USB logs

January 7, 2018, 10:14 pm

≫ Next: MAC GUP support

≪ Previous: SEPM backend server died, how will redeploying work?

$

0

0

I need a solution

Hello Guys,

Need some help and assistance, i am currenly working on use case with our SIEM to integrate something useful.

Would you be able to provide the list of events that we can found from symantec when..

1. user plugin the usb to their machine? 

2. to check all the activities of that usb ex: copying files from machine to usb or usb to machine

3. to check if sep were able to scan the usb itself.

But for now, im gonna need the list of events that i can see from symantec.

appreciate your help.

0

---

MAC GUP support

January 7, 2018, 11:16 pm

≫ Next: multiple problem detected since last update SEP

≪ Previous: USB logs

$

0

0

I need a solution

Hi All, Just wondering if anyone from Symantec would like to comment if the GUP update feature is on the road map to support Mac OSX ?

We are currently a MS Windows house and running SEP14 with GUP infrastructure. We are now are starting invest in a MAC OSX plate-form which we need to manage via SEP. These devices are geographically dispersed up-to 4000km apart from our Data Centers. We have been given a directive that these updates for individual devices are not to traverse the WAN links. It appears that the only solution would be to us local LiveUpdate servers.

0

multiple problem detected since last update SEP

January 8, 2018, 12:52 am

≫ Next: ccSvcHst.exe crash after applying the January 3rd, 2018

≪ Previous: MAC GUP support

$

0

0

I need a solution

Hello,

Im recieving multiple calls about people's laptops not passing the security check for our VPN (checking antivirus status)
When i check their SEP the status is "there are multiple problems detected (proactive thread protection)

It looks like the last update broke something in SEP.
Anyone knows whats going on?

Thanks,

LEVD

0

ccSvcHst.exe crash after applying the January 3rd, 2018

January 8, 2018, 2:10 am

≫ Next: Symantec Endpoint Protection - There are multiple problems

≪ Previous: multiple problem detected since last update SEP

$

0

0

I need a solution

Hi Team,

Is there any further update for this issue.

12.1.x client service (ccSvcHst.exe) may terminate unexpectedly,

0

Symantec Endpoint Protection - There are multiple problems

January 8, 2018, 3:18 am

≫ Next: JDB file for SEPM 12.X is not updated

≪ Previous: ccSvcHst.exe crash after applying the January 3rd, 2018

$

0

0

I need a solution

I see the below message on Symantec Endpoint on almost all the machines in our environment.

Kindly suggest the workaround for this.

0

JDB file for SEPM 12.X is not updated

January 8, 2018, 5:56 am

≫ Next: Update Eraser Engine

≪ Previous: Symantec Endpoint Protection - There are multiple problems

$

0

0

I need a solution

Hi,

The last .jdb file update for SEPM 12.x was released on 12/21/2017.

Symantec Endpoint Protection Manager Installations on Windows Platforms

How to update definitions for Symantec Endpoint Protection Manager using the .jdb file

File Name	Creation Date	Release Date	File Size	MD5 | all
vd4f2814.jdb | FTP	12/21/2017	12/21/2017	233.13 MB	9412208149FD3FB0EB52E3DA0F8486E2

I am on  a internet disconnected environment. Can someone at Syamtec let us know why there is no update? when will you release the definition udpate.

Thanks,

0

Update Eraser Engine

January 8, 2018, 6:50 am

≫ Next: Windows 10 Issue After Recent Microsoft Patch

≪ Previous: JDB file for SEPM 12.X is not updated

$

0

0

I need a solution

Some of our machines are running an older version of the Eraser Engine and we need to update it.  Is the only way to update it to push a full SEP install, or is there another way?

0

Windows 10 Issue After Recent Microsoft Patch

January 8, 2018, 7:37 am

≫ Next: SEP clients definitions stuck at Dec 15th 2017 and not updating.

≪ Previous: Update Eraser Engine

$

0

0

I need a solution

We are seeing on Windows 10, that after the patch is installed, Symantec Endpoint is not working.  If you try to launch manually, it gives an error.  Rebooting does not fix the issue, neither does restarting the service.  Windows 7 does not have this issue.

