Hello all,
I after we deploy a client, its failing to update its IPS signature, we are getting this errors:
"An update for Intrusion Prevention Signatures failed to install. Error: Content update general error (0xE0010001), DuResult: General error (32)."
And
"New content update failed to download from Group Update Provider.
Remote file path: http://GUPSERVER:2967/content/{0D03AEA1-B630-43F8-828E-F10E80A68B99}/171124021/Full.zip"
After the upgrade from 12.1 to 14 having this issue , Also if i try to run Live update from the all programs it says " LiveUPdate could not access it's settings."
Need help ASAP...
Is it possible to leverage the SEPM to proxy LiveUpdate definitions to endpoints without having to set up a LiveUpdate server?
Hi All,
new to sep/sepm, i am trying to find a change log of a setting that was changed under admin>server> is there a log anywhere of this?
Hello Dear.
I have question about SEPM , now we already using SEPM 12.X to manage all client ( Windows xp and Win 7 ). but we have problem to installing SEP12.X to windows 10 ( we have 3 operating system on client win xp, win 7 and win 10 ). the question is:
Its that possible to install SEPM 12.X and SEPM 14.X in one server ( Win Server 2008R2 ) ?
thanks for attention.
If you change and IPS rule from Block to Allow, how do you set this exception for a specific IP?
Example: rule 123: Vul scanner, action block.
Change above rule action from block to allow so scanner IP is no longer blocked. However this rule would apply to any IP that can use a scanner. How to only allow the above rule to be applied to only the authorized scanner IP.
Directed assaults on private ventures are expanding quickly, as are fines and advertising bad dreams coming about because of ruptures and information misfortunes. The best endpoint security gives different boundaries against malware, organize interruptions, information misfortune and burglary. The most skilled likewise give advancements to overseeing representative claimed gadgets that regularly approach corporate assets to additionally enable chairmen to secure systems printer driver download. While considering another endpoint arrangement, consider the sort and number of endpoints, how it is being facilitated (cloud-based endpoint insurance, facilitated nearby or in a virtualized situation), what administration instruments are required (nearby, remote, portable), execution desires and expert help choices.
The assessed endpoint assurance arrangements were looked over a scope of worldwide security organizations that all have high malware location scores and a demonstrated capacity to ensure a huge number of endpoints. Most offer a scope of organization arrangements programming (with refreshes by means of the web) or cloud-based business security facilitated by the security organization. A few innovations can be facilitated in between organization mists or from a virtualized situation. Some likewise offer specialist organization alternatives for those that need to collaborate with the security organization to give security to their own particular customers.
The span of your organization does not make a difference with regards to endpoint assurance; numerous security organizations offer arrangements that can secure 10 or thousands of endpoints. To enable you to settle on your buying choice, read our articles about endpoint assurance and audits of the best security suppliers: Symantec, whose arrangement incorporates with its honor winning reinforcement advances; Kaspersky, which gives everything organizations require to midway oversee endpoints and additionally numerous organization errands; and Sophos, which ensures all endpoints – even Windows and Blackberry cell phones.
While picking the best endpoint assurance for your organization, undeniably, you are picking an organization to cooperate with to help deal with your organization's security. You are confiding in the organization to give you the vital innovations to ensure your organization, and you need help accessible when you require it. You additionally need the organization to develop nearby cybercrime advances to give new innovations in an opportune way. On the off chance that you endure a noteworthy security issue, for example, a focused on assault, loss of information or robbery, you have to realize that you can get one-on-one or even nearby help if necessary. For these surveys, we took a gander at organization notoriety, years in business, client base and piece of the overall industry in canon mx922 driver, and malware recognition scores. We additionally ordered data on what sort of endpoints every business security organization can ensure, the apparatuses it accommodates directors, asset use desires and expert administrations advertised. Utilizing the data in these audits, you can make a rundown of the best a few organizations to contact for extra data and a modified quote.
Policy changes does not apply to all groups.
