Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all 10484 articles
Browse latest View live

IPS Still blocking IPs even with Allow All rule

December 18, 2017, 5:23 pm
$
0
0
I need a solution

Is there anyway to force the IPS to ignore the 10.200.x.x range? I would have thought that the allow access rule would have stopped this type of blocking

0
1513651210
Search

Additinoal Site installation

December 18, 2017, 11:02 pm
$
0
0
I need a solution

HI,

When i am installing additional management site im getting this error.

​Please assist.

0

Details of Active Scan location

December 19, 2017, 1:22 am

moving sepm to new sepm

December 19, 2017, 1:25 am
$
0
0
I need a solution

Hi Team,

Please suggest best way to move sepm to new sepm.

details -4 sepm load balanced with sql and need to setup same policy configuration to new sepm with new sql.

0

Hash value

December 19, 2017, 5:04 am
$
0
0
I need a solution

Does someone knows the site to check hash value coverage in bulk.

using virustotal.com only one ny one can be checked, i need for bulk. 

0

File Integrity Monitoring

December 19, 2017, 8:05 am
$
0
0
I need a solution

Hello, we are using SEPM 14 Mp2.  Is the Host based integrity monitoring feature same as File Integrity monitoring (FIM) ?  Can we leverage it to track and prevent unauthorized changes to system files, folders , registry etc?  

0

Allowing/disabling exceptions

December 19, 2017, 11:14 am
$
0
0
I need a solution

Currently we allow all users to add exceptions to Symantec. If we were to disable all client restrictions for creating exceptions, would this affect all currently created exceptions or only new ones after this point.

Is there a way for all clients to report back to the SEPM with that exceptions are configured?

We would like to manage all exceptions through SEPM and not invididually on each system.

0
1513719560

How to upgrade MAC clients from SEPM

December 19, 2017, 12:45 pm
$
0
0
I need a solution

How to upgrade SEP MAC Clients to latest version from SEP Manager ?

0
Search

Having to turn SEP off to run windows updates on Server 2012 R2

December 20, 2017, 7:00 am
$
0
0
I need a solution

I currently have 14.0 MP1 on my servers.

Windows update fails unless I disable SEP.

Is this corrected in 14.0.1 RU1?

0

Reporting incorrect

December 21, 2017, 3:32 am
$
0
0
I need a solution

Hi all, Just joined a new company and have been tasked with getting things running a bit smoother.

I have noticed that there are a few servers that are not reporting correctly to the Endpoint Protection Manager correctly.

I am getting daily emails advising the virus definitions are older than 7 days however when i log onto the machines the endpoint is showing as up to date. I have noticed in the reporting logs they seem to be having an issue getting the definitions downloaded.

Can anyone point me in the right direction to get these up to date and reporting correctly?

0

Exception while warming up client agent for applicaton sepm (Exception java.lang.NullPointerException)

December 21, 2017, 7:11 am
$
0
0
I need a solution

Hi everyone,

I've observed a strange phenomenon; the manifestation of which has been discussed here but the symptom is different. I'm running SEPM on Window 2016 server and I'm starting to suspect that it's the OS which somehow wasn't tested on 12.x since even at this forum the OS drop down list does not include 2016 as an option; latest one listed is 2012.

A second very wierd thing is this: look at the actual text which is a copy/paste from the log file - the word "applicaton"? Is this just progremmers error when Symantec was compiling the product or is it significant in some other way?

Yes I do get the internal error screen when attempting to login to the SEP GUI but my log errors are different from what has been published under TECH248133

I get the following error in ajaxswing.log (location on Windows server for this log file is C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\logs):

2017/12/21 06:57:07:755 : Thread-3 : [com.creamtec.ajaxswing.core.ClientAgentFactory$1] Exception while warming up client agent for applicaton sepm (Exception java.lang.NullPointerException)
java.lang.NullPointerException

What makes this issue interesting is that if I reboot the SEPM then GUI works fine for a day or two and then its back to the java.lang.NullPointerException. I also don't see any of the accompanying errors in catalina.err described under TECH248133.

