Hi,
After the migration from SEP 12 to 14 we are seeing a few windows logs error with above event ID - 69 .The error seems to be " Message: Scan Failure: Enhanced scan failedApplication has encountered an error" . I searched the windows logs entires for 12.x but couldnt find there and there is no article for 14.x yet.
Have anybody seen this error code?
Since i upgradde SEPM from 12 to 14 , i'm not getting any email motification from SEPM. by checking the scm-ui logs i found this below :
Hello,
I currently get a Security Status Summary report every day that tells me if we have malfunctioning clients in my environment (see the attachmed image). The aggravating thing is though that I do not know how to quickly drill expand those results to see the details about the specific clients experiencing the issues.
Is there a way to identify the malfunctioning clients without having to download & filter the huge computer status spreadsheet?
Thanks,
Several systems on Windows 10 - v1607 with SEP 14 MP2 with SEP Detection Results popups that is blank:
Anyone seen this? what is the fix?
Hi,
we have a Windows Server 2008 R2 with Symantec Endpoint Protection Manager 14.0.1904.0000. The SEPM
is istalled on our server, not in the cloud. This server also has the Symantec Endpoint Protection
client, version 14.0.1904.0000. The server is also a DC in our 2008 R2 Windows domain (domain
functional level: server 2008 R2, forest functional level: server 2008 R2).
We have a 12 seat license. We have 2 servers and 9 workstations. The workstations are Windows 7.
They all have the Symantec Endpoint Protection client, version 14.0.1904.0000.
Recently we replaced two workstations with two new Windows 10 Pro machines. Both are Win 10 version 1709,
(Fall Creators Update). They have hostnames EllPC and UnnPC. I tried to export a client from
SEPM and install on these machines, but it would not install. Then I read this
Windows compatibility with the Endpoint Protection client
https://support.symantec.com/en_US/article.TECH235...
and this
Endpoint Protection support for Windows 10 updates and Windows Server 2016
https://support.symantec.com/en_US/article.TECH235...
and downloaded the client according to:
https://support.symantec.com/en_US/article.TECH103...
I downloaded the most recent client from Symantec and it installed fine on both machines. It was
SEP version 14.0.3752.1000 (14 RU1). I did Export Communication Settings from SEPM and read the resulting file
into SEP on both macines. Worked fine.
Problem is that in SEPM, Clients window, only one of the two new machines appear. Sometimes it is Ell,
othertimes it is Unn. But both machines never appear at the same time. If I go out to the client
machines, and in SEP do Help-Troubleshooting-Management, I can see that sometimes is Server: Offline.
Othertimes the Server is correct. The green dot in the taskbar sometimes is there, sometimes not.
It seems like the server can only communicate with one Win10 client at a time. Or alternatively can only comprehend one Win10-license at a time. Is this so? Why? How do
I fix it? We never have this problem with the Win7 clients.
Grateful for suggestions.
windows security suite is says my Symantec is out of date but the SEP says I am up to date how I can fix that?
Hello,
Recently we are observing events related to SMB bruteforce in the environment. I'm not sure what does it indicates. I checked Symantec documentation. The event secerity is low, but no clarity as tio what kind of activity this event indicates. If anyone have more understanding about this can share there views.
[SID: 30429] Audit: SMB Bruteforce Attempt attack blocked. Traffic has been blocked for this application: SYSTEM,
Local: XX.XX.XX.XX,
Local: 000000000000,
Remote: ,
Remote: XX.XX.XX.XX,
Remote: 000000000000,
Inbound,TCP,
Intrusion ID: 0,
Begin: 2017-12-07 10:41:36,
End: 2017-12-07 10:41:36,
Occurrences: 1,
Application: SYSTEM,
Location: Default,
User: XXXX,
Domain: XX,
Local Port 63283,
Remote Port 445,
CIDS Signature ID: 30429,
CIDS Signature string: Audit: SMB Bruteforce Attempt,
CIDS Signature SubID: 76406,
Intrusion URL: ,
Intrusion Payload URL:
Hello,
I'm looking for some details how to track outgoing emails from SEPM. Is there a specific log or table/view in a database where I can track this? Of course, there is Last Run Time in GUI but I wanted a little bit more. Is it true that they fall into some queue if SEPM or SMTP is unavailable at the time where the report should be sent?
