I have 300 clients and MS security essentials is installed on all of them .
I am pushing SEP client remotely through SEPM with the option ""Automatically uninstall third party antivirus "
But when the installation of SEP is completed MS security essentials is still not uninstalled and working ...
I know there is a tool SEPPrep but i dont know how to integrate it with remote push deployment ..How can i do this through SEPM remote push ?
Hello,
Need to know is the SEP version 14 only for windows server not for windows client, because i already install v 14 on some clients.
Thank you
Hi
Since we upgraded from 12.1 to 14 RU1 we are getting very often Email notifications from Risk Found events months ago. For example, on the 2 of January 2018 we got again a notification of a "New risk found" event on a client from July 2017. Another one we got from February 2016. It happens not only with the same clients and they are always online and connected and the Heartbeat is 5 Minutes. On the clients we can't see any current event logged, so it's definitely from the past and must be triggered from the SEP Manager and its database. We have no idea why SEP 14 is bringing such events up again after months or weeks. Is there a way to check the database or any health check procedures?
Thx
Wayne
Dear Symantec,
Please post SPECIFIC information about "Application Hardening":
1) what it is
2) how it works
3) why we should care
4) how much money you want for this and WHY it is a separate license
Most of us will not install something strange and new with no information about what it is etc.
Thank you, Tom
Hi Symantec,
Microsoft has just released guidance on the KAISER - KTPI vulnerabilities regarding processors (widely reported as an Intel bug) (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754).
Microsoft's guidance states to check with your AV vendor before the upcoming patch tuesday on January 9th, as the patch will not apply unless the AV vendor has set the following registry key to indicate compatibility with the update:
Key="HKEY_LOCAL_MACHINE"Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat"
Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc"
Type="REG_DWORD”
Data="0x00000000”
I have checked endpoints running the latest SEP 14 RU1 and can confirm on Windows 10 this registry key is not present.
A few questions:
Is Symantec going to release guidance on this before the Patch Tuesday date?
Is SEP compatible with the new Kernel patches?
I don't see at this point how Symantec is going to push out the registry key update to customers on older versions, so it may be that this key will need to be set manually if people want to apply the security update.
Microsoft information: https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892 (only Windows 10 at the time of posting).
I'll follow this up with professional support as well.
The latest Microsoft patch for Windows 10 Fall Creators Update (1709, aka Build 16299) is causing Symantec Endpoint Protection 14.0 RU1 MP1 (14.0.3876.1100) to report "Product Error requires attention" and the SEP system tray icon to report "There are multiple problems (2)". I thought you might want to work with Microsoft or create another SEP patch to fix this issue.
The patch I applied today, which you can get from the Microsoft Update Catalog and also through our corporate WSUS server downloads is KB4056892. After applying the patch, the Win10 version reports Build 16299.192.
When I remove the above Microsoft patch, SEP 14 no longer reports errors.
Please fix when you can.
Yesterday I upgraded our two SEPMs to 14 RU1 MP1 from RU1 and replication worked before and afterwards for 12+ hours and then it has been failing the following error:
Unable to fetch changed data from remote site [Site_sepm2]: For input string: "${visibilityMockSequenceNum}"
Metadata with Id DBBAD5C70A4B02EE3345CCC495BA78FB could not be merged
According to https://support.symantec.com/en_US/article.TECH248311.html this bug with 14 RU1 was fixed with RU1 MP1.
My environment consists of two SEPMs on Windows Server 2016 (with all Microsoft updates released through the in the end of 2017) with embedded databases. I have created a case, 13884670, but don't have high expectations based upon previous tire 1 support from Symantec. Any ideas or suggestions?
Hi,
Amyone got any info if Sep protects us from the intel chip bug that is big news today.
