Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all 10484 articles
Browse latest View live

Unable to add packages to SEPM

June 16, 2017, 10:43 am
$
0
0
I need a solution

I am trying to add client install packages to the SEPM.  It will only accept .zip or .info files.  I have downloaded the .zip (Symantec_Endpoint_Protection_14.0.0_MP2_All_Clients_EN.zip).  It will accept that as a file, then error out with "Failed to retrieve the build number of the package for the package list generation."

I see a previous thread from January with this issue: https://forum.support.veritas.com/connect/forums/unable-add-client-install-packages

That thread provides a link to manual import steps, which specify using a .info file that is not present in the .zip file I have.  Do I have the wrong file?  If so, where can I get the correct file?  This is the only download I could fine under my account.

Thanks.

0
Search

Use of System Lockdown for multiple computers

June 16, 2017, 3:21 pm
$
0
0
I need a solution

Hi Team

Please read carefully the following case description, I already reviewed the following documents before opening this discussion : HOWTO80848, HOWTO80849, TECH207935, HOWTO80859 , HOWTO80850.,

Customer Requirement:  Apply System Lockdown to all computers in their environment.

Assumptions:

  • Customer:
    • Will:
      • Have different groups with a different File fingerprint lists.
      • Run Log only mode before enable Whitelisting mode.
         
  • On a group with 30 Computers that contains two or three different Operating Systems like Windows 10 Enterprise, Windows 10 Professional, Windows 7 Enterprise.:
     
    • Questions:
      • Please confirm if it’s valid the following process or if could generate an issue during the System Lockdown:

        Steps:
         

        1. Use the Collect File Fingerprint List command from a sample of each different OS (for example collect 3 different file fingerprint list).
        2. Verify the Command Status (at Monitors)
           
        3. Once the command sent to the 3 computers is 100% completed then:
        4. Create a new File Fingerprint List by using the Wizard .
           
        5. Choose the option “Create the file fingerprint by combining multiple existing file fingerprint
        6. Append the lists generated at  step #1
           
        7. Run System Lockdown as Log Unapproved Applications
        8. A few days later, Export the Application Control Log to Identify new applications that needs to be added.
          1. Identify the values from the column called: Target
          2. Identify the MD5 from the column called: Description.
          3. Create a file fingerprint list by using the MD5 hash separated by a space and the Path showed on the Target column.
            1. By using Excel reduce the number of duplicated values.
              1. For example, a line of this file will be similar to:
                1. 750446ed76a5d13e902174dddda1a62b C:\Windows\System32\taskeng.exe
                   
          4. Append  the new file fingerprint to the one generated at step #6 .
            1. Expectations:
              1. From the time that was applied this new list the Systems of the Group will not show false positives or will be a minimum.
              2. Because the limit of the approved file list is 512 items then with the above approach could be better the management.
                 
      • Any other advise or question that you need in order to understand this use case?

Best Regards

0

sepm upgrade

June 16, 2017, 7:22 pm
$
0
0
I need a solution

Hello Friends!

may I know the steps to upgrade my sepms from 12.1 to 14? We are currently at 12.1.6 MP5. Can anyone help?

thank you!

0

Symnet.sys causing continuous increase in nonpaged pool memory until system crashes

June 17, 2017, 2:41 am
$
0
0
I need a solution

Hi,
I am using SEP 12.1.5 on windows 7 systems (clients) and win server 2008 r2. I am facing a problem of systems slowing down in few days and crashes. After debugging found that symnet.sys from SEP causing increase in high ram usage by increasing uses of nonpaged pool and at the end ram gets full and system crashes. For test, I disabled symnet.sys and observed for one week, the systems didn't get any memory increase or crashing issue.
I couldn't find any solution without disabling symnet.sys driver and need a urgent help on this. Please let me know how to fix it.
P. S. can't upgrade to v12.1.6 as there are still some Win XP systems on the network which are working fine and don't hve memory usage issues with SEP 12.1.5.

Thanks.

0

Endpoint v14.0 with Malwarebytes is breaking systems by the 100's

June 17, 2017, 9:16 pm
$
0
0
I need a solution

Aloha Guys,

We have around 2000+ endpoint licenses, and every comptuer with malwarebytes installed on it is breaking,  endpoint thinks malwarebytes is a virus or something, with the two install on the same computer, it breaks web protection in malwarebytes and then you can launch firefox, IE, chrome etc.. 

