Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all 10484 articles
Browse latest View live

Autodesk 3D MAX with SEP 12

January 7, 2013, 1:21 am
$
0
0
I need a solution

I Have 2 user having  3d max with win xp sp2 and SEP 12( SEPM 12 RU1 MP1). They have a performance issue when renderimg graphics  with 3d max. After uninstalling SEP it was ok. 

I have installed Virus and Spyware Protection,Proactive and Network Thret protection with Symantec for them. Alos have blocked there USB using SEP

They are requesting Kaspersky for ther client sice Symantec make there 3d max rendering slow. But I haven't tryied Kespersky yet.

Is there any fine tune with Symantec for graphc software. Please Help....

 

Search

2. LU file download failed due to HTTP error:0

January 7, 2013, 2:02 am
$
0
0
I need a solution

Hi,

I have a number of W2K3 Servers that do not update their Virus Definitions. All of the Servers connect to our SEPM Servers and we use load balanced GUPs. This mechanism works for a vast majority of our servers (we have over 2500).

Version 11.0.6100.645

I have tried using my admin account to fire up SMC. removing the HTTP info in the .default users section in the registry, trashing the defs manually and using the rx4 defs util.Note that I can telnet to both sepm and gup servers using the relevant port.

Any ideas greatfully received.

The sylink monitor log looks like this:

01/07 09:20:23 [9920] <mfn_MakeGetGupListUrl:>Request is: action=320&hostid=B8A059340A8C501B00E0D16BF3E334C6&chk=DC4B7206B67CCA04EE6E595D15AB7EFA&ck=8CEE7DB3A7FD60124D6FBD246FBB70CA&uchk=6FAE4A54A6FCB6A6307FDACB798DD8EB&uck=8E56693671198EFBAB0F1C2260894D6B&groupid=5311980B0A4293150137742DB117F797&as=10997&cn=[hex]5733334E534D4531&lun=[hex]676F72646F6E2E6A616D65732E61646D&udn=[hex]4D454443
01/07 09:20:23 [9920] <GetGupList:>http://10.140.124.10:8014/secars/secars.dll?h=1794036B74F2CF3C21DE3191B4EE8423345B66E19C4391C029569966ABF44435F71264C42BB880221A877FFF3261F564C8FB5D6D7D5CF9130D705C437D837D78C30BE398EBAF712E8313AE70F5BE8E470F88F4CC85D346642729EC7E0E6E9F2CB67FF60092BE343B64F84C8BB074817846403503B3E693DC08CD25B97A9970BA68724255363CA97E14DE29C36D2A97C37CD17DF89711542A09B2F814661DE47BC293299925DD90FF2C9EB2512C8DB0964874571A3D9059B7D12B045FB6061FBCEAC018B91E1E57714411C91AF5D5B2D36632C4D2459893BD76EEA73A4323011B7040C03D4043570E8EB408D7FB33B3EDC5A4C3D5F985B432ED489A715303D7A93424E327B6D716680F6EBFC49C4611BAE83971FBE7BC8615EDC5A70C8AA99EB0B9B6865CD5D12083363AC68E2B41A747A3F54FB5B33EF0CE4C6D6FA3733E067D74D1ABDC5F07EA36EE14AC4BDBB8CD2051466CC82722B228AEABE5B39EFEFA0B
01/07 09:20:23 [9920] <GetGupList:>SMS return=200
01/07 09:20:23 [9920] <ParseHTTPStatusCode:>200=>200 OK
01/07 09:20:23 [9920] <mfn_DoGetGupList200>Content Lenght => 3236
01/07 09:20:23 [9920] <mfn_DoGetGupList200>Got Gup List from server, read bytes=3236
01/07 09:20:23 [9920] <mfn_DoGetGupList200>completed
01/07 09:20:23 [9920] <GetGupList:>RECEIVE STAGE COMPLETED
01/07 09:20:23 [9920] <GetGupList:>COMPLETED
01/07 09:20:23 [9920] SyLinkDeleteConfig => Deleting instance: 0189DAC8
01/07 09:20:23 [9920] <SetupTempLUFilePath:>NEW download: C:\Program Files\Symantec\Symantec Endpoint Protection\LiveUpdate\LUF{ECCC5006-EF61-4c99-829A-417B6C6AD963}20121114001.TMP
01/07 09:20:23 [9920] <CHttpFileDownload::CHttpFileDownload()>
01/07 09:20:23 [9920] </CHttpFileDownload::CHttpFileDownload()>
01/07 09:20:23 [9920] <CHttpFileDownload::Do()>
01/07 09:20:23 [9920] <CHttpFileDownload::getRemainingBytesToDownload()>
01/07 09:20:23 [9920] Remaining bytes to download: 886158
01/07 09:20:23 [9920] </CHttpFileDownload::getRemainingBytesToDownload()>
01/07 09:20:23 [9920] <CHttpConnector::SendRequest()>
01/07 09:20:23 [9920] Request> http://10.66.214.40:2967/content/{ECCC5006-EF61-4c99-829A-417B6C6AD963}/2012111400/Full.zip
01/07 09:20:35 [9912] <CSyLink::mfn_DownloadNow()>
01/07 09:20:35 [9912] </CSyLink::mfn_DownloadNow()>
01/07 09:20:44 [9920] SendRequest() failed.
01/07 09:20:44 [9920] </CHttpConnector::SendRequest()>
01/07 09:20:44 [9920] </CHttpFileDownload::Do()>
01/07 09:20:44 [9920] <LUDownloader::GetContentToFile> completed.
01/07 09:20:44 [9920] <CHttpFileDownload::~CHttpFileDownload()>
01/07 09:20:44 [9920] </CHttpFileDownload::~CHttpFileDownload()>
01/07 09:20:44 [9920] <LUThreadProc>LU file download failed due to HTTP error:0
01/07 09:20:44 [9920] <CExpBackoff::Increment()>

