Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all 10484 articles
Browse latest View live

User Information Collection box keeps popping up

$
0
0
I need a solution

Hi,

for some reason we have a lot of trouble with the User Information Collection box popping up on some machines after every reboot. This seems to get worse now with version 14. The only solution on impacted clients is to totally uninstall SEP and then re-install. It does not happen on all machines but seems to be related to SEP upgrades. Anyone else have this issue? Is there a fix besides un-install/re-install? Anything that can be done on the server side?

We do like the option and it has helped us identify infected machines much faster so I would hate to turn it off.

Thanks

0

Block the application in 50 machines

$
0
0
I need a solution

How to block these application from application & Device policy in 50 machines.

Notepad
cmd
wordpad
sticknote
paint
inet.cpl
rightclick
control panel etc

Regards,

Harsha

0

SEP blocks safe removal of external disks (AHCI or USB)

$
0
0
I need a solution

Hi,
I have a problem: whenever I issue a safe remove command, System starts to access SYMEFA*.DB and SYMEFA*.DB-journal from <disk>:\System Volume Information\EfaSIDat\, that blocks the save remove process.
I used resource monitor to identify the files causing the problem. I noticed that they are not accessed unless a safe remove is issued!
There is another forum discussion that states that upgrading from 12.4 fixes the problem. I upgraded to 12.6 then to 14.0 RU1 and the problem is still there.
OS: Windows Server 2012 R2 Datacenter
 

0

SEP 14 Add Process Exclusions

$
0
0
I need a solution

Im asking foa assistance.. i need to exclude those processes in SEP

How can i do that ?

Cdb.exe

Microsoft.Exchange.Search.Exsearch.exe

Cidaemon.exe

Microsoft.Exchange.Servicehost.exe

Clussvc.exe

MSExchangeADTopologyService.exe

Dsamain.exe

MSExchangeFDS.exe

Microsoft.Exchange.EdgeCredentialSvc.exe

MSExchangeMailboxAssistants.exe

EdgeTransport.exe

MSExchangeMailboxReplication.exe

ExFBA.exe

MSExchangeMailSubmission.exe

GalGrammarGenerator.exe

MSExchangeRepl.exe

Inetinfo.exe

MSExchangeTransport.exe

Mad.exe

MSExchangeTransportLogSearch.exe

Microsoft.Exchange.AddressBook.Service.exe

MSExchangeThrottling.exe

Microsoft.Exchange.AntispamUpdateSvc.exe

Msftefd.exe

Microsoft.Exchange.ContentFilter.Wrapper.exe

Msftesql.exe

Microsoft.Exchange.EdgeSyncSvc.exe

OleConverter.exe

Microsoft.Exchange.Imap4.exe

Powershell.exe

Microsoft.Exchange.Imap4service.exe

SESWorker.exe

MSExchangeMailboxAssistants.exe

SpeechService.exe

Microsoft.Exchange.Monitoring.exe

Store.exe

Microsoft.Exchange.Pop3.exe

TranscodingService.exe

Microsoft.Exchange.Pop3service.exe

UmService.exe

Microsoft.Exchange.ProtectedServiceHost.exe

UmWorkerProcess.exe

Microsoft.Exchange.RPCClientAccess.Service.exe

W3wp.exe

0

Is Doscan support ERRORLEVEL for virus scan using command prompt?

$
0
0
I need a solution

I am trying to scan a file using command prompt and want to get the scan result using error level. But each time getting ERRORLEVEL 0, even in case of file with virus after scan. 

Version: Symantec Endpoint Protection Manager (14.1)

OS: Windows 10 operating system

I am using the below command in cmd:

>DoScan.exe /ScanFile "D:\Personal\fifa.txt"

>echo "%ERRORLEVEL%"

"0"

For each case  its returning 0 as errorLevel. i.e a virus file  scaned with Doscan.exe returning ERRORLEVEL 0 

Is there any process to get proper ERRORLEVEL ? If not, is Symantec endpoint Protection Manager 14.1 support ERRORLEVEL for scan using command prompt.

0

How Does Symatec Endpoint Protection Handles Trusted Folders and Files

$
0
0
I need a solution

Hello,

I am curious as to how does Symantec handles the folders and files that you mark as trusted say (C:\Windows\System32) and what if you a program is added to that folder will Symnatec perform scan if there is any changes in that folder or will it treat it as a trusted folder and will not perform scans and allow vulnerable applications.

Let me know if you know something about this.

Thanks.

0

Upgrade from 12 - 14 clients not getting virus defs

$
0
0
I need a solution

Hello community - first time posting, and I need some help.

I have a standalone network and was tasked to upgrade from 12x to 14x both sepm and clients. After doing so, the clients are not getting their updates. There is a bit of info out there but nothing has helped so far.

Clients can talk to server
Server reporting that it has the LU correct LU updates
Reinstall / clean of test client has happened
0 clients are getting their updates. I have a management server only, no internal live update server (disabled in policy)
Tried other vius defs which were sucked up fine, no go.
Database cleaned and re-init with a fresh install (database troubleshooting happend first).

I cant enable logging via registry.
No errors I can find in event log.
No errors on SEPM that I can see from the admin panel.
I don't have sep 12 to try.

Any ideas.

Thanks folks in advance.

0

14 RU1 Cloud portal

$
0
0
I need a solution

Are anyone else experiencing problems with the 14 RU1 cloud portal?

When you enroll into the RU1 cloud you are no longer able to create an "allow application" exclusions from the on-premise SEPM risk Monitor logs. You have to wait for the incident to appear in the Cloud portal and then create an exclusion by hash from the cloud event using the new whitelist policies.

My problem is that incidents never seem to reach the cloud portal. If i manually create an exclusion in the cloud whitelist policy it will eventually reach the SEPM (5-10 minutes later) so I know that the SEPM is enrolled and communicating.