Does anyone have suggestions on where to go? My problem is that the symptom has been published with solutions and none work for me.

Thanks

0

Symantec Endpoint Protection is not installing , Erro ; 2381 Directory does not exist : C:\Windows\system32\Drivers\SEP

December 21, 2017, 7:35 am
$
0
0
I need a solution

Can't install client, Need a solution ASAP please...

0

Attempting to enroll a 14 RU1 Symantec Endpoint Protection Manager after December 17th, 2017

December 21, 2017, 7:36 am

Unable to get virus definitions to install

December 20, 2017, 3:29 pm
$
0
0
I need a solution

I have SEP 14 installed on Windows 2012.  This is a computer that does not connect to the internet.  I downloaded the latest definitions file (I've tried both 32-bit and 64-bit just in case), but the updater fails every time.  I've checked the boards and my dlls are set correctly.  How do I solve this?  The application is there but has no definitions at this point.  Thank you.

Wed Dec 20 22:20:23 2017 : ******************************************************************
Wed Dec 20 22:20:23 2017 : Starting Intelligent Updater - Version 5.1.7.21
Wed Dec 20 22:20:23 2017 : ******************************************************************
Wed Dec 20 22:20:23 2017 : AUTH SYMSIGNED BEGIN: Started.
Wed Dec 20 22:20:23 2017 : AUTH SYMSIGNED CLASS3 BEGIN: Entering CriticalSection Initialization .
Wed Dec 20 22:20:23 2017 : AUTH SYMSIGNED CLASS3: Finding code signing : TRUE.
Wed Dec 20 22:20:23 2017 : AUTH SYMSIGNED END: Finished processing. Returns TRUE
Wed Dec 20 22:20:23 2017 : IU RES SYMSIGNED SUCCESS: Successfully verified Symantec Signature for the iuResource DLL
Wed Dec 20 22:20:23 2017 : IU RES LOAD: Successfully loaded the resource file..
Wed Dec 20 22:20:23 2017 : CONFIG LOAD SUCCESS: Successfully loaded the configuration file: iuConfig.xml.
Wed Dec 20 22:20:23 2017 : IU INFO: File-name : 20171220-008-Core16v5i32.EXE
Wed Dec 20 22:20:23 2017 : IU INFO: Creation-date : 20171220
Wed Dec 20 22:20:23 2017 : AUTH DLL LOCATION: IU will read the DLL SAVIUAuth location from registry.
Wed Dec 20 22:20:24 2017 : REG FAILURE: Failed while opening the key  from registry. Return code: 2
Wed Dec 20 22:20:24 2017 : REG SUCCESS: Success while opening key 
Wed Dec 20 22:20:24 2017 : REG SUCCESS: Succeeded while fetching the path from registry.
Wed Dec 20 22:20:24 2017 : AUTH DLL: DLL found for Entry number 0.
Wed Dec 20 22:20:24 2017 : Identified as 32-bit product installation. Continuing...
Wed Dec 20 22:20:24 2017 : IU MODE: IU is running is FULL mode.
Wed Dec 20 22:20:26 2017 : CONFIG LOAD SUCCESS: Successfully loaded the configuration file: iuConfig.xml.
Wed Dec 20 22:20:26 2017 : IU INFO: File-name : 20171220-008-Core16v5i32.EXE
Wed Dec 20 22:20:26 2017 : IU INFO: Creation-date : 20171220
Wed Dec 20 22:20:26 2017 : PROCESSING ENTRY: VIRSCAN.zip - Virus Definitions
Wed Dec 20 22:20:26 2017 : Entry details:
Wed Dec 20 22:20:26 2017 : Update-File: VIRSCAN.zip
Wed Dec 20 22:20:26 2017 : Update-Desc: Virus Definitions
Wed Dec 20 22:20:26 2017 : Auth DLL Name: SAVIUAuth
Wed Dec 20 22:20:26 2017 : Auth DLL Location: local
Wed Dec 20 22:20:26 2017 : Auth Content-Type: virus definitions x32
Wed Dec 20 22:20:26 2017 : Deploy Content-Type: virus definitions x32
Wed Dec 20 22:20:26 2017 : Deploy DLL Name: SAVIUDeploy
Wed Dec 20 22:20:26 2017 : Deploy DLL Location: local
Wed Dec 20 22:20:26 2017 : AUTH DLL LOCATION: IU will read the DLL location from registry - SAVIUAuth
