Dears,

one of our customers asked us about what is good about moving moving SEP DB which is on SEP Manager server to an external DB server?

Thanks in Advance

Since I upgraded SEPM to version 14 yesterday I've had 2 instances of it freezing. The first time I left it alone for about 30 mins and when I came back it was totally unresponsive (although from Win task mgr I could see it was still running).  I left it for a further 15 mins and was able to regain control again.  Today the same thing happened, but I didn't have 15 mins to wait so I closed it form task mgr, but was then unable to launch it.

After rebooting the server, I'm now getting an "Unexpected Server Error" when I try and launch SEPM as per screenshot below.

I'm running Win Server 2008 R2 64-bit SP1

Had a quick look for logs but couldn't find any

Hi All, I hope this question makes sense. Can i blocked the .DLL's that are used for BHO's in browsers using the Application and Device Control in SEP 12.x

Thanks

PaulC

I have 12.1 RU6, all Clint OS are compatible with chrome 58, but all Server OS are not working with chrome 58, if I try with old versions ex:55,53 works fine on server systems, we tried upgrade to MP8 on that system still the same, chrome open but shows blank page not able to get into any website, error page can't be displayed. Any suggestions:

Dears,

one of our customers have their DB on the same SEP manager server, they were asking would be good about moving the DB to an external DB server? they are using MSSQL DB.

Thanks in Advance

I am upgrading the Symantec Endpoint Protection Manager from 14 MP1 to 14 MP2 on the Windows Server 2008 R2 server.  During installation, the installer said "Error occurred" and dialog box showing the error log was displayed.  In the logs, the error was related to the keystore.jks under tomcat saying that it was tampered with or password was incorrect.  Last month, I have no problem to upgrade from 12.1.6 MP5 to 14 MP1.  Is there any problem with the installer of 14 MP2?

I extracted part of logs with error as follows:

