Hi there,
Im running a scan on a group of clients in my SEPM.
When i go to the command status and look for the scan details i see the scan is started, however i dont see how many files are scanned so i select auto update --> refresh is set to never, i set it to every 30 seconds. When i change this setting my admin is logt out of the console...
Any idea? im running the latest SEPM
LEVD
I need a step for troubleshooting the SEP clients which is showing outdated and disabled in SEPM console.
Any one has articles or documented steps.
I am trying to update the server certificate.
My main goal is to get rid of the warnings when accessing the SEPM console, but also using non-self-signed certificates for clients communications is a good thing.
At the moment I have trouble because SEPM is using a self-signed certificate with an old hostname (the server has been renamed since the very first installation of SEPM)
This has also cause a problem in SEPM: there are actually 2 servers listed in the server tab, one refers to the old hostname, the other to the new hostname.
They are both listed as online and same IP adress.
Getting back to the certificate, I have requested a new certificate at the corporate CA, using webserver template with exportable private key.
I have the pdf file and I am tryin to replace the old certificate using the procedure outlined here
https://support.symantec.com/en_US/article.HOWTO81...
however I get: unexpected error when I select certificate and password. No additional info.
On a unmanaged client SEP scan shows it found 1 Risk. However nothing is displayed in status or in the logs. Has anyone had this same issue and if so did you find a cause?
Thank you
I am trying to update the server certificate.
My main goal is to get rid of the warnings when accessing the SEPM console, but also using non-self-signed certificates for clients communications is a good thing.
At the moment I have trouble because SEPM is using a self-signed certificate with an old hostname (the server has been renamed since the very first installation of SEPM)
This has also cause a problem in SEPM: there are actually 2 servers listed in the server tab, one refers to the old hostname, the other to the new hostname.
They are both listed as online and same IP adress.
Getting back to the certificate, I have requested a new certificate at the corporate CA, using webserver template with exportable private key.
I have the pdf file and I am tryin to replace the old certificate using the procedure outlined here
https://support.symantec.com/en_US/article.HOWTO81...
however I get: unexpected error when I select certificate and password. No additional info.
How to configure device control policy for
1>Block Data Cards and allow USB storage.
2> All Bluetooth
SEPM & SEP version on my manager server is 14.0.2349.
5/31/2017, 8:00:18 GMT -> EVENT - PRODUCT UPDATE FAILED EVENT - Update available for SEPM Content Catalog - 14.0 - SymAllLanguages. Update for takes product from update 0 to . Server name - , Update file - , Signer - , package install code 0. The Update executed with a result code of 1845, => This update was aborted during LiveUpdate Pre-session processing. This error is most likely due to an expired content subscription.
Hi Team
Could you tell me:
1. If there's a maximum size of items on a SEP File Fingerprint List?
2. If there's any well known performance issues with a File Fingerprint List that has that maximun size once the System Lockdown is enable?
Thanks in advance
Hello,
We have the latest version 14 installed and this is preventing the latest Creators Update from installing automatically on our machines(200+). In order to upgrade these machines, we have to uninstall Symantec, perform the upgrade, and reinstall Symantec. Where as this is supposed to be a seemless process, this is now creating an additonal expense in man hours as we cannot have the windows upgrade deployed automatically after business hours. Additionally, the remote push function does not work with version 14 and Windows 10 1703.
I found a previuos forum post stating that a manual upgrade must be performed that will allow the setup to download updates from microsoft that disbables the compatibility check however after doing so, the windows upgrade still asks to remove Symantec.
Please, is there any way to automatically upgrade to newer windows versions, without having to uninstall/install Symantec?
Hello,
We have a few different domains that we manage using SEPM and have recently upgraded to 14 from 12.
Since then, a few of our Endpoints are not being updated to the latest virus definitions.
In one domain, we have 4 machines that are running Server 2012 R2 and they all have different virus definitions. One is up to date and the others are about 4/5 days out. They all connect to the SEPM server fine and are all reporting that they are up to date but they're not, based on the dates given.
The download protection defintitions are all the same and up to date, but the virus definitions are not.
Is it likely that the definitions installed on each of the machines are corrupt and will need removing?
Hello, When adding security risk folder exceptions and specifying "ALL" for the type of scan to exclude does this include the full scans?
For an internal audit, we require a description of Endpoint's own security measures. Specifically, we need a statement on how Endpoint ensures that no updates sent to the clients are intercepted, modified, loaded with malware, or otherwise compromised by attackers. Are these details published somewhere? Or does this have to come from a support technician directly? Thanks!
We have several HP all-in-one printers that SEP is blocking for 600 seconds due to UDP port scans. The ports are all high numbered ports...>50000. We are running SEP 12.1.6, Windows 7 client. I've seen other posts that indicate this was a known issue but was corrected in 12.1.5. Log sample attached. Any ideas??