The error is:

"Symantec Endpoint Protection cannot open because some Symantec services are stopped.  Restart the Symantec services, and then open Symante Endpoint Protection."

0

---

SEP clients definitions stuck at Dec 15th 2017 and not updating.

January 8, 2018, 7:40 am

≫ Next: SEP 12 Reported Issues after update KB4056891

≪ Previous: Windows 10 Issue After Recent Microsoft Patch

$

0

0

I need a solution

Hello All,

Out of 30.000 SEP clients in our network, many of our SEP clients are stuck at Dec 15th 2017. Is anyone elase facing the same issue and SEP services keeps stopping as well as its conflicting with our Cisco VPN application. 

SEP clients definitions stuck at Dec 15th 2017 and not updating. 

0

SEP 12 Reported Issues after update KB4056891

January 8, 2018, 1:46 pm

≫ Next: Product error requires attention

≪ Previous: SEP clients definitions stuck at Dec 15th 2017 and not updating.

$

0

0

I need a solution

Post Microsoft update KB4056891 is triggering reported errors on Windows 10.1703 systems. The errors are appearing in the system tray, reported as problems found with SEP, however the client appears to be operating normal, or not receiving definition updates for Proactive and Network Threat Protection components. Attached are screen shots of errors.

Microsoft discussion at https://support.microsoft.com/en-us/help/4056891/windows-10-update-kb4056891 does reference a reg key that should be set to (below) that I have confirmed is correct, so the problems is deeping as this is not addressing the issues.

Key="HKEY_LOCAL_MACHINE"Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat"

Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc"

Type="REG_DWORD”

Data="0x00000000”

Did attempt to uninstall KB4056891, it will not uninstall.

Also see a similar community chat started for SEP 14, but wanted to document finding for for SEP 12.

0

• sep error_clnt.JPG
• sep error_msg1.JPG
• sep error_msg2.JPG

Product error requires attention

January 9, 2018, 2:31 am

≫ Next: Does SEP detection signature available for Spectre and Meltdown

≪ Previous: SEP 12 Reported Issues after update KB4056891

$

0

0

I need a solution

Je vois sur mon PC etd 'autres que l'antivirus et le firewall de Symantec ne sont pas actifs.

Quand je le lance depuis l'icone, j'ai un message : "Symantect Endpoint Protection cannot open because some Symantec Services are stopped. Restart the Symantec services, and then open Symantec Endpoint Protection".

Quand je lance le service Symantec Endpoint Protection, j'ai l'erreur "Product error requires attention".

Reboot du PC sans effet.

Je suis sous Windows 10 avec la version 12.1.7004.6500.105 de Symentec Endpoint protection.

J'ai pris note sur un autre fil de discussion que le KB4056892 pouvait poser pas mal de problème mais il n'est pas installé sur mon PC

J'ai lancé un scan de mon PC depuis la console d'administration mais cela n'a pas l'air de fonctionner.

---

I see on my PC and others that the antivirus and the firewall of Symantec are not active.

When I run it from the icon, I get a message: "Symantect Endpoint Protection, Symantec Endpoint Protection, and then open Symantec Endpoint Protection."

When I start the Symantec Endpoint Protection service, I get the error "Product error requires attention".

Reboot the PC without effect.

I am on Windows 10 with version 12.1.7004.6500.105 of Symentec Endpoint protection.

I took note on another thread that the KB4056892 could pose a lot of problem but it is not installed on my PC

I launched a scan of my PC from the admin console but it does not seem to work.

0

Does SEP detection signature available for Spectre and Meltdown

January 8, 2018, 7:24 pm

≫ Next: Problem adding new server at remote site

≪ Previous: Product error requires attention

$

0

0

I need a solution

Hi,

I found SYMC/SEP signature for Spectre (CVE-2017-5753) ref: https://www.symantec.com/security_response/writeup.jsp?docid=2018-010508-3826-99

But not for Spectre (CVE-2017-5715). 

Is there any detection signature for Spectre (CVE-2017-5715)?