Had a dig about but can't find anything specific
Thanks
Microsoft released KB4056892 (Windows 10 1709 Build 16299.192) today to address the Intel (and possibly AMD CPUs) critical vulnerabilities on how CPUs handle speculative execution, but Microsoft isn’t releasing to all Windows 10 systems “Due to an issue with some versions of Anti-Virus software, this fix is only being made applicable to the machines where the Anti virus ISV has updated the ALLOW REGKEY.”
Is SEP 14 RU1 MP1 compatible with KB4056892 (Windows 10 1709 Build 16299.192)? If not, when will Symantec release an update so these critical updates can be installed?
Reference for KB4056892 (Windows 10 1709 Build 16299.192) - https://support.microsoft.com/en-us/help/4056892
This registry key does on exist on my Windows 10 system with SEP 14 RU1 MP1, therefore can’t receive this critical update from Microsoft.
References on CPU vulnerabilities regarding how they handle speculative execution:
Is it possible that the client will connect to SEP Cloud instead of the SEPM on premise once I installed the SEP on the client?
Hi, any idea when Symantec will support the Windows Update for this?
As per the links below, Symantec needs to update a registry key for Microsoft to make the update available.
https://portal.msrc.microsoft.com/en-US/security-g...
https://support.microsoft.com/en-us/help/4056892/w...
Contact your Anti-Virus AV to confirm that their software is compatible and have set the following REGKEY on the machine
Key="HKEY_LOCAL_MACHINE"Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat"
Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc"
Type="REG_DWORD”
Data="0x00000000”
I just uninstalled Symantec client from one of my PC , But still couldn't delete that client from the SEPM.. How can i do that ???
I need a report that includes the eraser engine versoin number of my SEP 12 clients to be able to plan for and ensure compatibuility with the MS OOB update. I cant find any built in reports with this info, any pointers on where I should look? I found blogs about how to get it from a client but I need the status of all clients ASAP. thanks!
I'm working on KB4056892 today. That's for Win10 1709 machines.
I saw a Win10 notification pop up about SEP, so I checked. SEP looked normal and green when I click into it. I don't see anything wrong there. On the lower right taskbar though, the SEP icon is yellow instead of having the usual green dot. I can "update policy" like normal. SEPM looks normal I can see the machines, without of without KB4056892.
I'm still checking but so far it's consistent. If they got KB4056892 installed, that icon is yellow and a Win10 notification bubble will pop up. When I hover over the lower right taskbar (yellow SEP shield with yellow circle and exclamation point), that says "There are multipled problems (2)" but I don't see those problems anywhere. I tried restarting machines. No change. I tried "update policy" from SEPM. No change yet.
I'm trying this KB on another Win10 machine. Immediately after install, that SEP taskbar is still a green dot.
Are there any issues with KB4056892 and SEP?
Environment: Windows 7 Professional SP1 64-bit, SEP 14 MP2
What's the relationship between the Windows firewall and SEP 14? I ran across a post that stated that you didn't want to disable the Windows firewall because that would limit some of SEP's functionality.
I thought that SEP automatically disabled the Windows firewall because the two firewalls conflicted.
Please enlighten us.
Just raising awareness of this (free!) webinar coming up on Jan 18 2018:
Secrets Revealed: Effective Protection Against Ransomware
https://www.symantec.com/about/webcasts?commid=292385&mkt_tok=70138000000zXDwAAMSince WannaCry and Petya took the world by storm in May of 2017, defending laptops, desktops, and IT assets from ransomware has become critically important for enterprises.
This webinar looks look at the newly released advanced capabilities of Symantec Endpoint Protection 14.1 that help protect against ransomware attacks and the strategies and the technologies that Symantec customers have deployed technology for effective protection against ransomware and unknown threats.
Join us to discover how you can:
· Block ransomware via latest enhancements into behavior monitoring, machine learning and intrusion prevention
· Gain enhanced visibility into suspicious activity across your endpoint estate
· Optimizing endpoint security across different environment needs such as high risk employee groups, low bandwidth environments, etc
In addition we’ll also show you SEP 14.1 in action, with a demo that showcases how unknown threats don’t stand a chance.