I have around 200 groups under my main parent domain, Default, when I change the parent group it does not apply to all groups.
on the individual groups, that does not apply, I uncheck the policy and recheck it again, and waited till the next day and the policy has not applied.
Any idea how I resolve this?
Hi,
We are currently using SEPM 12.1.7004.6500 version. Please let us know how to upgrade our existing version. if anyone can help us with the steps and precautions to be followed doing it.
Regards,
Anishk
Prevention is far easier than recovery when it comes to ransomware. Just raising awareness of an upcoming 60 minute long webinar that concerned admins can attend (free!) on the current state of the Ransomware threat landscape and how best to defend against today's latest threats. This webinar will take place on Dec 12 2017 and will be available for viewing afterwards. Click below for more details and to register.....
Defense Against a Ransomware Attack: Latest Research and Best Practices
Kevin Haley, Director of Security Response, Symantec
https://www.symantec.com/about/webcasts?commid=277097
Hi,
I want to migrate our SEPM V12.1 to another HW (version will remain same), almost 700 clients are attached with that server. So that i have to migrate the SEPM without disturbing the clients. For the testing purpose, First I want to move 10 clients to the new server and then remaining. Can you please guide for the same.
BR//
Pradeep
Our environment is SEPM / SEP version 14, and we have an Application and Device policy set up to log all USB file transfers, however we noticed the logging is inconsistent.
For example, someone in our robocopy'd 180,000 files to a USB HDD, however our Splunk only reported approx 300 files. I traced it back to SEPM14, it showed 300 files, then SEP client on their workstation showed only 300 files in the control log. I did some additional testing with some more robycopy / Windows Explorer copy (different users and workstations), and the client was only logging a very small subset of the files which were transferred.
We noticed the client control log was only set at 1MB in the policy, this has been increased to 9.999MB (max) and this has improved the logging a little, but it is only about 15/20% of total files.
Is there something incorrect with our policy, or client config? Surely SEP14 client has the ability to correctly log all file transfers?
Additionally, the logging only reports "Parameter D:/USB-Copy-Test/taskmgr.exe", which says the file copied was "D:/USB-Copy-Test/taskmgr.exe", but it doesn't log where the files were copied from.
For example, if someone copies a heap of corporate information onto an external HDD, the process doesn't show where it originated from, so the security team don't know which business group owns the data, or if pirate media is hidden on our network drives somewhere.
Is there a way to get the "source file / locate" into the logs?
Hello Techies,
I have added an new user in SEPM as an administrator , however the id is not able to see all the client groups,
In Acces Rights - Selected System administrator however the id cant view all the clients is there any way how to check further.
Hello,
Did anyone notice any issues with the scheduled reports from Virus definition distribution after upgrade of the SEPM to 14 RU1?
Seems that the scheduled report does not show correct status when in the console there are SEP 12 and SEP 14 clients.
Also when running manually report (from Reports -> Computer Status) and comparing the number of machines for Virus definition distribution and Symantec Endpoint Protection Versions using the same filter (for example all machines connected during past 24 hours) it shows big difference. However doing the same from SEPM 12.1 RU6 MP9 for example, it reports the same numbers.
I have upgrade SEPM to 14.01, and have rolled out the updated client (14.0.3752.1000) - about 50% complete on the rollout. I FINALLY got my enrollment email (I had to contact support) to enroll my SEPM into the cloud portal. I got enrolled and my clients (devices) are showing up, but they all have a status of "Unknown" and have no data for "Last Connected". I have three questions:
Thanks,
Jesse Cail, CISSP, GSEC
Security Engineer
City of Sandy Springs, Georgia
Environment: Windows 7 PRO SP1 64-bit, SEP 14 MP2
We are looking for information.
There is Symantec knowledge base article https://support.symantec.com/en_US/article.TECH162286.html that specifies all of the URLs that SEP 14 connects to. We are researching the best way to allow these URLs to be accessed through our gateway firewall without inteference. It appears that the most straightforward way is to exclude the URLs by IP, rather than FQDN.
Does anyone know if the IPs for the 20+ URLs named in TECH16226 remain constant, never changing?