As for the Meltdown, I dont see any signature(s). is there any plan to craft this signature?

0

Problem adding new server at remote site

January 9, 2018, 1:43 am

≫ Next: Client not reporting properly

≪ Previous: Does SEP detection signature available for Spectre and Meltdown

$

0

0

I need a solution

Hi,

one of our customers is trying to add a new SEPM (14 MP2) to his environment but during the DB sync the progress freezes at 5% and aborts after 30 minutes. All the necessarry ports are open.

Is there any logfile that could help to analyze this issue?

Thanks!

0

Client not reporting properly

January 9, 2018, 2:30 am

≫ Next: SEPM 14.0 RU1 Console JAVAWS High Memory Utilization

≪ Previous: Problem adding new server at remote site

$

0

0

I need a solution

Hi,

have installed one Symantec primary management site and named it as global and created additional management sites in Hyderabad and Delhi.  I have integrated AD to primary management site and then imported banking accounts OU. In banking accounts OU, there is another OU named Icici NDC Users and there are 9(1-hyderabad and 8-Delhi) users in it which are showing up in global site as clients.Now I have created the locations Delhi(Delhi Management server) and Hyderabad(Hyderabad management server) in ICICI NDC Users and banking accounts OU in SEPM.When i am expoted the sylink file and update in the client machine the client machine server is fluctuating.Please suggest. wheare should i create the locations.

I want ICICI NDC(Delhi) Users reporting Delhi management server,ICICI NDC(Hyderabad) Users reporting Hyderabad management server and group should be Mycompany\Banking account\ICICI NDC Users.

Same location in Banking account OU and ICICI NDC Users OU.

Please suggest

0

• Sepm.png

SEPM 14.0 RU1 Console JAVAWS High Memory Utilization

January 9, 2018, 8:03 am

≫ Next: Problem installing SEPM v14

≪ Previous: Client not reporting properly

$

0

0

I need a solution

Windows Server 2008 R2 Enterprise - 64Bit OS - two 2.60GHz processors

Memory 8GB

SEPM 14.0 RU1 Console

External SQL Database

I use RDP instead of the Web Console 

Last evening the server team got a server health alert "Memory usage >= 98% outside of baselines for 15 minutes.

The process comsuming the memory was JAVAWS.  When I left work yesterday, I was remoted to the server (logged on the locked my session)  - the SEPM Console was up but logged off.

I ran Performance Monitor on two counters "%Committed Bytes In Use" and "Pages Output/Sec" both were pegged out when the Console was open and I was logged on and when I logged off "%Committed Bytes In Use" was 25% and "Pages Output/Sec" was flatlined.  I don't know if this is useful information or not.

Has anyone else seen this?  Do I need to add more memory?

Thanks everyone!

0

---

Problem installing SEPM v14

January 9, 2018, 10:39 am

≫ Next: Trying to install the 14 RU1 MP1 patch - nothing happens

≪ Previous: SEPM 14.0 RU1 Console JAVAWS High Memory Utilization

$

0

0

I do not need a solution (just sharing information)

Does anyone know how to interpret this error log message I keep getting?  Each time I try to install SEPM 14 using an SQL database, it fails.  My connection information is correct.  I've tried this 5 times now and each time it's failed.  I've attached a screen cap of the failure message.

By the way, I'm installing on Server 2016, there is no option in the Operating System in the pull-down above to select that.

Thanks,
Dan

Jan 9, 2018 10:29:39 AM  STDERR: SQL Exception:
Jan 9, 2018 10:29:39 AM  STDERR: SQL Command: CREATE TABLE PROCESS_STATE(       ID char(32) NOT NULL CONSTRAINT PK_PROCESS_STATE PRIMARY KEY NONCLUSTERED ON FG_INDEX,     TYPE varchar(256) NOT NULL,     STATUS int NOT NULL,     TIME_STAMP bigint NOT NULL,     UPDATE_OWNER varchar(255) NULL )ON [PRIMARY]

Jan 9, 2018 10:29:39 AM  STDERR: SQLState:  S0001

Jan 9, 2018 10:29:39 AM  STDERR: Message:  Invalid filegroup 'FG_INDEX' specified.