The debug log looks like this

01/07 09:20:22 [9496:9920] AH: Setting the Browser Session end option & Resetting the URL session ..
01/07 09:20:23 [9496:9920] <ParseHTTPStatusCode:>200=>200 OK
01/07 09:20:23 [9496:9920] AH: Setting the Browser Session end option & Resetting the URL session ..
01/07 09:20:23 [9496:9920] <ParseHTTPStatusCode:>200=>200 OK
01/07 09:20:23 [9496:9920] AH: Setting the Browser Session end option & Resetting the URL session ..
01/07 09:21:20 [9496:9928] Saving SMC State
01/07 09:21:20 [9496:9928] chmod on file C:\Program Files\Symantec\Symantec Endpoint Protection\SerState.dat to read/write.
01/07 09:21:20 [9496:9928] C:\Program Files\Symantec\Symantec Endpoint Protection\StdDef.dat: Not found.
01/07 09:21:20 [9496:9928] C:\Program Files\Symantec\Symantec Endpoint Protection\trojan.dat: Not found.
01/07 09:21:20 [9496:9928] C:\Program Files\Symantec\Symantec Endpoint Protection\metadata.dat: Not found.
01/07 09:21:20 [9496:9928] C:\Program Files\Symantec\Symantec Endpoint Protection\metadata.dat.bak: Not found.
01/07 09:21:20 [9496:9928] C:\Program Files\Symantec\Symantec Endpoint Protection\sigs.dat: Not found.
01/07 09:21:20 [9496:9928] C:\Program Files\Symantec\Symantec Endpoint Protection\sigs.dat.bak: Not found.
01/07 09:21:20 [9496:9928] C:\Program Files\Symantec\Symantec Endpoint Protection\wpshelper.sys.bak: Not found.
01/07 09:22:49 [9496:9704] DnsHelper: update DNS ServerList
01/07 09:24:42 [9496:9972] **** screensaver : 1
01/07 09:24:46 [9496:9972] **** screensaver : 0
01/07 09:25:36 [9496:9928] Saving SMC State
01/07 09:25:36 [9496:9928] chmod on file C:\Program Files\Symantec\Symantec Endpoint Protection\SerState.dat to read/write.
01/07 09:25:36 [9496:9928] C:\Program Files\Symantec\Symantec Endpoint Protection\StdDef.dat: Not found.
01/07 09:25:36 [9496:9928] C:\Program Files\Symantec\Symantec Endpoint Protection\trojan.dat: Not found.
01/07 09:25:36 [9496:9928] C:\Program Files\Symantec\Symantec Endpoint Protection\metadata.dat: Not found.
01/07 09:25:36 [9496:9928] C:\Program Files\Symantec\Symantec Endpoint Protection\metadata.dat.bak: Not found.
01/07 09:25:36 [9496:9928] C:\Program Files\Symantec\Symantec Endpoint Protection\sigs.dat: Not found.
01/07 09:25:36 [9496:9928] C:\Program Files\Symantec\Symantec Endpoint Protection\sigs.dat.bak: Not found.
01/07 09:25:36 [9496:9928] C:\Program Files\Symantec\Symantec Endpoint Protection\wpshelper.sys.bak: Not found.
01/07 09:26:36 [9496:9920] AH: Setting the Browser Session end option & Resetting the URL session ..
01/07 09:26:36 [9496:9920] <ParseHTTPStatusCode:>200=>200 OK
01/07 09:26:36 [9496:9920] AH: Setting the Browser Session end option & Resetting the URL session ..
01/07 09:26:36 [9496:9920] <ParseHTTPStatusCode:>200=>200 OK
01/07 09:26:36 [9496:9920] AH: Setting the Browser Session end option & Resetting the URL session ..
01/07 09:28:16 [9496:9972] SMCGui - 9944: SymCorpUI is not trusted

