I need a solution
Good day Team,
I am seeking assistance with generating computer status report or any other report that can show the computers and Virus defination for previous months dating back 2016.
0
↧
SEPM Reporting help
↧
[SID: 30378] Attack: SMB Ransom Malware Copy Attempt 2 attack blocked. Traffic has been blocked for this application: SYSTEM
I need a solution
Since 31st Oct 2017 Most of our users PC's are getting below Pop up message
When i check with event viewer i found below event. Not able to find from where this attack is lanched
[SID: 30378] Attack: SMB Ransom Malware Copy Attempt 2 attack blocked. Traffic has been blocked for this application: SYSTEM
Note: No log found in SEP client. How to find the host which tries to attack.
Regards,
Hari
0
↧
↧
Administrative defined Scans not running
I need a solution
Hi ,
i am using SEP 14 and I have created a new rule (virus and spyware) iand also assigned it to the the group which i have defined administrative scan schedule to run daily at 10 am .
But on the next day when i run scan report it shows scanning not running at 10 am .Most of the users come to office at 9 am so i think it should work but its not working.Its running scan on different time slots for e.g 12 pm , 1 pm even 8 :00 am .... what might be the issue.
Please help me out
0
↧
Host Integrity failed but reported as PASS
I need a solution
Hello,
I wasn't able to find a description what this means. Do you know more about this?
For me it says that HI isn't working properly, since the check failed but HI reports it as passed. There is no additional error message, just:
Host Integrity failed but reported as PASS
Info and above
1
The Client Host Integrity log says:
Requirement: "AntiVirus UpToDate" failed
Requirement: "Windows Reboot Check" passed
The Requirement "AntiVirus UpToDate", which actually failed, does not have "Allow the Host Integrity check to pass even if this requirement fails" checked. If it were so, I could unterstand the message above.
Thank you.
Breyn
0
↧
Trial message appears in IE web after each login on server.
I need a solution
I need a support on the following issue.
Trial message appears in IE web after each login on server. However, our SEP license is registered.
This happens right after I switched from single SEP to SEPM antivirus updates distribution. Our license is covering the SEPM version installation.
0
↧
↧
can i upgrade client through GUP
I need a solution
I have lot of remote sites and link is 1 Mbps. can i upgrade my SEP from 12.1 to 14 through GUP
0
↧
Remote Desktop block when connected to my company WiFi?
I need a solution
I have a Symatec block when trying to access my computer on a RD Client from a IPad WHEN my computer is connected to the WiFi network in my office.
When I connect with a network cable in my office all is working fine with remote desktop and RD Client. I have no oppertunity to run a 20 meter cable, please support with this blocking in Symatec!
Security History: 'Medium''Unauthorized access blocked (Access Process Data)''Blocked'
0
↧
Communication problem between SEP 12.1 and SEPM 14
I need a solution
I am facing Communication problem between SEP 12.1 and SEPM 14. Clients are not stable its connecting and after 1 , 2 mintutes again disconnect this is happening with 12.1 clients but SEP14 clients are stable connected
This issue happend after migration from 12.1 to 14 but when i upgrade any client 12.1 to 14 its stable
0
↧
API for alerting on SEP events
I need a solution
Can the API be used to collect SEP alerts or is it just a tool for managing SEP endpoint agents?
0
↧
↧
Return File Hash from SEP DB
I need a solution
Is there a field in the SEP DB schema that contains the file hash for a file that has generated an alert?
How many versions back is this compatible?
0
↧
Autoprotect extension
I need a solution
Bungiorno,
vorrei capire il funzionamento dei setting di autoprotect:
In "file types" - "selected" inserisco una lista di estensioni (ad esempio dll), metto la spunta su "determine file types by examining file contents".
Ora vorrei sapere se, prendendo un file di tipo inserito in lista ma a cui in mariera malevola è stato cambiata estensione con una non presente in lista, viene esaminato per la verifica.
Ad esempio pippo.dll (estensione presente in lista) viene rinominato in pippo.bbb (estensione non presente in lista), viene esaminato alla ricerca di codica malevolo?
Grazie
0
↧
LiveUpdate - does not update just right after WAN conection is available
I need a solution
hi forum Guys,
I’m a site admin for SEPM solution, our site is about 2600 clients small, the sepm server is managed by an external company. so I’ve maybe not the full overview about our sepm landscape.
I have the admin rights for our site (or sub group?!). we are now on vers. 14.0MP2.
we have enabled location awareness, our internal clients are using gup and that works fine and fast.
But i always receive a notification about 600 clients with virus definitions older than 10 Days. these 600 clients are mainly external staff and they are normally not often connected to the internal lan to get gup updates.
Definitions older 10 days is definitive to old!
So I just tried the following. I split our LiveUpdate policy, one for the internal gups and created a new liveupdate policy for the external clients. only with the rules “use a l live update server” and to use the “default Symantec Server” with enabled scheduling, with setting “continuously” .
