Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all 10484 articles
Browse latest View live

Where Can I Find Details About Exceptions Added To Our Policy

$
0
0
I need a solution

SEPM Version: 12.1.6 RU6 MP5

Server 2008 R2 SP1

SQL Backend

Is there a file stored on the server somewhere that will actually provide details on what was added and the admin ID that actually added the exception?  We do have limited admins who can edit the exceptions but "apparently no one made this particular change:" 

For example, if I am going through the list of exceptions and see one that is questionable, I would like to go to that admin and get some details. 

Thanks

0

SEPM 14 Remote Push Stopped Working

$
0
0
I need a solution

I have SEPM setup on Window Server 2012 R2. This server has been in place for several years. When I first set it up I created a GPO to setup client computers with these settings:

https://support.symantec.com/en_US/article.HOWTO80805.html

Remote Push has worked fine for years, then a couple weeks ago I started having issues. When I try to use remote push it just states "Failed" under Deployment Status (I attached a screenshot of this). I have looked through Windows Event Viewer but can't find anything and don't know why this issue just started. I would appreciate any help with this.

Thanks,

Brian

0

Error 2343 Specified path is empty

$
0
0
I need a solution

This either will be a solution (again, deja vu of the past) or I'll be asking for a solution.

Situation:  

User laptop

Was Win10, Anniversary Edition

Was offsite, out of touch for many months

In the meantime we upgraded to SEP 14.1, and users are on Win10 CU.

The laptop comes back in and it's got Win10 CU.  Fine.  Some do that.  It's on CU on its own so I don't have to upgrade it.  It took a while to get the laptop back in.

There's no SEP installed though.   Windows Defender also isn't on.

I reinstalled SEP v 14.1.  I thought maybe it was something with the Win10 CU happening on its own.  

After that first reinstall, SEP 14.1 appeared in the programs list.  Also in the taskbar right side icon tray.  But there was no green dot and I couldn't right click and update content.  I could run SEP and it did get updates.  It also popped up with a red "fix needed" banner when it was first started.

Defender appeared to be off.

I uninstalled SEP, restarted.  Tried to reinstall but it errors out.

I kept getting  "Error 2343: Specified path is empty."

Found this more recent post.  I found other ver 12 ones from 2011 with similar fixes (but it didn't seem to work now).

https://support.symantec.com/en_US/article.TECH197...

There's no info in there though, is there?

Also tried - manually deleting the c:\program files x86\symantec folder   and under C:\programdata  symantec.  No change in trying to reinstall.

Found this post.

https://www.symantec.com/connect/ideas/how-fix-err...

I looked in here.

HKEY_CLASSES_ROOT\Installer\Products\

And I found this key.   E9D5D74D72B13814ABD5F7FD5628105F       This is manually typed if there's a typo.  SEP was on the list.

I deleted that key.  Tried to install again, and it appeared to be installing.  So I started this post in case it helps anyone else.

But it didn't work.  No SEP on the programs list.  Nothing in the taskbar, lower right.  I do see a C:\program files x86 symantec folder, but there's no much in it.  Ditto on c:\programdata\symantec.

It's behaving like SEP v 12 with earlier Win10, if you didn't disable Windows Defender first.

How do I get SEP uninstalled completely?  Then shut off Defender?   Then do a fresh v14.1 install?

0
1501870651

how to find Sequence number

$
0
0
I need a solution

i was just sent "Alert: Engine Release Issue"

and it talks about Any SEP customer who has downloaded and/or rolled out AV engine/definition updates numbered between 20170802.008 and 20170803.005 should take action immediately to ensure they update to the latest signatures, numbered 20170803.006

how to find what Sequence number our viruse Definitions are at?

In the SEPM i find Virus Definitions are 08/03/2017 r30

0

Re-authentication when installing new clients

$
0
0
I need a solution

Hi, if I have a list of 40 clients that need SEP installed, and I use the "Import computer list from text file", if I have, for example, a problem trying to connect to the first 15 devices, but successfully authenticates on the 16th device, why do I need to manually authenticate 15 times in a row for each failed connection attempt?