Wed Dec 20 22:20:26 2017 : REG SUCCESS: Success while opening key 
Wed Dec 20 22:20:26 2017 : REG SUCCESS: Succeeded while fetching the path from registry.
Wed Dec 20 22:20:26 2017 : DEPLOY DLL LOCATION: IU will read the DLL location from registry - SAVIUDeploy
Wed Dec 20 22:20:26 2017 : REG SUCCESS: Success while opening key 
Wed Dec 20 22:20:26 2017 : REG SUCCESS: Succeeded while fetching the path from registry.
Wed Dec 20 22:20:26 2017 : AUTH SYMSIGNED BEGIN: Started.
Wed Dec 20 22:20:26 2017 : AUTH SYMSIGNED CLASS3 BEGIN: Entering CriticalSection Initialization .
Wed Dec 20 22:20:26 2017 : AUTH SYMSIGNED CLASS3: Finding code signing : TRUE.
Wed Dec 20 22:20:26 2017 : AUTH SYMSIGNED END: Finished processing. Returns TRUE
Wed Dec 20 22:20:26 2017 : AUTH SYMSIGNED SUCCESS: Successfully verified Symantec Signature for the authorization dll C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Bin\LuAuth.dll
Wed Dec 20 22:20:26 2017 : AUTH LOAD SUCCESS: Successfully loaded the authorization dll - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Bin\LuAuth.dll
Wed Dec 20 22:20:26 2017 : AUTH SYMSIGNED BEGIN: Started.
Wed Dec 20 22:20:26 2017 : AUTH SYMSIGNED CLASS3 BEGIN: Entering CriticalSection Initialization .
Wed Dec 20 22:20:26 2017 : AUTH SYMSIGNED CLASS3: Finding code signing : TRUE.
Wed Dec 20 22:20:26 2017 : AUTH SYMSIGNED END: Finished processing. Returns TRUE
Wed Dec 20 22:20:26 2017 : DEPLOY SYMSIGNED SUCCESS: Successfully verified Symantec Signature for the deployment dll C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Bin\DuLuCbk.dll
Wed Dec 20 22:20:26 2017 : DEPLOY LOAD SUCCESS: Successfully loaded the deployment dll - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Bin\DuLuCbk.dll
Wed Dec 20 22:20:26 2017 : AUTHORIZATION FAILED: VIRSCAN.zip is not authorized for deployment. Error code : 104
Wed Dec 20 22:20:26 2017 : IGNORE ENTRY: Ignoring entry for VIRSCAN.zip because it is not authorized for deployment
Wed Dec 20 22:20:26 2017 : PROCESSING ENTRY: VIRSCAN.zip - Virus Definitions
Wed Dec 20 22:20:26 2017 : Entry details:
Wed Dec 20 22:20:26 2017 : Update-File: VIRSCAN.zip
Wed Dec 20 22:20:26 2017 : Update-Desc: Virus Definitions
Wed Dec 20 22:20:26 2017 : Auth DLL Name: ISAuthDLL
Wed Dec 20 22:20:26 2017 : Auth DLL Location: local
Wed Dec 20 22:20:26 2017 : Auth Content-Type: virus definitions x32
Wed Dec 20 22:20:26 2017 : Deploy Content-Type: virus definitions x32
Wed Dec 20 22:20:26 2017 : Deploy DLL Name: ISDeployDLL
Wed Dec 20 22:20:26 2017 : Deploy DLL Location: local
Wed Dec 20 22:20:26 2017 : AUTH DLL LOCATION: IU will read the DLL location from registry - ISAuthDLL
Wed Dec 20 22:20:26 2017 : REG SUCCESS: Success while opening key 
Wed Dec 20 22:20:26 2017 : REG FAILURE: Failed while fetching the path from registry.
Wed Dec 20 22:20:26 2017 : DEPLOY DLL LOCATION: IU will read the DLL location from registry - ISDeployDLL
Wed Dec 20 22:20:26 2017 : REG SUCCESS: Success while opening key 
Wed Dec 20 22:20:26 2017 : REG FAILURE: Failed while fetching the path from registry.
Wed Dec 20 22:20:26 2017 : IGNORE ENTRY: Ignoring entry for VIRSCAN.zip because of registry read failure. Error occurred while reading the path for the Authorization DLL from the registry.
Wed Dec 20 22:20:26 2017 : The product corresponding to this entry in iuconfig.xml is not installed on the system.
Wed Dec 20 22:20:26 2017 : PROCESSING ENTRY: VIRSCAN.zip - Virus Definitions