Now I did a test with an client, and the result was: after connecting to the WAN – it took about 50 minutes!!!
This period is too long, my clients are mainly 10 or 20 minutes online before the close the notebook and drive to the next customer.
So my question is:
Is there a possibility, a policy or whatever to instruct the lua – update pattern after successful connection to the WAN and begin immediately with checking and downloading the newest pattern?
Regards
0
↧
Hide or disable "Control Log" on client interface
I need a solution
I do not want the clients to see their "Control Log" (View Logs -> Client Management -> Control Log). How can I disable access to (or hide) "Control Log" at the client user interface?
SEPM version 14 MP1
0
↧
↧
Undetected Malware attempting to access IOT devices?
I need a solution
We operate a star shaped network with a central hub branching out to many non-interconnected sites. At a few of these sites there have been non user-generated attempts to access the NIC of a networked UPS. The UPS provides us an alert which identifies the IP that the reqest came from. We have isolated the workstations that these requests are coming from. We have updated the SEP client to lastest available from our SEPM server 12.1.7 and performed full scans. We've also tried scanning with other free scanning tools like Malwarebytes. So far we have been unable to identify any software trying to connect to network devices from these machines.
Are their any other scanning or live detection features within this SEP client version that could help us idenfy and remove this threat?
0
↧
Can't Install Windows 10 Fall Creator's Update
I need a solution
Hello Symantec denziens - I've been trying and failing to install the Windows 10 Fall Creator's Update on my Windows 10 Pro laptop (which is running the April update). The laptop originally came with Symantec Endpoint Protection 12.x, but I uninstalled it when I still had Windows 8. I've followed the instructions here (https://support.symantec.com/en_US/article.TECH235458.html) to no avail. I've also run CleanWipe multiple times and searched the registry manually for any Symantec entries. Similarly, I've searched my hard drive multiple times and deleted any references to symantec (I still had the install files). All I can think of is that Outlook has indexed emails form symantec and somehow the Windows update installer is picking that up?
Any ideas other than having to clean install the OS?
0
↧
SEPM 14 MP1 Replication Partner
I need a solution
Hello everyone, curently we have two SEPMs running 14 MP1 with a shared SQL database and configured as HA servers with a single site desigin supporting about 3500 agents. We have a requirement to set up another SEPM in our DR site to achieve full site redundency. I have few queries or clarifications in this reguard. Your suggestions and comments are appreciated.
1) The current size of SEPM sem5 database on SQL database is about 20GB in size in the maine site. Since the SEPM on DR site is going to be in another city so the cummunucation over the WAN link. I want to know that what would be the intial size of the replication ( I would not want to replicate live update, client packages and logs) as we set up the SEPM in DR site? Would it be 20 GB since the size of sem5 database on the main site is 20GB??
I came across the below KB article that talks about the above scenerio, I belive it is also applicable with the latest version of SEP.
https://support.symantec.com/en_US/article.TECH951...
Your comments are suggestions are appreciated to achive the mentioned requiremenets in the most efficent and smooth way. Thanks
0
↧
Anyone using Deception Feature with SEP 14 RU1
I need a solution
Hello everyone, I just wanted to know that have anyone among you using the deception feature that has been introduced with SEP 14 RU1. Have anyone started using it in their production enviorements? What is your feedback on this?
Also in the documentation it says that currently that are 3 deceptions tools that are included in the installation package, however one can contact Technical support to get more deceptions rules and policies. Have anyone got additional policies from support?
Thanks
0
↧
↧
Memory Exploit Mitigation in SEP 14
I need a solution
We have one webportal and I am facing problem that some of the client are getting Memory Exploit Mitigation msg and some clients are fine when they try to access same webportal
is it because of windows update ? and how can i add exclusion for those clients are getting Memory Exploit Mitigation msg
0
↧
Silence is golden: New banking Trojan
I need a solution
Hi Guys,
May I know if Symantec already know about this threat. I read some news article regarding on this new trojan on the loose. See article links below.
https://securelist.com/the-silence/83009/
https://www.finextra.com/newsarticle/31272/silence...
Thanks!
0
↧
Windows Defender Firewall - SEP 14.0.1 (14 RU1) (Build 3752)
I need a solution
On the previous version of windows 10 (1703) the windows firewall was controlled by symantec and this was shown in the windows firewall with the text "these settings are being managed by vendor application symantec endpoint protection" (see picture 1).
After the update to Win 10 fall creators (1709) the windows firewall was renamed to "Windows Defender Firewall" and after upgrade to SEP 14.0.1 (14 RU1) (Build 3752) this text is no longer there (see picture 2).
Now I'm quite sure the windows firewall and SEP firewall are working next to each other.
Is this normal ?
Is it due to the SEP 14.0.1 or due to the win 10 update?
Picture 1 (win 10 SEP 14 MP2)
Picture 2 (Win 10 SEP 14 RU1)
0
↧