I think I should have to authenticate only once, and the SEPM should remember the credentials I just typed in and automatically move on to authenticating on the next device if it can't resolve the current one.  It's very annoying to have to enter my ID, Password, and Domain 15 times in a row.

Is there a setting to change this so I don't have to keep entering my credentials over and over and over again?

0
1501877209

Clients not upgrading from 12.1 or 14.0.1904/2332 to 14.0.2415

$
0
0
I need a solution

I've seen this issue previously and seem to be encountering it again...

I've got clients that are reporting to a server that is running 14.0.2415 (14MP2).  There is a mix of clients that are running versions including 14.0.2415.0200 as well as 14.0.2332.0100.  We've also got 14.0.1904.0000 and 12.1.6465.6200 and 12.1.7004.6500

The problem we are having is that the older clients are not picking up and installing the upgrades that should be (and are to the best of our knowledge) available to them.

We've got Install packages available, and I can see where the clients know there is an upgrade available, but they are not applying the upgrade as expected.

What's the best way to troubleshoot from here on why these clients are not doing the upgrading we are looking for?

One of the SA's that is working with me has done a little testing and has encountered at least a couple of clients that are now saying "Client has ignored upgrade package, version 14.0.2415.0200.  The client decided to reject the upgrade package"

0

SEP Alerts

Application and Device Control exception - Launch process attempts

$
0
0
I need a solution

Scenario:-

Need to detect and block *powershell.exe launch process attempt from office documents (winword.exe, excel.exe, powerpnt.exe..etc). Now, is there a way to provide exception to few genuine business cases while blocking all others.

For instance, allow execution of powershell scripts "D:\Script_directory\script.ps1" OR "\\file-share\script.ps1 called from Office docs.

Attached sample policy for which exception need to be added in place.

0

Installing a second Antivirus with SEP

$
0
0
I need a solution

Hello,

i want to know if it is possible to install a second Antivirus program on a machine with SEP installed on it?

is there any change i can do on my plocies to allowd such configuration ?

Thank you in advance.

Kind regards

N.Achraf

0

Crache ccSvcHst.exe

$
0
0
I need a solution

Bonjour

J'ai un souci au nivau du service SEP qui s'arrete aprés 1 minute d'activité avec le message ci-dessous :

Nom de l’application défaillante ccSvcHst.exe, version : 13.2.0.246, horodatage : 0x57a2c77f

Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000

Code d’exception : 0xc0000005

Décalage d’erreur : 0x12000000

ID du processus défaillant : 0x1468

Heure de début de l’application défaillante : 0x01d30f93b8c6b6fd

Chemin d’accès de l’application défaillante : C:\Program Files\Symantec\Symantec Endpoint Protection\14.0.2332.0100.105\Bin\ccSvcHst.exe

Chemin d’accès du module défaillant: unknown

ID de rapport : 020b000d-7b87-11e7-aad2-b8ac6f30e949

Le SymDiag ne donne rien de concret sauf l'information que le service est arrété

Le souci est remarquer pour la version 14 MP1

0

Anticipated date for next SEP update?

$
0
0
I need a solution

Hi,

Any indications as to when the next maintenance release might occur?

Thanks,

Seth

0

symantec unmanaged live update remains disabled for nearly 3 minutes at start

$
0
0
I need a solution

Dear Team,

Reqiured help in bleow issues

1> Symantec unmanaged  live update remains disabled for nearly 3 minutes at start

2> How to get rid of Cleanserp.net Redirect

0

TCP Connections To "ent-shasta-rrs-symantec.com"

$
0
0
I do not need a solution (just sharing information)

We have found an enormous amount of blocked traffic on our proxies that is going to tcp://ent-shasta-rrs.symantec.com

I know what the URL is used for, that is not the question.
The big question mark for me is the TCP:// connection that is being blocked. This is expected behaviour by the proxy. Question is why TCP?

The client as in the configuration is using the IE proxy config, which is a PAC-file in the end.
After testing with the URLs listed under https://support.symantec.com/en_US/article.TECH163042.html, I can tell that one of the links is being blocked and the other works.

Is there anyone with an idea why these connections happen?