Wed Dec 20 22:20:26 2017 : Entry details:
Wed Dec 20 22:20:26 2017 : Update-File: VIRSCAN.zip
Wed Dec 20 22:20:26 2017 : Update-Desc: Virus Definitions
Wed Dec 20 22:20:26 2017 : Auth DLL Name: Norton X32 AuthDLL
Wed Dec 20 22:20:26 2017 : Auth DLL Location: local
Wed Dec 20 22:20:26 2017 : Auth Content-Type: VirusDefs
Wed Dec 20 22:20:26 2017 : Deploy Content-Type: VirusDefs
Wed Dec 20 22:20:26 2017 : Deploy DLL Name: Norton X32 DeployDLL
Wed Dec 20 22:20:26 2017 : Deploy DLL Location: local
Wed Dec 20 22:20:26 2017 : AUTH DLL LOCATION: IU will read the DLL location from registry - Norton X32 AuthDLL
Wed Dec 20 22:20:26 2017 : REG SUCCESS: Success while opening key 
Wed Dec 20 22:20:26 2017 : REG FAILURE: Failed while fetching the path from registry.
Wed Dec 20 22:20:26 2017 : DEPLOY DLL LOCATION: IU will read the DLL location from registry - Norton X32 DeployDLL
Wed Dec 20 22:20:26 2017 : REG SUCCESS: Success while opening key 
Wed Dec 20 22:20:26 2017 : REG FAILURE: Failed while fetching the path from registry.
Wed Dec 20 22:20:26 2017 : IGNORE ENTRY: Ignoring entry for VIRSCAN.zip because of registry read failure. Error occurred while reading the path for the Authorization DLL from the registry.
Wed Dec 20 22:20:26 2017 : The product corresponding to this entry in iuconfig.xml is not installed on the system.
Wed Dec 20 22:20:26 2017 : PROCESSING ENTRY: VIRSCAN.zip - Virus Definitions
Wed Dec 20 22:20:26 2017 : Entry details:
Wed Dec 20 22:20:26 2017 : Update-File: VIRSCAN.zip
Wed Dec 20 22:20:26 2017 : Update-Desc: Virus Definitions
Wed Dec 20 22:20:26 2017 : Auth DLL Name: SSEIUAuth
Wed Dec 20 22:20:26 2017 : Auth DLL Location: local
Wed Dec 20 22:20:26 2017 : Auth Content-Type: virus definitions x32
Wed Dec 20 22:20:26 2017 : Deploy Content-Type: virus definitions x32
Wed Dec 20 22:20:26 2017 : Deploy DLL Name: SSEIUDeploy
Wed Dec 20 22:20:26 2017 : Deploy DLL Location: local
Wed Dec 20 22:20:26 2017 : AUTH DLL LOCATION: IU will read the DLL location from registry - SSEIUAuth
Wed Dec 20 22:20:26 2017 : REG SUCCESS: Success while opening key 
Wed Dec 20 22:20:26 2017 : REG FAILURE: Failed while fetching the path from registry.
Wed Dec 20 22:20:26 2017 : DEPLOY DLL LOCATION: IU will read the DLL location from registry - SSEIUDeploy
Wed Dec 20 22:20:26 2017 : REG SUCCESS: Success while opening key 
Wed Dec 20 22:20:26 2017 : REG FAILURE: Failed while fetching the path from registry.
Wed Dec 20 22:20:26 2017 : IGNORE ENTRY: Ignoring entry for VIRSCAN.zip because of registry read failure. Error occurred while reading the path for the Authorization DLL from the registry.
Wed Dec 20 22:20:26 2017 : The product corresponding to this entry in iuconfig.xml is not installed on the system.
Wed Dec 20 22:20:26 2017 : PROCESSING ENTRY: VIRSCAN.zip - Virus Definitions
Wed Dec 20 22:20:26 2017 : Entry details:
Wed Dec 20 22:20:26 2017 : Update-File: VIRSCAN.zip
Wed Dec 20 22:20:26 2017 : Update-Desc: Virus Definitions
Wed Dec 20 22:20:26 2017 : Auth DLL Name: SSEIUAuth
Wed Dec 20 22:20:26 2017 : Auth DLL Location: local
Wed Dec 20 22:20:26 2017 : Auth Content-Type: csapi_defs
Wed Dec 20 22:20:26 2017 : Deploy Content-Type: csapi_defs
Wed Dec 20 22:20:26 2017 : Deploy DLL Name: SSEIUDeploy
Wed Dec 20 22:20:26 2017 : Deploy DLL Location: local
Wed Dec 20 22:20:26 2017 : AUTH DLL LOCATION: IU will read the DLL location from registry - SSEIUAuth
Wed Dec 20 22:20:26 2017 : REG SUCCESS: Success while opening key 