 

When upgrading the SEPM from version 12.1 RU1 MP1 to version 12.1.2, the following error appears "Error 1920. Service W3SVC (W3SVC) failed to start."

January 7, 2013, 4:03 am

Intrustion Prevention

January 7, 2013, 4:20 am
$
0
0
I need a solution

Hey Ladies and Gents.

 

I am having a little problem with my symantec endpoint protection 12.1..

 

Symantec is blocking port scanning, i have tried to exclude an ip address from the Intrustion Preventiopn policy..

Unfortunatly symantec keep blocking the portscan after i have excluded it.. I also tried turning off the Intrusion Prevention Policy.. But it still doesn't work..

The firewall policy is not enabled..

 

Any tips will be really appreciated :)

 

Thanks

Shanewink

 

cant detect W32.Pilleuz with attrib h

January 7, 2013, 5:36 am
$
0
0
I need a solution

Hi, I just discovered that SEP 12.1 with latest updates and definitions (07.01.2013) can't detect W32.Pilleuz if the h attibute is set on the file. 

If i do a attrib -h virusname.exe the virus is detected almost instantly (maybe since i modified the file?) if i right-click on the usbdrive and choose to scan for virus I find noting. Fullscan can't find anything ether.

This installation of SEPM was a test/lab installation with all the default settings and SEP only deployed to the test server it self. 

So how do i tweak SEP to scan the files with the -h attribute set? The virus is a bit to common on our branch offices to my liking... I also find it a bit disturbing that a default installation of SEP cant detect files with the -h attibute(?). SEP did stop the execution of the autorun.inf so my testlab wasn't infected, but it didnt scan the file the autorun tried to execute. So what do I need to change in my setup to make SEP find files like this?

 

 

Does creating a custom Citrix exception rule nullify any default exceptions?

January 7, 2013, 5:45 am
$
0
0
I need a solution

I suppose this could also apply to Exchange and other systems that SEP is programmed to take into consideration automatically...

I have a Citrix farm and am looking at the Citrix-recommended exceptions for scanning.  After reading the Symantec Endpoint Protection 11.0 "Terminal Server and Citrix Best Practices White Paper" where is says on page 7: 

"As per terminal servers, if you wish to run the SEP firewall on a Citrix server then it is possible to do so without any issue using the default rule set in SEP 11.0 MR2 and beyond. If, however you wish to create a custom rule set for Citrix then the following processes and communications ports should be taken into account:"

Then it goes on to list a large number of exceptions...