We are aware of the warning in https://support.symantec.com/en_US/article.TECH102059.html for the LiveUpdate server IPs. They do not remain constant.
We need to know about the other URLs' IPs.
Thanks
I have a bunch of policies that were migrated into the cloud from my SEPM when I enrolled. I started working to consolidate those into the default policies so that I have less policies to look at. I started with the imported workstation Black List Policy. It shows that it is not a member of any policy groups and is not applied to any device groups, but I am unable to delete it. The portal gives the following error, and I've attached a screen shot as well. Any ideas?
Unable to delete policy as it is either assigned to device group or is part of policy group. (error code: 5110)
On Symantec Endpoint Protection, the tools included will be described in details on the below link -
http://support.symantec.com/en_US/article.HOWTO123990.html
I saw another thread on this but it didn't look like there was an answer or resolution to this. I have run into his on a handful of non-critical servers and it makes me nervious about applying this update to our critical servers if its a crapshoot as to whether or not they will reboot cleanly or not. Maybe I am missing the resolution for this?
Yesterday i tried to do backup of database but it failed. neither via "backup and restore" or via sepm console. But Sepm console was working. Today db is down and console doesn't work. I tried to force run db without log, failed.
Now symantec embedded database service wont start.
scm-server-0.log:
2017-11-30 13:00:16.809 THREAD 33 SEVERE:
com.sygate.scm.server.metadata.MetadataException:
at com.sygate.scm.server.metadata.MetadataManager.getConnectionNoCheckRequireTransactionId(MetadataManager.java:1023)
at com.sygate.scm.server.metadata.MetadataManager.getConnection(MetadataManager.java:989)
at com.sygate.scm.server.metadata.MetadataManager.getConnection(MetadataManager.java:1029)
at com.sygate.scm.server.db.util.DbHelper.getInstance(DbHelper.java:113)
at com.sygate.scm.server.db.util.DbHelper.getInstance(DbHelper.java:107)
at com.sygate.scm.server.task.AgentLogCollector.execute(AgentLogCollector.java:130)
at com.sygate.scm.server.task.MonitoredTimerTask.run(MonitoredTimerTask.java:41)
at java.util.TimerThread.mainLoop(Timer.java:555)
at java.util.TimerThread.run(Timer.java:505)
Caused by: java.sql.SQLException: [Sybase][JDBC Driver][SQL Anywhere]Database server not found
at sybase.jdbc4.sqlanywhere.IDriver.makeODBCConnection(Native Method)
at sybase.jdbc4.sqlanywhere.IDriver.connect(IDriver.java:813)
at org.apache.tomcat.dbcp.dbcp.DriverConnectionFactory.createConnection(DriverConnectionFactory.java:38)
at org.apache.tomcat.dbcp.dbcp.PoolableConnectionFactory.makeObject(PoolableConnectionFactory.java:582)
at org.apache.tomcat.dbcp.pool.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:1185)
at org.apache.tomcat.dbcp.dbcp.AbandonedObjectPool.borrowObject(AbandonedObjectPool.java:79)
at org.apache.tomcat.dbcp.dbcp.PoolingDataSource.getConnection(PoolingDataSource.java:106)
at org.apache.tomcat.dbcp.dbcp.BasicDataSource.getConnection(BasicDataSource.java:1044)
at com.sygate.scm.server.db.util.DatabaseUtilities.getDataSourceDBConnection(DatabaseUtilities.java:457)
at com.sygate.scm.server.db.util.DatabaseUtilities.getDefaultDatabaseConnection(DatabaseUtilities.java:337)
at com.sygate.scm.server.db.util.DatabaseUtilities.getDefaultDatabaseConnection(DatabaseUtilities.java:321)
at com.sygate.scm.server.db.util.DatabaseUtilities.getDefaultDatabaseConnection(DatabaseUtilities.java:311)
at com.sygate.scm.server.metadata.MetadataManager.getConnectionNoCheckRequireTransactionId(MetadataManager.java:1021)
... 8 more