Wed Dec 20 22:20:26 2017 : REG FAILURE: Failed while fetching the path from registry.
Wed Dec 20 22:20:26 2017 : DEPLOY DLL LOCATION: IU will read the DLL location from registry - SSEIUDeploy
Wed Dec 20 22:20:26 2017 : REG SUCCESS: Success while opening key 
Wed Dec 20 22:20:26 2017 : REG FAILURE: Failed while fetching the path from registry.
Wed Dec 20 22:20:26 2017 : IGNORE ENTRY: Ignoring entry for VIRSCAN.zip because of registry read failure. Error occurred while reading the path for the Authorization DLL from the registry.
Wed Dec 20 22:20:26 2017 : The product corresponding to this entry in iuconfig.xml is not installed on the system.
Wed Dec 20 22:20:26 2017 : PROCESSING ENTRY: VIRSCAN.zip - Virus Definitions
Wed Dec 20 22:20:26 2017 : Entry details:
Wed Dec 20 22:20:26 2017 : Update-File: VIRSCAN.zip
Wed Dec 20 22:20:26 2017 : Update-Desc: Virus Definitions
Wed Dec 20 22:20:26 2017 : Auth DLL Name: SMSDOMIUAuth
Wed Dec 20 22:20:26 2017 : Auth DLL Location: local
Wed Dec 20 22:20:26 2017 : Auth Content-Type: virus definitions x32
Wed Dec 20 22:20:26 2017 : Deploy Content-Type: virus definitions x32
Wed Dec 20 22:20:26 2017 : Deploy DLL Name: SMSDOMIUDeploy
Wed Dec 20 22:20:26 2017 : Deploy DLL Location: local
Wed Dec 20 22:20:26 2017 : AUTH DLL LOCATION: IU will read the DLL location from registry - SMSDOMIUAuth
Wed Dec 20 22:20:26 2017 : REG SUCCESS: Success while opening key 
Wed Dec 20 22:20:26 2017 : REG FAILURE: Failed while fetching the path from registry.
Wed Dec 20 22:20:26 2017 : DEPLOY DLL LOCATION: IU will read the DLL location from registry - SMSDOMIUDeploy
Wed Dec 20 22:20:26 2017 : REG SUCCESS: Success while opening key 
Wed Dec 20 22:20:26 2017 : REG FAILURE: Failed while fetching the path from registry.
Wed Dec 20 22:20:26 2017 : IGNORE ENTRY: Ignoring entry for VIRSCAN.zip because of registry read failure. Error occurred while reading the path for the Authorization DLL from the registry.
Wed Dec 20 22:20:26 2017 : The product corresponding to this entry in iuconfig.xml is not installed on the system.
Wed Dec 20 22:20:26 2017 : PROCESSING ENTRY: VIRSCAN.zip - Virus Definitions
Wed Dec 20 22:20:26 2017 : Entry details:
Wed Dec 20 22:20:26 2017 : Update-File: VIRSCAN.zip
Wed Dec 20 22:20:26 2017 : Update-Desc: Virus Definitions
Wed Dec 20 22:20:26 2017 : Auth DLL Name: SMSMSEIUAuth
Wed Dec 20 22:20:26 2017 : Auth DLL Location: local
Wed Dec 20 22:20:26 2017 : Auth Content-Type: virus definitions x32
Wed Dec 20 22:20:26 2017 : Deploy Content-Type: virus definitions x32
Wed Dec 20 22:20:26 2017 : Deploy DLL Name: SMSMSEIUDeploy
Wed Dec 20 22:20:26 2017 : Deploy DLL Location: local
Wed Dec 20 22:20:26 2017 : AUTH DLL LOCATION: IU will read the DLL location from registry - SMSMSEIUAuth
Wed Dec 20 22:20:26 2017 : REG SUCCESS: Success while opening key 
Wed Dec 20 22:20:26 2017 : REG FAILURE: Failed while fetching the path from registry.
Wed Dec 20 22:20:26 2017 : DEPLOY DLL LOCATION: IU will read the DLL location from registry - SMSMSEIUDeploy
Wed Dec 20 22:20:26 2017 : REG SUCCESS: Success while opening key 
Wed Dec 20 22:20:26 2017 : REG FAILURE: Failed while fetching the path from registry.
Wed Dec 20 22:20:26 2017 : IGNORE ENTRY: Ignoring entry for VIRSCAN.zip because of registry read failure. Error occurred while reading the path for the Authorization DLL from the registry.
Wed Dec 20 22:20:26 2017 : The product corresponding to this entry in iuconfig.xml is not installed on the system.
0