I know that SEP automatically takes into account certain system, like Exchange - knowing what to scan and what not to scan.  My question is this:  does creating a custom rule nullify the automatic exceptions that SEP already knows about?  It sure seems like that, based on my reading of that section in the white paper; otherwise, why would it say to add those exceptions only if creating a custom rule set?

 

Many thanks,
Mark

8162371
1357567934

CleanWipe isn't so clean - still requires uninstall password for orphaned SEP clients

January 7, 2013, 7:33 am
$
0
0
I need a solution

I need a solution.

I have noticed the only clean way to upgrade a SEP 11 client from, say RU4 to RU7 is to

1. Run cleanwipe

2. Do fresh install of RU7

 

Here is the problem - when we send out technicians to run cleanwipe on an ORPHANED SEP 11 client, it asks for uninstall password, which we are not allowed to give out. And if technician does Add/Remove program, it also asks for SEP 11 uninstall password even though this is an ORPHANED SEP 11 client.

 

How to run cleanwipe on an ORPHANED sep client without providing password. Or, is there a workaround, such as deleting certain registry keys? From there, we can install later version of SEP 11.

 

 

Device Control - Using Wildcards

January 7, 2013, 7:39 am
$
0
0
I need a solution

I need help finding a solution. I am using SEP and device control to block USB Storage Devices. I have several thousand USB Storage devices that I would like to allow and the vendor ID is the same, but the device ID is unique to each device. I would like to know how to use wildcard charatcers to allow any USB device from that vendor instead of having to whitelist each individual device.

 

Thanks

Search

SEP 12.1 RU2 client install

January 9, 2013, 10:01 am
$
0
0
I need a solution

Hello,

We upgraded SEPMs from SEP 11 RU7 MP2 to SEP 12.1 RU2 (confirming suppoted migration path).  Exported client packages for 64-bit and 32-bit platform, with the installation type to "show progress bar only".  Installation goes fine and install process runs liveupdate which also completes, but LiveUpdate Status windows does not close by itself.  Initially  I though it could be time issue and tried couple of clients over hrs and even over night, even then one has to click "close" button to close startus window.

There  was no such issue when we used "unattended" in packages for SEP 11 in any of its builds.

Any body experienced such behavior.

Thanks & Regards,

pg

Sonar component stopped working

January 9, 2013, 11:04 am
$
0
0
I need a solution

Since yesterday the Symantec Endpoint Protection on my window XP repeatedly give an error message "SONAR Component has encountered a problem and needs to close.  We are sorry for the inconvenience".  Then the Proactive Threat Protection becomes disabled, wrongly stating that "Protection definitions are too old for Proactive Threat Protection. Click Fix to update prtection definitions." Of course the definitions are updated, but the Proactive Threat Protection simply remains disabled.

I found an old thread (https://www-secure.symantec.com/connect/forums/son...) and realized this is a time-worn issue. Apparently it's come back again. Would anyone please come to my rescue? Thank you so much!

SEPM 12.1 Move To New Server Question

January 9, 2013, 11:21 am
$
0
0
I need a solution

I am trying to move our only SEPM server (Version 12.1.1000.157 RU1) from an old server (SERVER1) to a new server (SERVER2) while keeping the same IP address and server name. Both servers are running SQL 2005. I have backed up the SQL 2005 database on SERVER1 and successfully re-attached it to SERVER2. I have done all the disaster recovery procedures on SERVER1 per the following link (http://www.symantec.com/business/support/index?pag...). I have installed the same version of SEPM on SERVER2 and have started the Management Server Configuration wizard and selected "Custom configuration" and "Use a recovery file". It then presents me with three options: Install my first site, Install an additional management server to an existing site, Install an additional site. I am unsure of which one to choose. Could anyone point me in the right direction? Thank you very much.

12.1.2 managed client not installing

January 9, 2013, 12:12 pm
$
0
0
I need a solution

Hello,

 

I recently set up a new SEPM server for which I am going to test 12.1.2. I attempted to push the client package to my first machine (my machine running Windows 8). I am able to successfully push the package to the client as the management ui says package deployment was successful but the installation on my machine never actually happens. I see nothing in my machine logs to indicate the installation was even attempted. This machine does not or never did have an older version of SEP installed. So, according to the SEPM server communication between client and server is fine and the package was successfully delivered. Why would the client no install on my machine? 

