Reinstalled LiveUpdate not having LiveUpdate Policy Applied on SEPM 14

November 23, 2017, 4:53 am

≫ Next: Remove old Management-Servers from Reports/Monitors

≪ Previous: SEP 14.X clients not update automaticaly

$

0

0

I need a solution

Our SEPM 14 server stopped updating (suspected corrupt definitions) and the error pointed to requiring LiveUpdate to be reinstalled. Deleting the cache did not work.

LiveUpdate reinstalled ok but it’s no longer having the LiveUpdate policy applied on it. The policy changes the location for updates to be another internal server (via https through firewall). Access to this server is confirmed by connecting to it and entering username and password via browser.

However, in the log, its still looking out to the default Internet site, which is blocked for the SEPM server.

​

​How do I have the policy re-apply? SymDiag confirms corrupt definitions but of course cannot download fresh updates either.

​Thanks

0

---

Remove old Management-Servers from Reports/Monitors

November 23, 2017, 6:00 am

≫ Next: SEP client and SEPM cummunication

≪ Previous: Reinstalled LiveUpdate not having LiveUpdate Policy Applied on SEPM 14

$

0

0

I need a solution

Hi all,

in Reports and Monitors, when you select a server from the drop-down menu, old sep Management-Servers are listed which are not in use anymore. See attached screenshot.

Is there a way to remove them? We tried to do that under Admin -> Servers -> Local Site -> Edit Site Properties -> General, but there are only those Management Servers listed which are actually in use. The old ones are not displayed there and cannot be removed.

Thank you.

Best regards

concentric

0

• sep_logs_server_selection.png

SEP client and SEPM cummunication

November 23, 2017, 1:56 am

≫ Next: SEP14RU1 - Memory Exploit Mitigation breaks IE11

≪ Previous: Remove old Management-Servers from Reports/Monitors

$

0

0

I need a solution

Hi Team,

Is SEP client uses any athentication to communicate with SEPM

0

SEP14RU1 - Memory Exploit Mitigation breaks IE11

November 24, 2017, 2:04 am

≫ Next: ordinateur introuvable

≪ Previous: SEP client and SEPM cummunication

$

0

0

I need a solution

So we are in the process of upgrading our clients from SEP12RU6MP7 to SEP14RU1.

After the initial restart when installing the new version, IE11 is not starting up anymore.
Error Message:

iexplore.exe
The application was unable to start correctly (0xc0000005). Click OK to close the application

Event Log:

Faulting application name: iexplore.exe, version: 11.0.9600.18838, time stamp: 0x59e1b492Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x00000000004e0a8aFaulting process id: 0x2140Faulting application start time: 0x01d3650967e64262Faulting application path: C:\Program Files\Internet Explorer\iexplore.exeFaulting module path: unknownReport Id: a59c52d1-d0fc-11e7-aae2-ecb1d7725227

When disabling the Memory Exploit Mitigation policy, everything works fine again.
The policy even was set to "Set the protection action for all techniques to log only". Bummer.

So, what's the issue here?

0

ordinateur introuvable

November 24, 2017, 2:47 am

≫ Next: Over Deployed

≪ Previous: SEP14RU1 - Memory Exploit Mitigation breaks IE11

$

0

0

I need a solution

Bonjour,

J'ai un serveur SEPM 14 sous Windows 2016, je suis en train d'effectuer la migration de l'ancien serveur sous W2003 vers ce nouveau serveur sous Windows 2016.

Les clients se situent dans différents sous réseaux.

J'ai demandé à mon admin réseau d'ouvrir les ports recommandés par Symantec via la doc officielle sur le routeur.

Je suis parvenu à migrer une bonne partie du parc mais je rencontre des problèmes pour d'autres sous réseaux.

Lorsque je procdède au déploiement du nouveau package de communication Au moment de la découverte réseau par Symantec, il me dit "Echec : ordinateur introuvable"

Pourtant je parviens à pinguer les postes depuis l'ancien serveur et les pare feu sont désactivés sur tous les clients.

Ma question :

Que fait exactement Symantec lorsqu'il fait une découverte réseau au moment de le mise à jour par exemple du paquet de communication ?

Fait-il un ping pour tester la connexion aux ordinateurs clients ?

Mon admin réseau dit que tout est ok voici les ports qu'elle a ouvert :

TCP 139, 445, 22, 2967, 2638, 1433, 8443, 9090, 8014, 443, 8445, 8446, 8447, 8765,1100

UDP : 137, 138

Merci de m'éclairer.

0

Over Deployed

November 21, 2017, 1:03 am

≫ Next: FALLCHILL

≪ Previous: ordinateur introuvable

$

0

0

I need a solution

Hi,

I have over-deployed my Symantec Endpoint clients but im planning to purchase more licenses.
However until i purchased more licenses will my over-deployed clients be at risk?

What security risks do i have now?

Thanks,

Lody

OVER-DEPLOYED-

You do not have enough valid seats to cover all of the computers in your deployment. Over-deployment exposes your network to security risks.