Upgrade SEP 12 to SEP 14 and use new Sylink.xml

December 21, 2017, 8:28 am
$
0
0
I need a solution

Hi,

We are upgrading the SEP 12 client on 7,000 Windows 7 desktops to SEP 14.  We have SEPM 12 servers and new SEPM 14 servers.  The SEP 12 clients are currently being managed by the SEPM 12 servers they have to be switched to the SEPM 14 servers when upgraded.

The SEP 14 client install has the SEPM 14 SyLink.xml, but it seems to be ignored when updating the client as once the update is complete the client is still communicating with the "old" SEPM 12 servers.

I tried using KeepPreviousSetting=0 in SetAid.ini, but that results in the upgraded client being self-managed.

Is there a way to tell the SEP 14 client upgrade to use the new SyLink.xml when upgrading without having to manually run something like SylinkDrop before launching the upgrade ?

Thanks

0
Search

SEPFL: How do I make sure many clients don't render network drives unusable?

December 22, 2017, 8:09 am
$
0
0
I need a solution

We are running SEPFL on CentOS, and we're concerned that a large number of managed clients running their scheduled scans at the same time will basically DDoS the file server.  Users' home directories are stored on a networked drive.  If every single client runs its scheduled scan at 00:30, we're worried that people using applications that require data on the network will be unable to get their work done.

The first question is simply: Is this something that we need to be worried about?  or is SEP really smart about these things so that it doesn't create issues with this?