2017-06-06 14:31:24.978 THREAD 21 WARNING: Upgrade> unInstallAndInstallApacheService>> UnInstalling / Installing Apache service...
2017-06-06 14:31:24.978 THREAD 21 WARNING: SemServiceManager> uninstallApacheService>> Uninstalling apache service...
2017-06-06 14:31:25.181 THREAD 21 INFO: The Symantec Endpoint Protection Manager API Service service is not started.More help is available by typing NET HELPMSG 3521.
2017-06-06 14:31:25.181 THREAD 21 INFO: SemServiceManager> serviceControl>> Executed command - stop semapisrv, process return value = 2
2017-06-06 14:31:25.181 THREAD 21 INFO: SemServiceManager> waitForServiceTermination>> Waiting for service termination: semapisrv
2017-06-06 14:31:25.181 THREAD 21 INFO: SemServiceManager> getServiceStatus>> Retrieve status for service semapisrv
2017-06-06 14:31:25.368 THREAD 21 INFO: SemServiceManager> getServiceStatus>> The status for semapisrv' service is 1
2017-06-06 14:31:25.384 THREAD 21 INFO: SemServiceManager> waitForServiceTermination>> Service is stopped.
2017-06-06 14:31:25.571 THREAD 21 INFO: The Symantec Endpoint Protection Manager service is not started.More help is available by typing NET HELPMSG 3521.
2017-06-06 14:31:25.571 THREAD 21 INFO: SemServiceManager> serviceControl>> Executed command - stop semsrv, process return value = 2
2017-06-06 14:31:25.571 THREAD 21 INFO: SemServiceManager> waitForServiceTermination>> Waiting for service termination: semsrv
2017-06-06 14:31:25.571 THREAD 21 INFO: SemServiceManager> getServiceStatus>> Retrieve status for service semsrv
2017-06-06 14:31:25.758 THREAD 21 INFO: SemServiceManager> getServiceStatus>> The status for semsrv' service is 1
2017-06-06 14:31:25.774 THREAD 21 INFO: SemServiceManager> waitForServiceTermination>> Service is stopped.
2017-06-06 14:31:25.976 THREAD 21 INFO: The Symantec Endpoint Protection Manager Webserver service is not started.More help is available by typing NET HELPMSG 3521.
2017-06-06 14:31:25.976 THREAD 21 INFO: SemServiceManager> serviceControl>> Executed command - stop semwebsrv, process return value = 2
2017-06-06 14:31:26.928 THREAD 21 INFO: Removing the 'Symantec Endpoint Protection Manager Webserver' serviceThe 'Symantec Endpoint Protection Manager Webserver' service has been removed successfully.
2017-06-06 14:31:27.068 THREAD 21 INFO: getUserRightsForSemWebSrv isSQLDB = false isWindowsAuth = false
2017-06-06 14:31:27.068 THREAD 21 INFO: User rights for semwebsrv = [SeServiceLogonRight]
2017-06-06 14:31:27.224 THREAD 21 INFO: Apache service account is deleted from SeServiceLogonRight option ? true
2017-06-06 14:31:27.224 THREAD 21 WARNING: SemServiceManager> uninstallApacheService>> Uninstalling apache service done! Process return code = 0. Apache service account is deleted from SeServiceLogonRight option ? true
2017-06-06 14:31:27.240 THREAD 21 SEVERE: java.io.IOException: Keystore was tampered with, or password was incorrect
2017-06-06 14:31:27.240 THREAD 21 SEVERE:     at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780)
2017-06-06 14:31:27.240 THREAD 21 SEVERE:     at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
2017-06-06 14:31:27.240 THREAD 21 SEVERE:     at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
2017-06-06 14:31:27.240 THREAD 21 SEVERE:     at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
2017-06-06 14:31:27.240 THREAD 21 SEVERE:     at java.security.KeyStore.load(KeyStore.java:1445)
2017-06-06 14:31:27.240 THREAD 21 SEVERE:     at com.sygate.scm.server.util.CertUtil.exportPublicCertificateAsBinary(CertUtil.java:777)
2017-06-06 14:31:27.240 THREAD 21 SEVERE:     at com.sygate.scm.server.util.CertUtil.ExportPublicCertificate(CertUtil.java:593)
2017-06-06 14:31:27.240 THREAD 21 SEVERE:     at com.sygate.scm.server.util.CertUtil.exportPublicCertificate(CertUtil.java:513)
2017-06-06 14:31:27.240 THREAD 21 SEVERE:     at com.sygate.scm.server.util.CertUtil.exportKeyAndCertificate(CertUtil.java:1260)
2017-06-06 14:31:27.240 THREAD 21 SEVERE:     at com.sygate.scm.server.upgrade.Upgrade.unInstallAndInstallApacheService(Upgrade.java:3450)
2017-06-06 14:31:27.240 THREAD 21 SEVERE:     at com.sygate.scm.server.upgrade.Upgrade.doUpgrade(Upgrade.java:2210)
2017-06-06 14:31:27.240 THREAD 21 SEVERE:     at com.sygate.scm.server.upgrade.ui.UpgradeTask.go(UpgradeTask.java:123)
2017-06-06 14:31:27.240 THREAD 21 SEVERE:     at com.sygate.scm.server.upgrade.ui.UpgradeProgressPanel$2.construct(UpgradeProgressPanel.java:251)