Just raising awareness of some (free!) information that will be of interest to anyone monitoring today's threat landscape...
Financial malware more than twice as prevalent as ransomware
https://www.symantec.com/connect/blogs/financial-malware-more-twice-prevalent-ransomware
Financial Threats Review 2017: An ISTR Special Report
https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/istr-financial-threats-review-2017-en.pdf
Please do take measures to ensure that your organization stays safe!
Hello,
I am using SEP 14 (Windows 2008 Server) and always when i connect via Remote Desktop alerts start to popup.
If i disconnect and use it locally alerts stop. Reconnet RDP re-starts the issue. But not always.
It show like Risk Heur.AdvML.B and i cannot discover if it really is a false positive.
Please some advise.
Rodrigo A.
1. How do I view which clients have out of date definitions? I get a notification, but how do I run a report to see which ones I need to update?
2. I have six clients that will run liveupdate, apply the definitions, and not upgrade. Troubleshooting steps?
Hi All,
Due to the attack of the rampant ransomware, m
https://www.symantec.com/connect/blogs/wannacry-ra...
https://www.symantec.com/outbreak/?id=wannacry
I wonder if by installing the latest SEP client v14 and enable all of the components can make the computer & server safe?
I've verified that in all of my Windows Server 2003 and above, the patch required has been installed as well.
'KB4012598', #Windows XP, Vista, Server 2003, 2008'KB4018466', #Server 2008'KB4012212', 'KB4012215', 'KB4015549', 'KB4019264', #Windows 7, Server 2008 R2'KB4012214', 'KB4012217', 'KB4015551', 'KB4019216', #Server 2012'KB4012213', 'KB4012216', 'KB4015550', 'KB4019215', #Windows 8.1, Server 2012 R2'KB4012606', 'KB4015221', 'KB4016637', 'KB4019474', #Windows 10'KB4013198', 'KB4015219', 'KB4016636', 'KB4019473', 'KB4016871', #Windows 10 1511'KB4013429', 'KB4015217', 'KB4015438', 'KB4016635', 'KB4019472' #Windows 10 1607, Server 2016
Any sharing and comments would be greatly appreciated.
Hi dear friends ,
One of our customer's server has filled up its disk and C:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.2349.0100.105\Data\ErrMgmt\Queue\Incoming folder has 47.7 GB.
I found an article about it and it suggest me to i can disable "Let clients send troubleshooting information to Symantec to resolve product issues faster" section.
https://support.symantec.com/en_US/article.HOWTO12...
The exact question is can i delete these support log files after stopping SEP agent ?
Best regards,
Batuhan Çalın
Agilis / Symantec Gold Partner
A lot of clients are pointing to OLD SEPM server.. the old SEPM server is offline now and shutdown..
The effect is 9k of clients are Offline..
We know that the client is online (as my laptop is one of them). When i check the my laptop points to OLD SEPM..
Need assistance on how to do it to a lot of clients.
Our SEPM is sync to AD and each OU has its own policy (GUPS, USB, etc.)
thank you!a
I just created a case (#12538921) with Support. Following is what I sent to Symantec:
We are currently running SEP Manager 14 MP1 (14.0.2332.0100) on a Hyper-V VM with OS Windows 2008 R2 SP1. The server is current on all Window's Updates. We are attempting to upgrade the manager to SEPM 14 MP2 which was just released. A Hyper-V check point was created before the attempted upgrade. Every attempt to install results in a roll back. During the install when the machine reaches "Waiting for LiveUpdate to finish" the machine will roll back and the install fails. Since we are using a VM, I rolled back to the Hyper-V check point I had created and ran cleanwipe on the machine. I tried a clean install of SEPM 14 MP1 and it installed with no incident. I rolled back again to the check point and ran cleanwipe again. This time I did a fresh install of SEPM 14 MP2 and the software rolled back shortly after I reached "Waiting for LiveUpdate to finish". I also noted another issue after the roll back to MP1 during the attempted upgrade from MP1 to MP2. If I launch LiveUpdate from control panel I receive the error "LiveUpdate could not access its settings Error code 0x800736B1". When the clean install of MP2 failed I received the following error when I launched LiveUpate from control panel: "This application has requested the runtime to terminate in an unusual way. Please contact the application's support team for more information.". The error was in a message box with the heading "Microsoft Visual C++ Runtime Library". We have run the manager in this VM for 2-3 years with multiple upgrades and no issues. I ran SymDiag and it found no significant issues. Help would be appreciated.
If anyone has any ideas on this, they would be appreciated.
Thanks,
CQ