The second question is, supposing that this is a very real issue: How do I make sure SEP doesn't render the network drives unusable during scheduled scans?  One possible, though potentially messy to maintain solution I've come up with is setting individual clients to stagger their scans.  As I understand it, this would be done with the sav scheduledscan command; however, I would need to delete the default scheduled scan.  The command to delete the scan requires the scan ID.  I do not know how to get it.  I run the list command, but it apparently doesn't give the scan ID.  It has a column called S.No which says the default scan is number 1, but when I run the info command for scan ID 1, it says "Scan not found".

Any help is appreciated.
 

0

Endpoint Detection and Response Status "no status reported"

December 22, 2017, 2:08 pm
$
0
0
I need a solution

Hi- I am running SEP on both Mac and Windows, versions 12 and 14 on both OSs. When I run the scheduled report Client Status\Client Inventory Details, I have all of the clients show the Endpoint Detection and Response Status field as either "no status reported" or "disabled".

I discovered that "disabled" indicates that one or more components on the client have been diabled. What does "no status reported" mean?

This is on both OSs, both versions of SEP. Virus definitions and IPS signatures are updating as expected. SEP Manager is version 14.0.2349.0100 running on Winodws Server 2008 R2 

Thanx

OregonSteve

"Never, never doubt what nobody is sure about." -Willy Wonka

0

Linux Machines (RedHat, Ubuntu, etc) are not directly taking updates from the SEPM

December 25, 2017, 12:31 am
$
0
0
I need a solution

I have linux machines with different Linux OS RedHat, Ubuntu, etc..

issue is all Linux Machines are not directly taking updates from the SEPM 

currently i am updating all linux machines with Intelligent Updater (IU) definitions. is it possible that all machine take definitions from SEPM?

0

SEP IPS log has incorrect Begin Time

December 26, 2017, 4:57 am
$
0
0
I need a solution

Hello,

Can everybody give an explaination of Time Stamp, Event Type, Begin Time, End Time in SEP Attack log?

I have the issue on client side when IPS log has different timing on some SEP agents running 12.1RU6MP8. The Begin Time does not comply to Event Time in View Logs -> Security Log (NTP Attack logs).

For example, I filtered Begin Time by October then see Time Stamp or Event Time have timings from December. With my ongoing test the timing are different on some SEP agents.

That means SEPM notifies me with alert that was happend 2 months ago even the host was always online with healthy SEP agent.