 

Thanks!

SEP Virus Defs still saying out of date

January 9, 2013, 12:20 pm
$
0
0
I need a solution

The server was low on disk space so the virus defs would not update.  NetOps made space so now SEP shows the virus defs up to date.  But the message still pops up saying that the virus defs are not updated.

Before, I figured out it was a disk space issue, I tried following the documents to manually update by cleaning the directory and registry thinking maybe the virus defs were corrupted.

Any suggestions. 

Thanks. M.

clients sending large amount of data to SEP server

January 9, 2013, 1:53 pm
$
0
0
I need a solution

It seems our clients are sending a large amount of data to the SEP server. Last night for instance we observed one client that sent 1.2 GB of data to the server. I think this was after a new/fresh install of the 12.1671 client version.

We do have a GUP on that site, which I think helps reduce traffic from the SEP server to a local server and then to the client, but not the other way around.

Is that much communication normal? That seems way out of line with what I would expect.

Adobe flash player has changed pop up

January 9, 2013, 2:56 pm
$
0
0
I need a solution

Hello - I have about 500 users who are getting the attached message.  we recently did some updates, flash player one of them, and users now get the attached message.  What can be done to prevent this message from popping up again.  (getting 500 tickets from people who cannot read the message and see what it is asking is too much)

Is this a new feature because we update flash all the time and have never received this message.

Search

How to change client password protection for all groups

January 9, 2013, 4:29 pm
$
0
0
I need a solution

Hi All,

I have over 1000+ groups and most of these groups are not inherited from parent group.

If I wanna change client password protection(Uninstall or stop password for client) for all groups, any idea about how to do it in SEPM?

Thank you.

 

8177611
1357795028

Cannot input username and password of the SEP Manager

January 9, 2013, 6:07 pm
$
0
0
I need a solution

Hi,

   After migrating SEP 12.1 RTM to SEP 12.1 RU2, the upgrade was successful. SEPM is up and the clients are reporting. The this is we cannot login to the SEPM, I mean we cannot input username and password to the SEPM thats why we cannot access the SEPM. Please help. Thanks. ^___^

porn.exe, sexy.exe, password.exe; file/folder name .exe

January 9, 2013, 6:36 pm
$
0
0
I need a solution

So how come Endpoint didn't prevent this from infecting my workstation propogating through the network and infect 3 other workstations. I have live update active so all my clients had the latest definitions. Not good.

 

Symantec to update AV component in SEP products on 1/15

January 10, 2013, 11:52 am
$
0
0
I do not need a solution (just sharing information)

AV Engine Update – January 15, 2013

Symantec will post an update of the AV Engine in Multiple Daily Virus Definitions on Tuesday, January 15th  2013, US Pacific Daylight Time.

The AV Engine version will be 20121.3.0.76 or greater.  This release is a regularly scheduled release that includes efficacy enhancements and does not target any specific customer or known issue.  The release will cause the size of definitions to temporarily increase.

Prerelease test definition files are provided for vetting this update on test systems. (as these are prerelease definition files, they should not be deployed to production systems)

20130109-041-v5i32.EXE

0130109-041-v5i64.EXE

VD3C5229.jdb

VD3C5229.XDB

Deleting old content from LiveUpdate Administrator Distribution Center

January 10, 2013, 1:32 pm
$
0
0
I need a solution

I administer an internal LiveUpdate server (v2.3.1.82) and I have just moved my distribution center to a new drive (D:) according the to article below. Can I delete the content from the old DC (C:\Program Files (x86)\Symantec\LiveUpdate Administrator\clu-prod) now?

The articles I have looked at make no mention of removing old content after the DC has been moved and I need the space back on my C Drive. I have done an update and distribution but the old content is still there in the old clu-prod dir. Tomcat knows the new location, and I don't want to get the DB out of sync with the file system.

http://www.symantec.com/business/support/index?pag...

Viewing all 10484 articles
Browse latest View live
Search