44.752672 Port: 80
17:44:44.752706 Path:
17:44:44.752740 Proxy ID: {00000000-0000-0000-0000-000000000000}
17:44:44.752773 Proxy Bypass: false
17:44:44.752807 [Server - END]
17:44:44.752840 [Server - START]
17:44:44.752880 Host ID: {113395A0-D3D8-4BE4-80B5-202C94EF4A76}
17:44:44.752914 Status Code: 2
17:44:44.752947 Status Message: Server was selected
17:44:44.752980 Protocol: HTTP
17:44:44.753014 Hostname: liveupdate.symantecliveupdate.com
17:44:44.753047 Port: 80
17:44:44.753080 Path:
17:44:44.753113 Proxy ID: {00000000-0000-0000-0000-000000000000}
17:44:44.753146 Proxy Bypass: false
17:44:44.753193 [Server - END]
17:44:44.753238 [Proxy - START]
17:44:44.753278 Proxy ID: {005B077A-5C98-4853-9244-8DC0FF3B1465}
17:44:44.753312 Protocol: HTTP
17:44:44.753346 Default: HTTP
17:44:44.753380 Host: 10.224.1.165
17:44:44.753414 Port: 3128
17:44:44.753447 [Proxy - END]
17:44:44.753481 [Server Selection - END]
17:44:44.753531 [Check for Updates - START]
17:44:44.753605 Result Code: 0x00010000
17:44:44.753653 Result Message: OK
17:44:44.753691 Component Status Changes:
17:44:44.753732 None
17:44:44.753768 [Component - START]
17:44:44.753806 Component ID: {9F634534-BAF4-444B-B823-F14C1C80A 8FD}
17:44:44.753841 Available Updates: 0
17:44:44.753875 [Component - END]
17:44:44.753909 [Check for Updates - END]
17:44:44.753953 [Finalize Session - START]
17:44:44.754017 Result Code: 0x00010000
17:44:44.754057 Result Message: OK
17:44:44.754093 Component Status Changes:
17:44:44.754133 None
17:44:44.754168 [Finalize Session - END]
17:44:44.754521 [Session Results - START]
17:44:44.754571 Session Result Code: 0x00010600
17:44:44.754607 Session Result Message: OK - no updates available
17:44:44.754652 [Component Result - START]
17:44:44.754687 Component ID: {9F634534-BAF4-444B-B823-F14C1C80A 8FD}
17:44:44.754722 Display Name: Virus and Spyware Definitions for Linux
17:44:44.754758 PVL: SEPC Virus Definitions Linux 14.0_MicroDefs B.CurDefs_SymAllLanguages
17:44:44.754796 Result Code: 0x8001FFFF
17:44:44.754831 Result Message: UNKNOWN
17:44:44.754865 [Component Result - END]
17:44:44.754898 [Session Results - END]
17:44:44.754931 [Session Summary - START]
17:44:44.754964 Components: 1
17:44:44.754998 Packages: 0
17:44:44.755031 Success: 0
17:44:44.755063 Fail: 0
17:44:44.755096 [Session Summary - END]
Browse results to Symantec sites(proxy is working fine as some server are getting updated)
We need to know if can obtain a SHA1 list of files instead of/or as an additional information?
We use SEPM12.1.5 in Windows 2008 Server R2 Std. And clients use Windows 7-
Thanks in advance.
Countless machines running 12.1.6 where the SepMasterService fails to start normally after a reboot. Already opened a ticket with support over a month ago.
sc.exe \\computername query sepmasterservice
SERVICE_NAME: sepmasterservice
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
Then you get the dreaded message below when trying to open the Symantec GUI.
"Symantec Endpoint Protection cannot open because some Symantec services are stopped. Restart the Symantec services, and then open Symantec Endpoint Protection".
I see a couple of machines on which the file is quarantined and after 2-3 minutes showing as "Log only"
Does "Log only" mean... no action is taken? what to do for such cases?
How can we clear the qurantine , to prove that the files are cleared from the PC?
Hi Team,
SEPM reports shows win vista instead of win 7. is there any issue on this reporting part from SEPM 12.1.6 MP5.
Hello Symantec Team,
Recently we have started using New Symantec version 14.0.2332.0100 and facing the issue of Win 7 stuck in shutting down process. This issue was not occured with SEP 12 version.