Time StampEvent TypeEvent TimeBegin TimeEnd Time
01.12.2017 6:27Intrusion Prevention01.12.2017 6:2612.10.2017 13:2112.10.2017 13:21
01.12.2017 16:40Intrusion Prevention01.12.2017 16:3912.10.2017 23:3412.10.2017 23:34
02.12.2017 17:46Intrusion Prevention02.12.2017 17:4514.10.2017 0:4014.10.2017 0:40
02.12.2017 17:46Intrusion Prevention02.12.2017 17:4514.10.2017 0:4014.10.2017 0:40
03.12.2017 1:12Intrusion Prevention03.12.2017 1:1114.10.2017 8:0614.10.2017 8:06
03.12.2017 8:01Intrusion Prevention03.12.2017 8:0014.10.2017 14:5514.10.2017 14:55
03.12.2017 8:01Intrusion Prevention03.12.2017 8:0114.10.2017 14:5614.10.2017 14:56
04.12.2017 3:46Intrusion Prevention04.12.2017 3:4515.10.2017 10:4015.10.2017 10:40
04.12.2017 15:08Intrusion Prevention04.12.2017 15:0715.10.2017 22:0215.10.2017 22:02
04.12.2017 19:58Intrusion Prevention04.12.2017 19:5716.10.2017 2:5216.10.2017 2:52
05.12.2017 19:27Intrusion Prevention05.12.2017 18:4317.10.2017 1:3817.10.2017 1:38
05.12.2017 19:27Intrusion Prevention05.12.2017 18:4317.10.2017 1:3817.10.2017 1:38
06.12.2017 5:19Intrusion Prevention06.12.2017 5:1817.10.2017 12:1317.10.2017 12:13
06.12.2017 12:18Intrusion Prevention06.12.2017 12:1717.10.2017 19:1217.10.2017 19:12
06.12.2017 12:18Intrusion Prevention06.12.2017 12:1717.10.2017 19:1217.10.2017 19:12
07.12.2017 7:18Intrusion Prevention07.12.2017 7:1718.10.2017 14:1218.10.2017 14:12
07.12.2017 10:44Intrusion Prevention07.12.2017 10:4418.10.2017 17:3818.10.2017 17:38
07.12.2017 10:44Intrusion Prevention07.12.2017 10:4418.10.2017 17:3818.10.2017 17:38
08.12.2017 8:47Intrusion Prevention08.12.2017 8:4619.10.2017 15:4119.10.2017 15:41
08.12.2017 8:47Intrusion Prevention08.12.2017 8:4619.10.2017 15:4119.10.2017 15:41
10.12.2017 5:09Intrusion Prevention10.12.2017 5:0821.10.2017 12:0321.10.2017 12:03
10.12.2017 8:02Intrusion Prevention10.12.2017 8:0121.10.2017 14:5521.10.2017 14:55
10.12.2017 8:02Intrusion Prevention10.12.2017 8:0121.10.2017 14:5621.10.2017 14:56
11.12.2017 7:46Intrusion Prevention11.12.2017 7:4522.10.2017 14:3922.10.2017 14:39
11.12.2017 7:46Intrusion Prevention11.12.2017 7:4522.10.2017 14:4022.10.2017 14:40
12.12.2017 21:20Intrusion Prevention12.12.2017 21:1924.10.2017 4:1324.10.2017 4:13
13.12.2017 18:10Intrusion Prevention13.12.2017 18:0925.10.2017 1:0425.10.2017 1:04
14.12.2017 6:13Intrusion Prevention14.12.2017 6:1225.10.2017 13:0625.10.2017 13:06
15.12.2017 6:52Intrusion Prevention15.12.2017 6:5126.10.2017 13:4526.10.2017 13:45
17.12.2017 8:01Intrusion Prevention17.12.2017 8:0028.10.2017 14:5528.10.2017 14:55
17.12.2017 8:02Intrusion Prevention17.12.2017 8:0128.10.2017 14:5528.10.2017 14:55
18.12.2017 7:49Intrusion Prevention18.12.2017 7:4829.10.2017 14:4329.10.2017 14:43
18.12.2017 10:47Intrusion Prevention18.12.2017 10:4629.10.2017 17:4029.10.2017 17:40
18.12.2017 10:47Intrusion Prevention18.12.2017 10:4629.10.2017 17:4029.10.2017 17:40
18.12.2017 17:29Intrusion Prevention18.12.2017 17:2830.10.2017 0:2230.10.2017 0:22
19.12.2017 0:34Intrusion Prevention19.12.2017 0:3330.10.2017 7:2830.10.2017 7:28
19.12.2017 9:20Intrusion Prevention19.12.2017 9:1830.10.2017 16:1330.10.2017 16:13
19.12.2017 13:35Intrusion Prevention19.12.2017 13:3430.10.2017 20:2830.10.2017 20:28
19.12.2017 23:11Intrusion Prevention19.12.2017 23:1131.10.2017 6:0531.10.2017 6:05
20.12.2017 10:48Intrusion Prevention20.12.2017 10:4731.10.2017 17:4131.10.2017 17:41
20.12.2017 13:07Intrusion Prevention20.12.2017 13:0631.10.2017 20:0031.10.2017 20:00
20.12.2017 15:23Intrusion Prevention20.12.2017 15:2231.10.2017 22:1631.10.2017 22:16
0

14.0.1 MP1 available in file connect

December 26, 2017, 12:00 pm
Viewing all 10484 articles
Browse latest View live
Search