Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all 10484 articles
Browse latest View live

Unable to launch MS Word

December 26, 2017, 11:44 am
$
0
0
I do not need a solution (just sharing information)

Suddenly SEP has decided the my Microsoft Word is a virus or something.

If I try to open a word doc or launch word directly I get a Windows 10 notification from SEP saying:

Attack: Return Oriented Programming API Invocation Detected
SEP will terminate c:\program Files....

(screenshot attched)

I tried removing SEP, cleanwipe and reinstall hoping it was just a setting.

No other users are affected.  Just my workstation.  Any idea what is going on?

(Word works fine with SEP uninstalled)

0
Search

Linux clients cannot get new definitions

December 27, 2017, 6:34 am
$
0
0
I need a solution

 Hi all,

 We are using Symantec LiveUpdate Administrator as a server from which linux clients automatically get their antivirus definitions. But last few weeks they stop getting update. I've started manual update for test and i get error message: "sep::lux::Cseplux: Failed to run session, error code: 0x80010830 Live update session failed. Please enable debug logging for more information Unable to perform update".

In lux.log file i get:

 [Server Selection - START]
         Result Code: 0x80010830
         Result Message: FAIL - failed to select server
         [Server - START]
                 Host ID: {00E6655A-A58F-475E-9A42-B90985F04C0D}
                 Status Code: 1
                 Status Message: Server was not selected
                 Transport Return Code: 0x80010737
                 Transport Return Message: FAIL - failed to connect to server or proxy
                 Protocol: HTTP
                 Hostname: liveupdate.symantecliveupdate.com
                 Port: 80
                 Path:
                 Proxy ID: {00000000-0000-0000-0000-000000000000}
                 Proxy Bypass: false
         [Server - END]

It looks like that clients are trying to update definitions from internet instead of the LUA server. How can i configure them to use LUA server?

Thanks in advance!

0

Notification Condition - Script

December 27, 2017, 9:22 am
$
0
0
I need a solution

I have an alert the will list all computers that have virus definition older than 3 days. 

I notice that I can run a batch or any executable file when triggered by the notification. 

Question: What do you recommend to run when it triggers? any script to update those outdated dat?

0

Client Version Avaliable

December 20, 2017, 8:45 am
$
0
0
I need a solution

Hi,

Is there some risk if we use these Client versions in Workstation?

12.1.7061.6600
12.1.7166.6700
12.1.7004.6500
12.1.6318.6100
12.1.5337.5000
11.0.6300.803

Tks,

0

EMC networker backup problem

December 28, 2017, 5:48 am
$
0
0
I need a solution

We have Exchange 2016 (IP less DAG) on Windows Server 2016 and we use EMC Networker for backup mailbox databases. After installation SEP 14.0.1 (or 12.1.6) client on Exchange server, backup doesn't work. Stopping SEP client (smc -stop) doesn't help. When I uninstall SEP client, backup works properly. There are no errors/events in SEP client logs. I don't know what could I try. Any suggestion?

0

Need formal explanation for requests to akamaitechnologies.com

December 28, 2017, 4:58 am
$
0
0
I need a solution
Hi, I have a service that shows in procmon as making requests to akamaitechnologies.com
 
My service has nothing to do with akamai and my customer wants to know why my service is making requests to it.
Given the nature of other threads here that mention connections to akamai, I'm looking for more info.
Why is this in my service?  Will it show in other processes?  How / When does Symantec decide which process it does this in?
How do I make this NOT happen?
Why isn't it only in Symantec processes?
 
 
 
2:05:27.1123701 PM0.000000000:01:30.3355680my.service.exe22680TCP Reconnecthost.customer.company.com:62212 -> a23-206-193-152.deploy.static.akamaitechnologies.com:httpSUCCESSLength: 0,
seqnum: 0, connid: 0C:\Program Files\MyCompany\my.service.exe

Version info:

C:\windows\system32\DRIVERS\Teefer.sys

Symantec CMC Firewall Teefer3

12.1.6531.6300

9/22/2015 11:23:48 PM

Stack:

0ntoskrnl.exeEtwpTraceNetwork + 0x530xfffff800033770d3C:\windows\system32\ntoskrnl.exe
1tcpip.sys ?? ::FNODOBFM::`string' + 0x323070xfffff88001ec2a37C:\windows\System32\drivers\tcpip.sys
2tcpip.sysTcpProcessExpiredTcbTimers + 0x28a0xfffff88001e8b3faC:\windows\System32\drivers\tcpip.sys
3tcpip.sysTcpPeriodicTimeoutHandler + 0x2650xfffff88001e8b71dC:\windows\System32\drivers\tcpip.sys
4ntoskrnl.exeKiProcessTimerDpcTable + 0x6c0xfffff80003284c3cC:\windows\system32\ntoskrnl.exe
5ntoskrnl.exeKiProcessExpiredTimerList + 0xc60xfffff80003284ad6C:\windows\system32\ntoskrnl.exe
6ntoskrnl.exeKiTimerExpiration + 0x1be0xfffff800032849beC:\windows\system32\ntoskrnl.exe
7ntoskrnl.exeKiRetireDpcList + 0x2770xfffff800032847a7C:\windows\system32\ntoskrnl.exe
8ntoskrnl.exeKiIdleLoop + 0x5a0xfffff80003270b0aC:\windows\system32\ntoskrnl.exe
 
Other stacks in process show Teefer.sys
 
 
 
 
0

After upgrading to 14 RU1 MP1, I can no longer move clients between groups

December 28, 2017, 11:39 am
$
0
0
I need a solution

So I upgraded from 14.0.3752.1000 RU1 to 14.0.3876.1000 MP1 to get rid of the ghost report emails to email_id_not_available@localhost.com issue. It did fix that and I no longer get those emails.

Well, now I have ended up with a new issue. The options to move a client from one group to another are greyed out along with the Delete and Switch User Mode options.

Has anyone else see this yet? 

0

SEP 14.0.1 RU1 - Definitions are Missing or Corrupted

December 28, 2017, 12:19 pm
$
0
0
I need a solution

Hello all,

I presently manage 5 separate locations and am in the process of upgrading their SEPM to 14.0.1 RU1 as well as the clients on each server that I had. The problem that I've been running into though is that the clients are reporting that the definitions are either missing or corrupted. These 5 sites don't have internet access, and instead rely upon our LiveUpdate Administrator server to be able to download and distribute the updates to them.

The problem I'm running into is that I can't see for the life of me what definitions these clients are attempting to download, so I can't manually check to see if they're actually there. Is there any help that would point me in the right direction for this? Perhaps a specific log file I can look for?

0
Search

SEP 14.1 Cloud Incorrect Domain Name?

December 28, 2017, 4:53 pm
$
0
0
I need a solution

I tried out the SEP 14.1 Cloud and after a succesful enrolment, I noted that it takes forever for the cloud to sync the devices (2 days and the number of devices synced is 0). Then I noticed that the "Domains" under Settings->Symantec Endpoint Protection Manager Enrollment (https://sep.securitycloud.symantec.com/cc/#/settin...) is wrong. It is totally not a domain under my SEPM. Going to Settings->Subscriptions (https://sep.securitycloud.symantec.com/cc/#/settin...), it shows that the status is "compliant" with 1 subscriptions but when clicked, it shows 0 for all statuses.

0

Symantec Manager cannot open.

December 29, 2017, 1:46 am
$
0
0
I need a solution

Cannot open with console sepm and symantec manager. I basic proof double-click and run administrator but not show program. console sepm open with IE 11.

SEPM ver 12.1.7xx / OS : windows server 2008 r2 std

0

Weekly scheduled scan does not start on the Symantec Endpoint Protection client on Windows.

December 29, 2017, 5:23 am
$
0
0
I need a solution

Sometimes, weekly scheduled scan does not start on the Symantec Endpoint Protection client on Windows.

We have a weekly scan scheduled on every Saturday for Windows Servers, when we pull the Scan report from SEPM Scan would have not initated on some servers.

Checked the scan logs on the agent and can see scan was sucessfully completed last week. Does someone help to understnad why weekly scan is being missed on the server.

For Example;

- Scan on server X completed on 16th December 2017 and have Scan log on the agent

- But on the same server there is no scan intiated on 23rd Decemeber 2017, we have not made any changes to the policy.

- When we see in the "Scan for Threats" tab, it clearly specifies Last scan was on 16th December 2017 and next scheduled scan is on 30th December 2017.

Weekly Scheduled scan was on 23rd Decemeber 2017, Unable to find the reason behind this. Can someone suggest if you have observed similar issue

It's happening on multiple servers and one observation made was either server was restarted for some reason or SEP services were restarted would this cause to skip the weekly scan.