0

Old Virus Definition File "Reminder" message - Get rid of thru command prompt or Registry

$
0
0
I need a solution

I am working in an application in which once virus has been updated and machine is rebooted, "Old virus Definition file" popup message appears. 

I want to get rid of this without manual intervention once the system is rebooted.. 

I understand there is option in GUI.. But i want through REGISTRY modification or any Command Line for this operation. 

Please help. 

0

SEPM Firewall Breaking after installation of Creators update

$
0
0
I do not need a solution (just sharing information)

Just as the title says I'm having a serious issue with SEPM firewall breaking when the creators update in windows 10 is installing.  These are the things I've done when theyve broken: 

1. installed SEPM 14 MP2

2. run windows update after I've fixed the issues. 

This results in a broken firewall driver and I have to uninstall SEPM.  

is this a widely known issue? out of 50 computers I've had this happen to 8 so far.  Just looking for guidance. 

0

SEP 14 MP2 ccSvcHst.exe 100% CPU Spike After Definitions Updates

$
0
0
I need a solution

About a week after rolling out SEP client 14 MP2 to all of my Windows endpoints, we started seeing 100% CPU spikes on a couple of servers. The process that is causing the spikes is ccSvcHst.exe and I can correlated the spikes to match definition updates. I assumed at first the spikes were caused by the defwatch scans that occur when definitions are updated but the spikes still happen even after disabling those scans. Also the spikes last a lot longer than the scan times.

Doesn't seem to affect all of our servers, and the only things that relate the servers that do have issues are that they have high disk IO.

Has anyone else seen anything similar?

0

LiveUpdate servers out-of-date

$
0
0
I need a solution

Hi all,

">We have recently switched from antivirus X to SEP.


">We have nearly 1500 servers and workstations running under SEP now.

">Only we are dealing with the following problem.

">If we look at the portal, also known as "Symantec Endpoint Protection Manager", then we see that there are currently 150 servers out-of-date.

">If I look on one of the servers on the system log, then I see that an LiveUpdate session ran and installed an update succesfully, before she got the status out-of-date.

">If I look at the Policy of SEP Manager, I see that the frequency (what is also default) is set at 4 hours.

Which means if he does an update at 1:00, he will update again at 5:00. But if he found a new update in the meantime, for example, at 1:05, he will be in the out-of-date list.

">And only at 5:00 he will update this, and will be retrieved from the list.


Sounds all logical.

">Only adjusting the frequency in SEP Manager's policy will not matter, because I will always keep this problem, even if I shorten it to 1 hour instead of 4 hours.

Now  we have a lot of servers to manage, it becomes unclear to see which servers really have problems.

">Servers who really do not get any updates.

He does what it has to do, but for a bulk of servers we manage, this is too unclear.
I hope someone can come with a setting or something that can fix our problem.

For example, the status in the SEP Manager portal, which will only refresh after 5-8 hours?

0

SNAC Service Causing black logon screen

$
0
0
I need a solution

SEP v 12.1.7

SNAC Service Causing black logon screen - somtimes for hours at a time.

Policies disabled on SEPM. Not using SNAC

Disableing the service on client computer solves issue.

Called into symantec for support and their solution is to upgrade or reinstall sep client. this is not an option

why would this start happing all of a sudden??

30/6000 users affected, all platforms

0

Multiple clients showing as having Componnet Malfunctioning

$
0
0
I need a solution

We have 12.1.6 MP6 installed in our environment with over 5000+ machines.

We have a mixed environment of Windows 10 and Windows 8.1 machines. Windows 8.1 machines are being upgraded to Windows 10.

Issues are multiple here

1. We get multiple alerts on machine sHowing " Multiple components are malfunctioing"

2. Inspite of Tamper protection applied to all machines as per policy and locked , it shows as TAmper protection disabled

3. Machines are online but many are not scanned: How can I ensure, why Scan is not being done? Note we have a  policy to shut down all machines by 5 PM.

4.Some machine has latest definitions but scan dates are dated 1 August 2017

5. Does " OFFLINE" means the PC is not connected to network or PC is not communicating with SEPM. how can we verify this?

0

Java requirement

$
0
0
I need a solution

Hi

Does Symantec endpoint protection manager server does need java?

Thanks

0
Viewing all 10484 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>