2017-06-06 14:31:27.240 THREAD 21 SEVERE:     at com.sygate.scm.util.SwingWorker$2.run(SwingWorker.java:159)
2017-06-06 14:31:27.240 THREAD 21 SEVERE:     at java.lang.Thread.run(Thread.java:748)
2017-06-06 14:31:27.240 THREAD 21 SEVERE: Caused by: java.security.UnrecoverableKeyException: Password verification failed
2017-06-06 14:31:27.240 THREAD 21 SEVERE:     at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:778)
2017-06-06 14:31:27.240 THREAD 21 SEVERE:     ... 14 more
2017-06-06 14:31:27.240 THREAD 21 INFO: CertUtil.ExportPublicCertificateAsBinary>>Couldn't load the keystore from InputStream:
2017-06-06 14:31:27.240 THREAD 21 SEVERE: add2048DhKeyParamsFor1024bitCerts>> Error: F:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\..\apache\conf\ssl\server.crt DH params cannot be updated, TLS DHE protocol will default to 1024 bit Ephemeral keysjava.security.cert.CertificateException: Could not parse certificate: java.io.IOException: Empty input
2017-06-06 14:31:27.240 THREAD 21 INFO: Couldn't load the Server certificate from file: F:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\etc\keystore.jks
2017-06-06 14:31:27.240 THREAD 21 SEVERE: java.io.IOException: Keystore was tampered with, or password was incorrect
2017-06-06 14:31:27.240 THREAD 21 SEVERE:     at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780)
2017-06-06 14:31:27.240 THREAD 21 SEVERE:     at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
2017-06-06 14:31:27.240 THREAD 21 SEVERE:     at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
2017-06-06 14:31:27.240 THREAD 21 SEVERE:     at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
2017-06-06 14:31:27.240 THREAD 21 SEVERE:     at java.security.KeyStore.load(KeyStore.java:1445)
2017-06-06 14:31:27.240 THREAD 21 SEVERE:     at com.sygate.scm.server.util.CertUtil.exportPrivatekey(CertUtil.java:662)
2017-06-06 14:31:27.240 THREAD 21 SEVERE:     at com.sygate.scm.server.util.CertUtil.exportKeyAndCertificate(CertUtil.java:1275)
2017-06-06 14:31:27.240 THREAD 21 SEVERE:     at com.sygate.scm.server.upgrade.Upgrade.unInstallAndInstallApacheService(Upgrade.java:3450)
2017-06-06 14:31:27.240 THREAD 21 SEVERE:     at com.sygate.scm.server.upgrade.Upgrade.doUpgrade(Upgrade.java:2210)
2017-06-06 14:31:27.240 THREAD 21 SEVERE:     at com.sygate.scm.server.upgrade.ui.UpgradeTask.go(UpgradeTask.java:123)
2017-06-06 14:31:27.240 THREAD 21 SEVERE:     at com.sygate.scm.server.upgrade.ui.UpgradeProgressPanel$2.construct(UpgradeProgressPanel.java:251)
2017-06-06 14:31:27.240 THREAD 21 SEVERE:     at com.sygate.scm.util.SwingWorker$2.run(SwingWorker.java:159)
2017-06-06 14:31:27.240 THREAD 21 SEVERE:     at java.lang.Thread.run(Thread.java:748)
2017-06-06 14:31:27.240 THREAD 21 SEVERE: Caused by: java.security.UnrecoverableKeyException: Password verification failed
2017-06-06 14:31:27.240 THREAD 21 SEVERE:     at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:778)
2017-06-06 14:31:27.240 THREAD 21 SEVERE:     ... 12 more
2017-06-06 14:31:27.240 THREAD 21 WARNING: SemServiceManager> installApacheService>> Installing Apache service, serverHome: F:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat, serviceName: semwebsrv
2017-06-06 14:31:27.240 THREAD 21 WARNING: SemServiceManager> installApacheServiceOnce>> Installing Apache service... Current time = Tue Jun 06 14:31:27 CST 2017
2017-06-06 14:31:27.365 THREAD 21 INFO: SemServiceManager> installApacheServiceOnce>> inputParameters = [F:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\apache\bin\httpd.exe, -k, install, -n, "semwebsrv", -f, "F:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\apache\conf\httpd.conf", -d, "F:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\apache\.", -D, WIN64OS]
2017-06-06 14:31:28.394 THREAD 21 INFO: AH00526: Syntax error on line 158 of F:/Program Files (x86)/Symantec/Symantec Endpoint Protection Manager/apache/conf/ssl/ssl.conf:SSLCertificateFile: file 'F:/Program Files (x86)/Symantec/Symantec Endpoint Protection Manager/apache/conf/ssl/server.crt' does not exist or is emptyInstalling the 'semwebsrv' serviceThe 'semwebsrv' service is successfully installed.Testing httpd.conf....Errors reported here must be corrected before the service can be started.
2017-06-06 14:31:28.394 THREAD 21 INFO: SemServiceManager> installApacheServiceOnce>> returnCode = 1