0

Question About Legacy Versions and Virus Definitions

$
0
0
I need a solution

Hello,

In my environment we are prepping for an update to take us from Symantec Endpoint Protection 12.1.3 to 14. We have some legacy clients that cannot be updated past their current point, and some devices where we have concerns about updating right away. Will Symantec Endpoint Protection Manager 14 still provide virus definition updates to devices running 12.1.1 and 12.1.3, or will the update leave these devices behind completely?

Thanks

Phil

0

unable Proactive Threat Protection to update

$
0
0
I need a solution

bonjour,

au niveau des postes travailles, la mise à jour proactive est bloquée à la date 3 juillet 2017

Veuillez trouver ci-joint l'imprime Ecran de message d'erreur

0

SEPM service not able to strat

$
0
0
I need a solution

not able to start SEPM service and not able to login to SEPM as it says failed to conect to the server

0

Pending Restart will do restart if upgrade to the new version

$
0
0
I need a solution

I have some clients (Servers) which required restart but i can not restart because of application running

i want to upgrade SEPM 12.1 to 14,  if i do upgrade SEPM 14 the clients which are pending restart will restart automatically or not? SEPM i can restart but i can not restart. after SEPM 14 upgrade client pending will stay in same state or restart ??

0

Symantec LiveUpdate Administrator fail to download new updates

$
0
0
I need a solution

 Hi,

 We are using Symantec LiveUpdate Administrator version 2.3.5.99 . Since a few days ago we have problems with downloading new definitions on the server.

 Server is connected to "liveupdate.symantecliveupdate.com" through proxy server. When we manually start download, we can see that there is a traffic through the proxy and some files are downloaded in the "temporary directory". But after few seconds transfer stops and we are getting "Download request XXXX started by USER has failed". 

 We've tried many times to delete the content of the "Temporary" and "Download" directories, tried to change some server connection settings recommended here (https://www.symantec.com/connect/articles/liveupda...), but without success. There is enough space on the HDD where the new definitions are stored.

 Please help us to resolve this issue.

 Thank in advance!

0

Port Scan

$
0
0
I need a solution

Your computer's UDP ports: 60228, 61511, 58849, 61606 and 53615 have been scanned from 192.168.x.x

192.168.x.x is IP of domain controler.

Any Ideas?

0

Difference between Reports and Monitor tab in SEPM

$
0
0
I need a solution

Hi,

I would like to know whats the difference between Reports and Monitor tab in SEPM? Both seems to be similar.

Thanks. 

0

SEPM menu not allowing me to move, delete, edit info

$
0
0
I need a solution

One of our IT guys upgraded SEPM to the latest version a couple of days ago, without informing me (the person actually responsible for SEPM). We'd been at 14, now we're at 14.0.1. 

Before this, if I wanted to move a computer or group of computers into a new group, I could select them, right click, and choose "Move" from the menu. Now, I can't click on "Move". Can't "Delete" either. Can't "Switch to User Mode". They don't get highlighted in the menu, it's as if in a normal Windows menu they were grayed out. I can "Enable as Unmanaged Detector", "Run Command" (and do anything in that sub-menu, and "Edit Properties", but when the properties window comes up, I can't actually edit anything in it except the description (I don't know if that's normal, I never used that before). 

Thinking it was my browser, I tried IE 11 (I had first tried Chrome). No difference. I am an administrator, but I tried creating a new admin account, since I couldn't edit my permissions. I gave the new account unlimited permissions; no difference. 

Is this happening to anyone else with the latest version of SEPM and if so, what do I do? 

Thanks.

0

Proactive Threat Protection is not function correctly due to an internal configuration error

$
0
0
I need a solution

Proactive Threat Protection is not function correctly due to an internal configuration error

I fix SONAR has generated an error: code 0: description: Definition Failure

by delete 2 file  restart and run live update

Now I got error

SONAR has generated an error: code 1: description: Heuristic Scan or Load Failure

I have 14 computers and 2 computers have error  'Proactive Threat Protection is not function correctly due to an internal configuration error'

I run SymDiag.exe and it  wait for long time ( it not work)

Waiting for 1 definitions to be aquired

0

Application exceptions

$
0
0
I need a solution

Hey,

I've never really got my head around this in SEPM. In other products, you do an exception and just free type the process name. Job done.

What is 'Application to Montitor' all about. I want to have a proper exception for the mobsync.exe process for example. I originally added it as an application to monitor with Log only, which I don't think actually excludes it. So just gone back to try again and over time it has detected various versions of it, each with a different File Fingerprint.

So from the detected applications, which one do I actually choose? Is the File Fingerprint actually relevant or is that just for info. So if I add any one of them, mobsync.exe is mobsync.exe, so each version will be exceptioned.

Am I going to have to do the same for server processes, like EdgeTransport.exe in Exchange for example?

Thanks!

0

Logging The Visited Website Where Malware Was Downloaded?

$
0
0
I need a solution

Is there somewhere in the logs that will show what website was visited when a user downloaded malware? I'm not having any luck finding this information.

Thanks.

0

SEP 12 Firewall still blocking LLMNR even after creating an ignore rule

$
0
0
I need a solution

I've created an ignore rule for my my servers public IP range to allow all traffic on all prots / all protcols yet I am still seeing in my threat protection log that the range is being blocked by certain block rules - Block ipv4 LLMNR/ Block UPnP. 

The block rules are closer to the top of the list while the ignore rule is at the bottom(see screenshot). I am trying to track down why these rules are still blocking the communcation even though I've created the ignore rule. I see the rule is working as the threat log does contain a few references to the ignore rule. 

Any ideas?

0
1509557958
Viewing all 10484 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>