0

1511257068

FALLCHILL

November 21, 2017, 1:35 am

≫ Next: SEP14RU1 - Memory Exploit Mitigation breaks IE11

≪ Previous: Over Deployed

$

0

0

I need a solution

Good day All,

Does anyone know if Symantec has protection or any article on FALLCHILL?

https://www.us-cert.gov/ncas/alerts/TA17-318A

https://www.us-cert.gov/ncas/alerts/TA17-318A

I can't seem to find anything from Symantec on "FallChill" or "Hidden Cobra".

Has anyone seen anything more on FALLCHILL perhaps?

Best Regards

G

0

1511265380

SEP14RU1 - Memory Exploit Mitigation breaks IE11

November 24, 2017, 2:04 am

≫ Next: ordinateur introuvable

≪ Previous: FALLCHILL

$

0

0

I need a solution

So we are in the process of upgrading our clients from SEP12RU6MP7 to SEP14RU1.

After the initial restart when installing the new version, IE11 is not starting up anymore.
Error Message:

iexplore.exe
The application was unable to start correctly (0xc0000005). Click OK to close the application

Event Log:

Faulting application name: iexplore.exe, version: 11.0.9600.18838, time stamp: 0x59e1b492Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x00000000004e0a8aFaulting process id: 0x2140Faulting application start time: 0x01d3650967e64262Faulting application path: C:\Program Files\Internet Explorer\iexplore.exeFaulting module path: unknownReport Id: a59c52d1-d0fc-11e7-aae2-ecb1d7725227

When disabling the Memory Exploit Mitigation policy, everything works fine again.
The policy even was set to "Set the protection action for all techniques to log only". Bummer.

So, what's the issue here?

0

---

ordinateur introuvable

November 24, 2017, 2:47 am

≫ Next: Sample for POC usage

≪ Previous: SEP14RU1 - Memory Exploit Mitigation breaks IE11

$

0

0

I need a solution

Bonjour,

J'ai un serveur SEPM 14 sous Windows 2016, je suis en train d'effectuer la migration de l'ancien serveur sous W2003 vers ce nouveau serveur sous Windows 2016.

Les clients se situent dans différents sous réseaux.

J'ai demandé à mon admin réseau d'ouvrir les ports recommandés par Symantec via la doc officielle sur le routeur.

Je suis parvenu à migrer une bonne partie du parc mais je rencontre des problèmes pour d'autres sous réseaux.

Lorsque je procdède au déploiement du nouveau package de communication Au moment de la découverte réseau par Symantec, il me dit "Echec : ordinateur introuvable"

Pourtant je parviens à pinguer les postes depuis l'ancien serveur et les pare feu sont désactivés sur tous les clients.

Ma question :

Que fait exactement Symantec lorsqu'il fait une découverte réseau au moment de le mise à jour par exemple du paquet de communication ?

Fait-il un ping pour tester la connexion aux ordinateurs clients ?

Mon admin réseau dit que tout est ok voici les ports qu'elle a ouvert :

TCP 139, 445, 22, 2967, 2638, 1433, 8443, 9090, 8014, 443, 8445, 8446, 8447, 8765,1100

UDP : 137, 138

Merci de m'éclairer.

0

Sample for POC usage

November 23, 2017, 10:37 pm

≫ Next: Auto Installation after puting client in client group

≪ Previous: ordinateur introuvable

$

0

0

I need a solution

How to demonstrate Advance Machine Learning, Memory Exploit Mitigation & Browser Protection for POC.

Please advise sample malware/URL. thanks

0

Auto Installation after puting client in client group

November 24, 2017, 2:29 am

≫ Next: To upgrade 12.x to 14.x

≪ Previous: Sample for POC usage

$

0

0

I need a solution

Hello,

i am new here and have a questinon. 
I create several client groups for exampel "Windows Server" in SEPM. In this group i create a client installation package.

If thougt that the rollout starts if i put a client pc in this group but nothing happens.

What did i wrong or is it not possible that the package was enrolled automaticaly after puting the client in the group?

Thank you very much!!!

0

To upgrade 12.x to 14.x

November 24, 2017, 6:35 am

≫ Next: SEP 14: What is "User Allowed" in monitors?

≪ Previous: Auto Installation after puting client in client group

$

0

0

I need a solution

Hi Everyone,

We are exploring the option to upgrade the SEPM management server as well as client from 12.x to 14.x.

Current setup we have 3 management server with each site .

Reporting been collected from each server .

Please advise if the below option can be implemented

Install the SQL 2014 - Are we able to Migrate the DB from 2008 to 2014

Install 2016 OS - With same name and IP for the management servers so that client side no need to change the config.

Is it possible to replicate the data between all the three sites like HA or secondary site and can client get the data from any one of the available servers?

Is it possible to get reporting from one common console .

0

SEP 14: What is "User Allowed" in monitors?