Hi,

we installed SEP 14.0MP2 and were testing out the 'automatic' upgrade for our Mac clients that had SEP 14 MP1 installed. The push went out as expected but all the upgraded machines now show up in the 'Default Group' instead of the group they were initially in ('Test'). Is this a bug or I do something wrong? We do sort machines into different groups and the fact that I have to re-sort them makes the binary push on Mac OS X pretty useless. It does not occur with PC's!

Anyone seen anything similar?

We are currently on SEP/SEPM 12.1 MP7 and I was going to upgrade SEPMs (Windows Server 2008 R2 with SQL 2008 R2) to 14 MP2 and then the clients, which can to 14 MP2. I thought 12.1 had reached end of life on April 3, 2017, and was replaced by 14, but with 12.1 MP8 being released about the same time as 14 MP2 I’m confused. Therefore, I have the following questions:

1) What’s the future for 12.1 versus 14?

2) Can I have 14 MP2 SEPMs and manage and provide virus definitions for SEP 12.1 MP6/7/8 clients?

3) If I upgrade SEPMs from 12.1 MP7 to 14 MP2, will the SEPM have 12.1 MP8 packages, which I can use to create packages for our XP clients (which can never be upgraded/replaced with a newer OS)?

NOTE: After successfully upgrading our two SEPMs to 14, I was going to build out a new SEPM server on Windows Server 2016 with SQL 2016 and enable replication to migrate to a newer OS and retire SEPMs on Window sSErver 2008 R2.

Hi community.  I'm looking to see if anyone has created an SQL script that queries the SEPM DB and extracts the existing whitelist from the DB.  I've already looked at the Log and SEM_Application table, which are great for event reporting, but what I am really after is a table (or tables) that contain the whitelist file fingerprint that has been file added by the GUI so that I can report on it.  Be nice to also get any string information for directory exclusions like #HKEY#'s as well.  Thanks to anyone who has done this before and can shed some light.  - Jim

Dear All,

We are using SEP 14 MP1 . When enable default firewall policy, everytime user access the nework share folder created at another cilent pc will take about 20~30 seconds to access.

This happen on all cilent PC network folders.

If we disable firewall policy in SEP, the issue is gone.

our cilent PC use Window 7 Professional SP1 .

Anyone face the same issue?

Thank you for your reply in advance.

Best Regards,

Boris

Hi ALl,

just wanted to know can we install SEP 14 Manager on Azure platfrom...with that can we manage the endpoints as well?

please share the systesm requirements for Azure also.

Thanks in advance.

So I am 90% of the way "complete" with the support request I put in regarding this thread: https://www.symantec.com/connect/forums/1216-mp8-i...

Anyway, to cut to the chase, the Support Engineer came to the conclusion that the reason why I cannot install MP8 on my Windows 10 (1607 or 1703) machines, is because I am trying to install an MP8 package that includes ALL my available modules (AV, PTP and NTP). He said that instead, I need to make a "Basic Protection" package (AV only), and that will install, and work under Windows 10. What?

Correct me if I'm wrong, but when Symantec says that 12.1.6 MP5 and Later has "Basic Compatibility" for Win10 , that does not mean AV Only does it??

I remember seeing something that described what "Basic Compatibility" was exactly, can't seem to locate that any longer.

Can anyone clarify what Basic Compatibility truly means with regards to Win 10 1607 and 1703?

Am I really stuck on MP7 (which installs perfectly on Win10) until I'm ready to upgrade to SEP 14 (which also installs perfectly, but I'm not ready to migrate)?

Thanks,
-Mike

I upgraded to SEPM version 14.0.2349.0100 earlier this week. Since then I'm getting frequent episodes of unresponsiveness where the SEPM GUI does not respond to anything I click on. If I run Task Manager during this period I can see two Processes called "SemSvc" running without any reported issues, the system performance is ok (plenty of CPU usage available, and 1.2GB available RAM) and I can even minimize the SEPM Window and move it around so it's not like it's completey bombed out like you usually see with Windows applicaitons hanging.  I've found that if I wait it out, I will usually get control back again, sometimes after a couple of minutes, other times I may have to wait half an hour. Inbetween these episodes, SEPM runs perfectly well, no slow down at all.

System details: Windows Server 2008 R2 64-bit SP1 running on a Dell Power Edge 1950 server (Intel Xeon E5320 1.86GHz, 4 GB RAM).