After we have upgraded symentec version from 12 to 14 then this issue started. Also we have checked with new symentec 14 installation on fresh win 7 OS but getting same problem.
Everytime we should hard reboot to systems.
Currently Windows 7 x64 is installed on those systems which getting this issue. This issue is affected on more than 50 systems.
Kindly provide the solution as soon as possible.
Thanks & Regards,
Abhijeet
Hello,
We are getting notification at regularly:
| Occurrence: | 1 |
| Signature Name: | System Infected: W97M.Downloader Activity 24 |
| Signature ID: | 29742 |
| Signature Sub ID: | 73736 |
| Intrusion URL: | update-kernal.net/update-index.aspx?req=69210945%5Cdwn&m=d |
| Intrusion Payload URL: | N/A |
| Event Description: | [SID: 29742] System Infected: W97M.Downloader Activity 24 attack blocked. Traffic has been blocked for this application: C:\WINDOWS\SYSTEM32\WINDOWSPOWERSHELL\V1.0\POWERSHELL.EXE |
| Event Type: | Intrusion Prevention |
| Hack Type: | 0 |
| Severity: | Critical |
| Application Name: | C:/WINDOWS/SYSTEM32/WINDOWSPOWERSHELL/V1.0/POWERSHELL.EXE |
| Network Protocol: | TCP |
| Traffic Direction: | Inbound |
| Remote IP: | 52.213.114.86 |
after every 2 mint symantec detect the same.
kindly advice how to get rid of this situation.
We also block remote IP at internet firewall, and url at proxy, but still getting the notification.
Hi,
I'd like to automatically add some folder exceptions when SEP is installed. For example D:\Database should be added to the SONAR exceptions list. Ideally I'd like to do this during silent installation of SEP via a setup script I usually run to install the product. I looked at the list of MSI parameters I can install with but didn't see anything for adding exceptions to prevent scanning of folders.
Is there a way I can automate this?
Thanks
We're rolling out SEP 14 for Windows 10; we've enabled Windows 10 UWF and found that there isn't offcial support or an unoffical work around to use this Write Filter with SEP 14. After checking in to supported Write Filter types, SEP 14 only supports: FBWF.
My questions are:
Will SEP offer support for UWF for windows 10?
If you're rolling out Windows 10 in your envrioment with a write filter, which product are you using?
Dear All,
Currently, in our property, we are using Symantec Endpoint Protection Manager and Endpoint Protection version 12.1.2015.2015. Currently, this doesn't support in installing for devices with Windows 10 OS. But it's compatible with windows server 2012. Kindly advice me to which version should we upgrade to for the windows 10 compatibility. And if we are upgrading what challenges we will face or are there any requirements.
Thank you all in advance. Please help. I need to submit my company by today itself.
Thanks & Regards,
Shiras Nahas
Anyone have any fine detail on the inner workings of the cloud lookup on desktops? I am looking for more detail on the internet communcation, I can only presume (hope) that the realtime scanner isn't having to go to the internet for the operating files. I am also wondering once a locally installed application is scanned once, its never looked up in the internet for a second time?
Which definitions protect against Jaff Ransomware? If detected, what would it be called, so I can search for it in our SEPM?
Hello,
I posted a few weeks back about an upcoming migration where we are merging with another company. After some discussion it was decided the best approach to take would be to run a backup and restore of the db onto the new server, then change the Management Server list on the old SEPM server to tell clients to talk to the new one.
In the event we do not wish to restore the old db and instead create everything new from scratch, what would be the best approach for the clients currently running v14 MP1 which report to the existing SEPM server? Considering the new SEPM server will also be running v14 MP1, would we need to uninstall/re-push the SEP client from the new SEPM server on those clients?
Hi All,
As per one of my friend's suggestion, I have created ADC rule as mentioned below to detect TOR Browsers on endpoints.
--------------------------------------------
File and Folder Access Attempts:
*Browser\firefox.exe
c:\*Browser\firefox.exe
*\*firefox.exe
Launch Process Attempts
firefox.exe
----------------------------------------------
I have found below files under Caller Process Name.