Best regards,
PG
Hi,
Last night I ran a custom scan for one group of clients from SEPM via a policy. To my emberrasment I'm really struggling to find how to see the results of this scan. I've spent ages going through the reports and monitors but I can't find what I want.
Is there no way to see the results of a specific scan / policy? I can't even see how you select a specific group of clients when creating a scan report. Makes me think I'm going about this completely the wrong way.
SEPM 14.0.2349.0100
Good Day,
I wanted to find out if one can move and embedded databse from a standalone server to a replication server
Thanks in advance
I am facing issue that my SEP client can not read logs in other languages
i have folders in my computer and there folders having names in other languages not in english and in computer its showing fine everything is working perfect but when i check the logs its showing ?????????????????????
how to add others languages in SEP to read logs
Unable to disable the SEP from right click. 12 version clients are disabled but 14 versions clients are not getting disabled. I made sure the policy is updated and policy number is also matching. SEPM is 14 version.
Hello,
i want to know if there is "best practices" that i should follow when using SEPM 14.0.1 with SQL Server 2016 ?
Thank you for your answers and time
KR
N.Achraf
Hello;
I recently updated my SEPM to version 14.x. Upon completion, the clients no longer reported as online. As a matter of fact, they were not even resident in the original client structure. I proceeded to add the AD Computer group, copy the client computers from there back into the original structure, and began pushing the updated clients.
Pushing the updated clients from the SEPM side reported as mostly Successful. The client computers, after restart, were on the new Client version. SEPM still reported them all as offline and the clients, under Troubleshooting, reported the correct Server, but the incorrect Group. I attempted to push updated client communications, which resulted in a successful deployment, but same results.
I went through all the troubleshooting steps I could find, for this version and previous versions. All have proven unsuccessful. Could someone please point in me in the right direction for additional troubleshooting/resolution. . . .thanks.
In the Syslog export for the Agent Risk logs, the key for the filepath field seems to be misplaced. The value of the filepath is in the position within the CSV where I would expect the field header for Filepath to exist.
Is anyone else able to corroborate this?
(sample below)
Header from the Syslog Export:
Source: Auto-Protect scan,
Risk name: EICAR Test String,
Occurrences: 1,
C:\Users\Administrator\Documents\Symantec\eicar.com,,
Actual action: Cleaned by deletion,
How do we allow a Windows 10 Standard User from allowed to disable SEP from right clicking on the icon.
Hi
I need Install Symantec Enpoinprotection for Windows 10 . But I Can't Install Symantec Enpointprotection for windows 10.
This query is in relation to the recent news on “Process Doppelganging. pleae share the coverage from Symantec Endpoint Protection.
Hi All,
I've only webconsole access to my SEPM server.
I'm able to login to SEPM console and can view logs in Monitor page but unable to export them.
I'm getting below error message:
"Your connection is not secure
The owner of 10.178.40.237 has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website."
Please let me know how to proceed.
Hello, We are on SEPM 14 MP2. We have 1 SEP Manager and about a dozen endpoints/client machines running Windows OS. We are noticing that the ccSvcHst.exe process on all the endpoints tries communicating with some public ip-addresses very often. These public ip's belong to Microsoft and the traffic is over port 443. Please see below screenshot. We understand this is safe/legit communication but how can we disable the clients from not making these connection attempts at all ?
The issue is our network firewall is getting overwhelmed because all the clients (that have symantec endpoint) keep trying to connect to those public ips every now n then. I am fine if the SEPM manager server communicates out to internet for updates and other normal stuff but we dont want clients to keep going out as well. I have checked with Symantec support n they are saying this is default behaviour of SONAR and Auto Protect feature as it does ip-reputation lookups.
In the SEPM Manager, Under "Policies >> LiveUpdate Settings Policies" we have made sure that the Windows client settings are set to use the "Default Management Server" only for updates . This has been verified with tech support so there should be no reason for clients to check further online for anything. The other option somewhere to send anonymous data has also been disabled.
Surely in an environment which has 1000s of endpoints, this can cause lot of un-necessary traffic on the firewall leading to frustation. Any words of advise ?