November 24, 2017, 6:38 am

≫ Next: Linux client

≪ Previous: To upgrade 12.x to 14.x

$

0

0

I need a solution

Hi guys.  In SEPM for SEP 14 I am looking at a computer that had a detection that went to quarantine.  Routine setuff.  Yet of course attacks are less that routine these days.  

But anyway, when I go to Monitors in SEPM, do a Risk search for the past 24 hours, I see this one computer and it's one detected file placed in quarantine.  Along the top, the column headers, it shows thiuns like the Action option, the file path of the detection, etc.  But what is "User Allowed".  It says No here.  The SEPM help contents screen doesn't have very good search it seems as "user allowed" just brings up a million unlrelated results.  I was about to go Boolean when I realized, humans are smarter, so here I am posting.  

Also while I'm at it, I'm curious.  The detection seems to be the result of a Word document by email.  User clicked the doc..."nothing happened", but the doc never opened.  My guess would be this wa a VB sc ript that called out to a server somewhere, downloaded the actual malware, and who knows from there.  But, the detection found the file inm the reycle bin.  Let's assume the user did not place it there.  Have you guys seen virus attacks whereby the dropper or Word doc with macro/vb whatever, that wasn't the malware itself but called in the malware from the net, try to delete itself and only make it to the Recycle Bin?  

If I'm making any sense, please answer.  But as I wreite this, I feel I need a coffee to wakeup.  

0

Linux client

November 24, 2017, 7:24 pm

≫ Next: SEP 14 Standard size client

≪ Previous: SEP 14: What is "User Allowed" in monitors?

$

0

0

I need a solution

I have 12.1.5 and was wanting to test the linux client. Read another post that said there should be a savlinux directory in my download (which there isn't). Yet another post said I can download the client from the software downloads portal where I got 12.1.5 (its not listed). Is there still a linux client for 12.1.5 small bix edition, and if so how do I get it keeping in mind I have already searched and tried what was suggested.

Thanks

0

SEP 14 Standard size client

November 26, 2017, 7:20 pm

≫ Next: Different SEP version

≪ Previous: Linux client

$

0

0

I need a solution

According to the following article, SEP 14 standard size client will use virus and spyware definitions in the cloud.

If i have SEPM, whether client will still use virus and spyware definitions in the cloud.?

Uses virus and spyware definitions in the cloud.

https://support.symantec.com/en_US/article.HOWTO125381.html

0

---

Different SEP version

November 26, 2017, 6:27 am

≫ Next: SID: 28173] Web Attack : Malvertisement Website Redirect 21 attack blocked. Traffic has been blocked for this application: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

≪ Previous: SEP 14 Standard size client

$

0

0

I need a solution

Hi all

We're in need of an older SEP version but the portal contains only the latest. Is there an option to download older versions?

Thanks in advance.

0

1511802386

SID: 28173] Web Attack : Malvertisement Website Redirect 21 attack blocked. Traffic has been blocked for this application: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

November 27, 2017, 6:39 am

≫ Next: SEPM 14 location settings import from SEPM 12?

≪ Previous: Different SEP version

$

0

0

I need a solution

bonjour,

j'ai une solution antivirus Symantec nedpoint Protection Manager 14MP1, au niveau des PC j'ai le client installé SEP 14MP1 et  12.1.6MP4 à jour ; et la majorité de mes PC sont infectés avec se message  d'infection

[SID: 28173] Web Attack : Malvertisement Website Redirect 21 attack blocked. Traffic has been blocked for this application: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

j'ai vérifié au niveau des machines,  symantec ne detécte rien,  malgré que j'ai soumissioné plusieurs fois des virus dèrnièrement

0

SEPM 14 location settings import from SEPM 12?

November 27, 2017, 8:15 am

≫ Next: Report showing SEPM Administrators

≪ Previous: SID: 28173] Web Attack : Malvertisement Website Redirect 21 attack blocked. Traffic has been blocked for this application: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

$

0

0

I need a solution

I am doing a clean build of SEP 14 to replace our SEP 12 install. We will be using GUPs in the same places as before, albeit on new VMs, but the location IPs wont change, Is there a way to export and import the location data? I dont want any other settings to import, I just dont want to re enter the 3 or 4 dozen locations by hand. 

thanks! 

0

Report showing SEPM Administrators

November 27, 2017, 11:00 am

≫ Next: new 14.1 application hardening feature for clients

≪ Previous: SEPM 14 location settings import from SEPM 12?

$

0

0

I need a solution

Is there a report I can run in the SEPm to output the SEPM Administrators and what level of control they have over the product? I went through all the report in the Report section, but couldn't find anything. Just hoping there's something easier than screenshotting every administrator and their respective roles...Thanks

0

new 14.1 application hardening feature for clients

November 27, 2017, 1:30 pm

≫ Next: Intrusion Prevention Signatures failed to install.

≪ Previous: Report showing SEPM Administrators

$

0

0

I need a solution

I know this requires cloud portal enrollment.

How do I know if the required *subscription* is included in our SEP version/subscription/whatever?? -- or is this *another* separate product we must rent??

Thank you, Tom

0