I have run the Symantec Diagnostic Tool during one of these unresponsive periods. It did report a couple of things as per screen shot below, but since there are still resources available I don't believe this is the cause.

Needless to say, this is making it extremely difficult to use.  Any ideas?

I'm running SEPM MP1 and want to use the auto-upgrade feature to upgrade my existing 12.1.X clients to 14. I have just tested this on a single Win 7 systems and worked fine so I'm happy with the process, I just have a couple of questions so I can move on with the remaining systems more efficiently.

I asked previously what happens if you have an XP system in a group that you're upgrading (given that version 14 won't run on XP) and was told it will get an error.  I'm now wondering what sort of checks are done before an upgrade is attempted. For example I have some clients on 32-bit O/S and some on 64-bit. Do I need to segregate these for the process, or if I dump both the 32-bit & 64-bit client install packages into the group, is the Client smart enough to pick the correct one?

I was also wondering is there a way I can I easily see which client packages are running on from the Client view tab?  I.e. When I go to Client, then from the Clients tab it shows a list of clients with Name, Health Sate, User, IP, O/S etc. but it would be helpful to see the SEP version in this list too. Is that easy to configure?

You can do a report (maybe before 12.1.6) to show the SEP client installation date & time from the SEPM. Export this report and in the Excel file there is alot to look at/sort thru so look for Creation Time header and whatever other info you need. Very helpful to determine spikes in licensing and what caused it.

I have read through a ton of best practices documentation to move SEPM 12.1.7 from one server 2008 32 bit to Server 2012 64bit.  New server has different name and ip, and using a sql db on another server. Nothing is changing for teh sql db.  Followed the Best Practices documents for moving SEPM. 

Worked perfect up until I noticed that the old server name is still showing under the Local Site with the new SEPM. Both servers show the new server SEPM IP address and Online. Old server is still in production but the old SEPM was decommissioned on it per running thru the procedure of moving the sepm. Clients are communication and appears tobe fine, but whats weird id if I right click server1 (old sepm), and select edit, delete, manager server it gives me server2(new server). It acts like its the same. Found someone else had an issue like this and indicated that its a stale record that can be deleted from the database but a support case has to be opened.

Any insight about what level of support I need to talk to so they understand or someone may have a better insight.

Here is the same issue. https://www.symantec.com/connect/forums/finalizing-moving-new-server-removing-old-sepm-server-list

Dear,

We are having some problems recently with some Symantec SEP Client, the problem was that some clients are not receiving updates correctly. I found that files in \ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Definitions\VirusDefs are differents from a computer that has correctly updated with some other that is not updated, for example a correctly updated computer usage.dat is:

[20170609.016]
SRTSP=1
NAVCORP_70=1
DEFWATCH_10=1

But a client that is not correctly updated says:

[20170530.001]
SRTSP=1
[20170530.019]
NAVCORP_70=1
[20170609.016]
DEFWATCH_10=1

definfo.dat is the same in all clients:

[DefDates]
CurDefs=20170609.016

Another thing that i see is that in the VirusDefs Folder are like 5 folders with VirusDef for example: 20160922.001 - 20160922.025 - 20170330.008 - 20170609.016 - 20170530.019

We are having a huge problem because a lot of clients are reported like outdated in SEPM, if i manually mofidy usage.dat in the client with update problems and restart the machine then later the computer is reported correctly and that allows me to delete the other folders with old virus defs.

Any ideas of how to correct this?. Thanks!

Hello,

I have SEPM 14 for Windows servers and clients, need to know if there is any solution to protect virtual environments "VMware" like Sophos virtualization security?

Thank you

Hi Guys,

 I just upgraded my SPEM from 12.1 ( RU6 MP5 ) to 14 MP2, post which lots of clients went offline ( expected ) but when they did come online it was an incorrect report as those systems which were reported online by the manager were actually shut down ( as in the physical system shut down ) . Please do advice on the same 

Hello

We have SEP 12.1.4 and we have created a global exception list for our servers and assing to SEP group where thses servers are memeber of SEP group

But on these servers' SEP client I cannot see this excepiton list entries are appearing which we have created on SEPM server as global exception list

how we can confirm that global exceptino list is applied on all servers of SEP group

Thanks