Greetings,
As with everyonbe today, I went into my Manager to make sure things are on the up and up and although I have recieved the newest ERASER Engine update (phew!), I noticed that my updates on the manager and those that are available on LiveUpdate differe in terms of their release time. I have the default settings for Manager LiveUpdate which are updating from Symantecs Servers every 4 hours but im noticing that the newest updates I have on the manager are 1/4/2018 r19 (which dont exist on the Release History articles) and thr newest available are 1/5/2018 r2. I would assume that since it is 8:30am EST here, that I "missed" a few somehow? I could agree that if the current time was between midnight and 4am (assuming that the update schedule is every 4 hours starting at midnight) that I could be off by that, but not that much. I definetely missed updates here seeing that there were 24 rapid releases yesterday. Again i could have skipped those if my schedule was every 4 hours meaning i would have grabbed r19 (which still doesnt exists...) at 9:00pm EST and then "missed" 20-24 through midnight but then that wouldnt explain why i didnt download at least 1/5/2018 r1 since midnight.
Thoughts?
Also, am I only able to manually update the defs by importing that JDB file? There is no "update button"?
Thanks!!
Hello Everyone,
As most of you already know, SEP 12.1 and 14 clients which have had Windows Update KB4056892 installed have been experiencing an issue, where an alert on the SEP system tray icon warns of "multiple errors". This issue is described in the following article:
Endpoint Protection system tray icon reports there are multiple errors after updating ERASER to 117.3.0 and Microsoft Update KB4056892
http://www.symantec.com/docs/TECH248552
SEP 12.1 RU6 MP5 or earlier clients can also encounter the following issue:
ccSvcHst.exe crash after applying the January 3rd, 2018 Windows Security Update to a system running SEP 12.1.x
http://www.symantec.com/docs/TECH248558
Please note that SEP 12.1 RU6 MP6 or later will still experience the system tray icon error behavior, but will not encounter a ccSvcHst.exe crash as a result of applying the Windows KB.
At this time we do not require additional data for either of the above issues. While anyone affected by either issue is of course welcome to open a case with our Support team, simply subscribing to the above articles will ensure you receive any updates as we determine additional issue details, and any steps needed to resolve these issues. If you do choose to contact Support, please be aware that queue volume is extremely high at this time. Thank you.
Our Developers have provided the following update to offer some clarity around these issues:
These issues are unrelated to the ERASER 117.3.0 Engine update. These issues impact all Operating Systems that received the Windows Security Updates released on January 3rd, 2018.
Ongoing investigation indicates that the tray icon error issue described in TECH248552 has no functional impact on the SEP client with regards to our protection technology stack, but out of an abundance of caution, we are recommending that SEP 12.1/14.0 customers please hold off on applying the Windows Security Updates released on January 3rd, 2018 until our investigation has concluded.
Hi,
I have installed one Symantec primary management site and named it as global and created additional management sites in Hyderabad and Delhi. I have integrated AD to primary management site and then imported banking accounts OU.
In banking accounts OU, there is another OU named Icici NDC and there are 4 users in it which are showing up in global site as clients..How to get those 4 users health status in online mode. Please assist. TIA
My current SEPM server running on W2K8R2 has encounted some catasrophic failures recently and I need to redeploy it.
The original server is running 12.1.6 MP6, I have access to the database but I dont believe I have access to the install files for MP6 only MP9
Two questions:
if I can find the MP6 install files, can I import the old database? If I'm reinstalling on the new server that has the same IP and DNS and I install the same MP[#] will everything sort itself out or will I need to update sylink files?
If I can not locate the MP6 install files and I end up installing MP9 from what I've read the database will not be able to be imported aside from not having my list of managed servers and policies what will be the outcome of this, if the server has the same DNS and IP informaiton will the already existing clients connect to the server or will I need to them update the sylink file?
Thanks