Malwarebytes has blamed endpoint,  uninstalling endpoint fixing the problem, but putting it back on the problem comes back. We have so many of these out there, there is no way for us to log into each computer to fix it. All of these comptuers are all at home, remote computers, they are not managed by our server since its not on the local network.

How do we fix this? I just looked for a new version, but its still 14.0, I know its an update that broke it, because for months its been working just fine.

Can someone give me a solution, malware gave us like 16 things to whitelist, but on 2000+ computers we can not do that, it will take forever.

Need help please

Malwarebytes is version 3.0 lastest download registered.

0

SEP 7166 to 7266

June 18, 2017, 4:22 pm
$
0
0
I need a solution

How does one upgrade Symantec 12.1.6 RU MP7 (7166) to MP8? The downloads section from Symantec contains versions upgrading to 7266 and the latest one is from build 7061.

Thanks.

0
1497834900

Windows stuck applying updates if SEP 14 install pending reboot

June 18, 2017, 6:17 pm
$
0
0
I need a solution

Hello,

I recently deployed SEP 14 MP1 to install over SEP 12.7 on my fleet of 6500 PCs. I'm seeing multiple incidents coming in, where the following issues are occurring:

  • Internet Access stops
  • Internal websites are very slow
  • SEP console does not open, but is in the task bar
  • running SMC -stop does nothing

In all cases, Internal network resources (PING/File shares etc) are ok, and SEP 14 is pending a restart post install. Initiating a shutdown stalls at 15%, no matter how long you wait, and a hard reboot then completes windows updates and windows/SEP is now ok.

This is affecting less than 2% of machines so far, but enough number to be a concern. Any ideas?

Regards

Jason Reid

0
1497849808

SEPM scheduled scan time does not match the actual start of scan time

June 18, 2017, 8:49 pm
$
0
0
I need a solution

Hi All

Running on SEPM 12.1 MP6.

I have read KB's about SEPM using GMT time.

I have a scheduled scan to start 7am on every Sunday.

However, i am finding that the scan on the actual clients starts at 5pm. (GMT +10 on local server).

Is this as per design? If so, do i have to set the scheduled scan on SEPM to 9PM Saturday, if i want it to kick off at 7am Sunday on local clients?

Thanks,

DM

0
Search

2017 年網路安全威脅研究報告現已出刊

June 18, 2017, 8:58 pm

How to make exceptions to firewall

June 19, 2017, 7:02 am
$
0
0
I need a solution

Am running SEP 12.1.5 - SEP unmanaged - keeps flagging up changes to office exe files - this is preventing outlook loading on automated screens - is the same two files all the time - how to I exclude these files from the firewall?

0

How do remote clients off our network update SEP definitions?

June 19, 2017, 7:27 am
$
0
0
I need a solution

I have inherited a SEP environment that I administer but am having a problem understading how remote clients off our network are getting updated. The way it works currently, if a client is on our network the "Live Update" feature on the client itself is grayed out and not available. Those would get updated via SEPM. When the client is off our network "Live Update" is available and if you give it some time will get the latest definitions automatically.

Looking at the "Live Update" policy on SEPM shows that both the "Use default management server" and "Use a LiveUpdate server : Use the default Symantec LiveUpdate server" are both selected. Is this the mechanism of how this works or am I not understanding it correctly?

This pertains to laptop users who work from home.

Also to note, our laptop users do have Direct Access configured but also a VPN solution as not everything works via Direct Access. Most remote users do not actively use the VPN solution since their needs rarely require it.

0

SEP 14 export logs to dump file not adding data

June 19, 2017, 1:31 am
$
0
0
I need a solution

I have set up SEPM 14 to save behavior, packet and traffic logs to a dump file.  The logs are being created, but are being deleted and new logs created per client instead of cumulative.  This means only the last machine to send logs at the end of the day is registered and all other logs are not.  The data can be accessed in the SEPM console, but the dump files are archived off for audit purposes and need to be acurate. 

Example: agt_behavior.tmp fills to 209Kb all one client then a few seconds later drops to 8Kb with only data from another client.

We have this working perfectly on SEP 12 with all client logs showing in the dump file, the issue is with the SEP 14 server and needs to be fixed before we can migrate all clients.

Any help would be appreciated.

0

Full scheduled scan never ends and uses 100% CPU

June 19, 2017, 1:47 am
$
0
0
I need a solution

I scheduled a full scan that runs every friday evening at 10 PM. The scan is not allowed to run for more than 24 hours. Every folder of the system is included in the scan.