C:/Program Files/Symantec/Symantec Endpoint Protection/12.1.1000.157.105/Bin/ccSvcHst.exe
C:/Program Files (x86)/Symantec/Symantec Endpoint Protection/12.1.3001.165.105/Bin/ccSvcHst.exe
C:/Program Files/Symantec/Symantec Endpoint Protection/12.1.3001.165.105/Bin/ccSvcHst.exe
C:/Program Files (x86)/Symantec/Symantec Endpoint Protection/12.1.2015.2015.105/Bin/ccSvcHst.exe
C:/Program Files/Symantec/Symantec Endpoint Protection/12.1.2015.2015.105/Bin/ccSvcHst.exe
C:/Program Files/Symantec Client Security/Symantec AntiVirus/12.1.1000.157.105/Bin/ccSvcHst.exe
C:/Program Files (x86)/Symantec/Symantec Endpoint Protection/12.1.5337.5000.105/Bin/ccSvcHst.exe
My query is why Symantec is calling below mentioned TOR browsers
C:/Documents and Settings/Mike.Oyeniran/Local Settings/Temp/7ZS2E2.TMP/CORE/FIREFOX.EXE
C:/Program Files (x86)/Mozilla Firefox/FIREFOX.EXE
c:/Program Files/Mozilla Firefox/firefox.exe
C:/Users/djamel.faid/Desktop/BROWSER/UPDATED/BROWSER/FIREFOX.EXE
C:/Users/djamel.faid/Desktop/BROWSER/FIREFOX.EXE
C:/Users/djamel.faid/Desktop/TOR BROWSER/BROWSER/FIREFOX.EXE
C:/Users/djamel.faid/Desktop/BROWSER/BROWSER/FIREFOX.EXE
c:/program files/mozilla firefox/updated/firefox.exe
C:/WINDOWS.OLD/PROGRAM FILES/MOZILLA FIREFOX/FIREFOX.EXE
C:/Program Files (x86)/Mozilla Firefox/UPDATED/FIREFOX.EXE
C:/PROGRAM FILES/MOZILLA FIREFOX/NSS11B.TMP/FIREFOX.EXE
C:/Documents and Settings/JCF/LOCALS~1/TEMP/7ZS1F3.TMP/CORE/FIREFOX.EXE
C:/Users/shazim/Desktop/TOR BROWSER/BROWSER/FIREFOX.EXE
C:/Users/mukesh.LAFARGE/Desktop/SOFTWARES/TOR BROWSER/BROWSER/FIREFOX.EXE
c:/Users/mohamed.abdelsamad/AppData/Local/Temp/7zS5263.tmp/core/firefox.exe
C:/DRP_14.9/SOFT/BROWSER/FIREFOX.EXE
C:/Data/Softwares/Tor Browser/Browser/firefox.exe
C:/Users/ext.cmostafai/Downloads/BROWSER-20160608T103400Z/BROWSER/BROWSER/FIREFOX.EXE
C:/Users/rabah.maza/Desktop/BROWSER-2015-09-25/BROWSER-2015-09-25/BROWSER/FIREFOX.EXE
C:/Users/ext.cmostafai/Downloads/BROWSER/BROWSER/FIREFOX.EXE
c:/Users/mmoubark/AppData/Local/Mozilla Firefox/updated/firefox.exe
C:/Program Files (x86)/MALWAREBYTES ANTI-MALWARE/CHAMELEON/WINDOWS/FIREFOX.EXE
C:/FirefoxPortableTest/App/Firefox/firefox.exe
C:/Users/salem.amer/AppData/Local/Mozilla Firefox/UPDATED/FIREFOX.EXE
C:/Users/raed.emailat/AppData/Local/MOZILLA FIREFOX/FIREFOX.EXE
C:/Program Files/Hewlett-Packard/Firefox - HP Virtual Browser Edition/fslrdr/1/[_B_]PROGRAMFILES[_E_]/Virtual Firefox/firefox.exe
c:/Users/faiz/AppData/Local/Mozilla Firefox/updated/firefox.exe
C:/Users/Sathis - RMQ/Desktop/Satish/Doc/FirefoxPortable/App/Firefox/FIREFOX.EXE
c:/Users/olkilani/AppData/Local/Temp/WPDNSE/{00006318-0001-0002-0000-000000000000}/firefox.exe
C:/Users/chamith/Documents/Chamith - Rashen/Chamith Nilanka/Credit Controll Department/Customers/Tekfen/Mozilla Firefox/firefox.exe
C:/Users/Mazen.Dibie/AppData/Local/MOZILLA FIREFOX/FIREFOX.EXE
C:/Users/Mazen.Dibie/AppData/Local/MOZILLA FIREFOX/UPDATED/FIREFOX.EXE
C:/Users/salem.amer/AppData/Local/Mozilla Firefox/firefox.exe
C:/Users/user/AppData/Local/Mozilla Firefox/updated/firefox.exe
C:/Users/user/AppData/Local/Mozilla Firefox/firefox.exe
C:/Users/mmoubark/AppData/Local/Mozilla Firefox/firefox.exe
C:/Users/hanine.benyounes/Desktop/BROWSER/FIREFOX.EXE
C:/Users/djamel.hadidi/Desktop/BROWSER/FIREFOX.EXE
Please help me.