Thanks in Advance

0

Endpoint Firewall: "Firewall Drive Is Not Loaded"

December 29, 2017, 11:39 am
$
0
0
I need a solution

I'm an enduser w/ a corporate load on my endpoint.  I have not logged into the corporate VPN for over 10 days.  Now, when trying to connect to the corporate VPN, I can't.  I've tried reparing the program via "Product and Features" and even checking for updates via the console on the PC.  

No luck.  

Any ideas???

Hopeless.  THank you. 

0

Domain admins can disable endpoint

December 31, 2017, 10:57 am
$
0
0
I need a solution

Hi,

Is there any solution to require a password when domain admins try to disable or uninstall sep endpoints ?. They can do although their groups have the password requirement, any ideas ?

Thanks,

0

SEP 14.1 requirements

January 1, 2018, 11:18 am
$
0
0
I need a solution

HI All,

Just wanted to know am not sure whether using SEP 14.1 we can secure endpoint system on which cloud applications are running.such as google drive, azure explore, sendspace & torrent ect, also need protection for web browser, messanger & social applications.

Any sharing and comments would be greatly appreciated.

Thanks,

0

How to to stop blocking ip or reduce the blocking time?

January 1, 2018, 1:24 pm
$
0
0
I need a solution

Hello, 

I want to know hot to stop blocking ip addresses blocking.

And how to reduce the blocking time from 600 seconds to 10 seconds 

Thank you, 

Dylan.

0
Search

SEP 14 misses threat when executed from USB

January 2, 2018, 6:05 am
$
0
0
I need a solution

Hi all,

have problem that causes a bit of a headache.

As part of a pentest on our workstations the pentest team is executing a piece of custom malware on a SEP 14 protected PC.

When malware is copied from USB to desktop and excuted from there: SEP catches it.

When executed from USB: SEP misses it and PC is infected.

  • Any ideas why?
  • Any ideas how to prevent it (without blocking all execution from USB)?

Thanks in advance!

:)

Eske

0
1514927479

Application Blocking Question

January 2, 2018, 8:51 am
$
0
0
I need a solution

In an attempt to block Minecraft from being run on our network,  I have created a ruleset per https://support.symantec.com/en_US/article.TECH97618.html 

I have exported hashes for a .jar file that the students are running and added them to the explict block ruleset, however it appears that its not working as advertised. 

MD5, SHA1 and SHA256 were all created and placed in the blocklist, yet it still seems to not work as expected.   

Am I missing something, or is this only for .exe based applications? 

0

SEPM 14.0.1 RU1 MP1 Behaviour regarding SEPM 11.x agents

January 2, 2018, 12:24 pm
$
0
0
I need a solution

Hi folks,

My understanding is that SEPM 11.x is not supported with SEPM 14.0.1 RU1 MP1. We've eliminated our known devices with 11.x installed, We're currently running 12.1 RU6-MP6 and we are preparing to upgrade our production system. However, my question is this. What happens if someone pulls a device out of a closet and the device has SEPM 11.x installed, how will SEPM 14.0.1 RU1 MP1 handle the connection attempt. Will the device still register in SEPM 14.0.1 or will it be blocked from registering with the system?

Thanks.

0

SEP Client deployment by SCCM - Definitions

January 2, 2018, 7:41 pm
$
0
0
I need a solution

Hi All,

I have a hopefully quick question.

We use the Microsofts System Center Configuration Manager (SCCM) to deploy the SEP client to our workstations. Our current process is we export the installation package from the SEPM inc. the definition set and then inport them into the SCCM source repository. The problem we have is the definitions are export at a point in time. Sometimes our SEP Client deployments can take upto a month to hit all our clients. This cause a problem because by the end of the months deployment the definitions are a month out of date.

Apart from exporting a freash SEP client install package every couple of days or every day with the latest definition included. Is there a way to just export the definition set from the SEPM so all we need do a file replace on the SCCM package source?

Our SEPM and clients are 14.0.1 (RU1).

0

Symantec endpoint protection is not starting and not reporting to console

January 2, 2018, 8:21 pm
$
0
0
I need a solution

i am having 5400 endpoints in my environment out of which 450 systems i am not able to find it on console.

i have randomely checked 6,7 systems and found SEP installed, after that i checked symantec endpoint protection service which is already started, but when i try to start the SEP client from system tray or from start menu it is showing Symantec Endpoint Protection cannot open because some Symantec Services arestopped. Restart the Symantec services, and then open Symantec Endpoint Protection. Symantec Endpoint Protection cannot open because some Symantec Services are stopped. Restart the Symantec services, and then open SymantecEndpoint Protection.

0
Viewing all 10484 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>