The scan policy is deployed to 197 pcs, but since a couple of weeks ago, only on my pc the scheduled scan doesn't ends, unless I reboot my pc. The scan is causing the pc to use 100% of cpu.

I attached 2 screenshots of the policy. If needed I can upload the data collected from SymDiag.

0

Proactive Threat Protection Disabled

June 19, 2017, 9:00 am
$
0
0
I need a solution

It seems like this is an older feature, but how do I enable this to get it off my clients error log?

0

1497897037

chrome is blocked from accesing network by SEP

June 19, 2017, 3:20 am
$
0
0
I need a solution

I installed google chrome and able to browse. At some point of time SEP asked google chrome is trying to access network. Allow or block it? By mistake I selected block. After that I am not able to browse using chrome. I tried to uninstall and install the chrome again, removed all previous data option selected, still not able to browse using chrome. Any help?

0
Search

Live update is missing in control panel

June 19, 2017, 11:04 pm
$
0
0
I need a solution

Hi,

After upgrading SEPM from 12.x to 14 MP2,live update tool is missing in control panel.

SEPM on windows server 2008 R2 std.

0

GUP Wannacry infection - corrupt virus definitions

June 20, 2017, 12:11 am
$
0
0
I need a solution

Hello,

We have a total of 6 branches, every branch has a local server(W2008R2) configured as GUP in SEPM(12.1.5 RU5). To provide virus definition updates locally.

We noticed one of our sites wasn't receiving updates anymore, eventvwr of clients showed this log:

Content download to the client failed

Product: SEPC Iron Revocation List 12.1 RU5
Version: MicroDefsB.CurDefs
Language: SymAllLanguages
Moniker: {810D5A61-809F-49c2-BD75-177F0647D2BA}
Sequence: 170618019
Publish Date: zondag 18 juni 2017
Revision: 019
Source: Group Update Provider
Size: 802897 bytes

Running the Symantec diagnostic tool on this client shows Definitions are corrupt.

When connecting to the GUP we noticed this server was affected by the WannaCry ransomware.

We immediately shut down this host (not a critical server) and made another server GUP.

Unfortunatelly clients are not able to download new virus definitions, running the diagnostic tool on the clients resulst in the critical error SEP 14.0 SDS Definitions are corrupt.

Please advice on how we can proceed in updating these clients.

Thanks.

0

Difference between Endpoint Protection and Endpoint protection Cloud

June 20, 2017, 12:23 am
$
0
0
I need a solution

hi, 

Sorry if this is a basic question. Buts its getting hard to understand from website and its difficult to interact with sales reps directly without having a decent understanding. 

As the title says, I am a bit unclear about the difference between the two. We had license for Endpoint Protection (not the cloud) and it is about to expire. Our requirement is simple

- We have a mix of Windows professional (not server), Mac and Ubuntu 14.04 laptops. 

- We need an antivirus to be running on all of them

- We need ways to disable USB ports, cd-drives etc

I glanced at https://www.symantec.com/content/dam/symantec/docs/data-sheets/endpoint-protection-14-en.pdf and https://www.symantec.com/content/dam/symantec/docs/data-sheets/endpoint-protection-cloud-en.pdf and sorry to say but got more confused. The cloud version does not include Ubuntu in supported OS whereas non-cloud version has Ubuntu. I was assuming cloud is the later version and will have everything. 

Could you please advise on what to go with if the above is the need? I also assume there will be some central console running on a server through which we can manage individual end-points. Again someone told me the central console is possible only in cloud version (could be wrong)

Thanks,

Vikram

0

NTP: OS Attack: Microsoft SMB MS17-010 Disclosure Attempt

June 20, 2017, 1:37 am
$
0
0
I do not need a solution (just sharing information)

Hi experts,

Below information was found during I check the NTP attack.

It looks like Microsoft SMB MS17-010 is not patch on the machine.

But, something make me more interested is traffic has been blocked for this application is avast antivirus, so the attack actually is blocked by Symantec? or Avast?

I believe that this computer may have avast installed, which I have no verify yet as the machine locate at different timezone from me.

2017-06-20 16_29_43-C__Users_loh.chee_.siong_Documents_Symantec NTP_eln057 OS attack SMB ms17-010.png

I'm sorry for my broken english.

best regards,

Loh

0

SQL DB migration

June 20, 2017, 3:57 am
$
0
0
I need a solution

How to change the Symantec SQL server database from one server to another server.

0
Viewing all 10484 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>