Attempting to upgrade from 12.1.6 MP5 and the process stops with the attached error.
We have a group policy that associates most scripts with notepad but this has been disabled for the admin account used and .vs* extensions have been checked and are associtated with cscript.
are there any other script extensions tha should be checked
Stan
Hi,
i have a custom HI requirement check which i want to run every day.
I use the standard HI Settings from Symantec:
when i check the Logs on the Client for Compliance Events, i only see the following events:
How does this work in the background, there are two days missing 20.05 and 21.05 doing the checks i want?
The Logs on the Manager look the same.
Any ideas how to interpret the logs in this case, did the checks not run every 10 minutes as per the settings?
Hello,
2017-05-24 12:37:34.400 THREAD 1 AVERTISSEMENT: Finished validating LiveUpdate content. --> SUCCESSFUL
2017-05-24 12:37:34.400 THREAD 1 AVERTISSEMENT: Database validation failed.
2017-05-24 12:37:34.451 THREAD 1 AVERTISSEMENT: [La base de données contient des anomalies.Pour plus d’informations, reportez-vous à dbvalidator-x.log dans le dossier d’installation de Symantec Endpoint Protection Manager, sous tomcatlogs.]
2017-05-24 12:37:34.575 THREAD 1 AVERTISSEMENT: Finished.
Résultats DBCC pour 'ALERTS'.
Msg 2533, Niveau 16, État 1, Ligne 1
Erreur de table : la page (5:47371) assignée à l'ID d'objet 110623437, ID d'index 0, ID de partition 72057594045267968, ID d'unité d'allocation 72057594047430656 (type In-row data) n'a pas été affichée. La page n'est peut-être pas valide ou comporte un ID d'unité d'allocation dans son en-tête.
Il y a 5528 lignes dans 699 pages pour l'objet "ALERTS".
CHECKDB a trouvé 0 erreurs d'allocation et 1 erreurs de cohérence dans la table 'ALERTS' (ID d'objet 110623437).Résultats DBCC pour 'ALERTS'.
Msg 2533, Niveau 16, État 1, Ligne 1
Erreur de table : la page (5:47371) assignée à l'ID d'objet 110623437, ID d'index 0, ID de partition 72057594045267968, ID d'unité d'allocation 72057594047430656 (type In-row data) n'a pas été affichée. La page n'est peut-être pas valide ou comporte un ID d'unité d'allocation dans son en-tête.
Il y a 5528 lignes dans 699 pages pour l'objet "ALERTS".
CHECKDB a trouvé 0 erreurs d'allocation et 1 erreurs de cohérence dans la table 'ALERTS' (ID d'objet 110623437).
Résultats DBCC pour 'SCANS'.
Msg 2533, Niveau 16, État 1, Ligne 1
Erreur de table : la page (5:64586) assignée à l'ID d'objet 548197003, ID d'index 0, ID de partition 72057594048217088, ID d'unité d'allocation 72057595497086976 (type In-row data) n'a pas été affichée. La page n'est peut-être pas valide ou comporte un ID d'unité d'allocation dans son en-tête.
Il y a 295930 lignes dans 30791 pages pour l'objet "SCANS".
CHECKDB a trouvé 0 erreurs d'allocation et 1 erreurs de cohérence dans la table 'SCANS' (ID d'objet 548197003).
Kind regards
N.Achraf