Jan 9, 2018 10:29:39 AM  STDERR: Vendor:  1921

Jan 9, 2018 10:29:39 AM  STDERR: com.microsoft.sqlserver.jdbc.SQLServerException: Invalid filegroup 'FG_INDEX' specified.

Jan 9, 2018 10:29:39 AM  STDERR: at com.microsoft.sqlserver.jdbc.SQLServerException.makeFromDatabaseError(SQLServerException.java:217)

Jan 9, 2018 10:29:39 AM  STDERR: at com.microsoft.sqlserver.jdbc.SQLServerStatement.getNextResult(SQLServerStatement.java:1635)

Jan 9, 2018 10:29:39 AM  STDERR: at com.microsoft.sqlserver.jdbc.SQLServerStatement.doExecuteStatement(SQLServerStatement.java:865)

Jan 9, 2018 10:29:39 AM  STDERR: at com.microsoft.sqlserver.jdbc.SQLServerStatement$StmtExecCmd.doExecute(SQLServerStatement.java:762)

Jan 9, 2018 10:29:39 AM  STDERR: at com.microsoft.sqlserver.jdbc.TDSCommand.execute(IOBuffer.java:6276)

Jan 9, 2018 10:29:39 AM  STDERR: at com.microsoft.sqlserver.jdbc.SQLServerConnection.executeCommand(SQLServerConnection.java:1793)

Jan 9, 2018 10:29:39 AM  STDERR: at com.microsoft.sqlserver.jdbc.SQLServerStatement.executeCommand(SQLServerStatement.java:184)

Jan 9, 2018 10:29:39 AM  STDERR: at com.microsoft.sqlserver.jdbc.SQLServerStatement.executeStatement(SQLServerStatement.java:159)

Jan 9, 2018 10:29:39 AM  STDERR: at com.microsoft.sqlserver.jdbc.SQLServerStatement.execute(SQLServerStatement.java:735)

Jan 9, 2018 10:29:39 AM  STDERR: at com.sygate.scm.server.db.util.DatabaseUtilities.execCommandFromScript(DatabaseUtilities.java:2464)

Jan 9, 2018 10:29:39 AM  STDERR: at com.sygate.scm.install.ui.MainFrame.initDatabase(MainFrame.java:2944)

Jan 9, 2018 10:29:39 AM  STDERR: at com.sygate.scm.install.ui.MainFrame.configureDB(MainFrame.java:1439)

Jan 9, 2018 10:29:39 AM  STDERR: at com.sygate.scm.install.ui.MainFrame.nextBtnActionPerformed(MainFrame.java:4830)

Jan 9, 2018 10:29:39 AM  STDERR: at com.sygate.scm.install.ui.MainFrame.access$500(MainFrame.java:311)

Jan 9, 2018 10:29:39 AM  STDERR: at com.sygate.scm.install.ui.MainFrame$5$1.construct(MainFrame.java:4363)

Jan 9, 2018 10:29:39 AM  STDERR: at com.sygate.scm.util.SwingWorker$2.run(SwingWorker.java:153)

Jan 9, 2018 10:29:39 AM  STDERR: at java.lang.Thread.run(Thread.java:748)

Jan 9, 2018 10:29:39 AM  STDERR: java.sql.SQLException: com.microsoft.sqlserver.jdbc.SQLServerException: Invalid filegroup 'FG_INDEX' specified.

Jan 9, 2018 10:29:39 AM  STDERR: at com.sygate.scm.server.db.util.DatabaseUtilities.execCommandFromScript(DatabaseUtilities.java:2474)

Jan 9, 2018 10:29:39 AM  STDERR: at com.sygate.scm.install.ui.MainFrame.initDatabase(MainFrame.java:2944)

Jan 9, 2018 10:29:39 AM  STDERR: at com.sygate.scm.install.ui.MainFrame.configureDB(MainFrame.java:1439)

Jan 9, 2018 10:29:39 AM  STDERR: at com.sygate.scm.install.ui.MainFrame.nextBtnActionPerformed(MainFrame.java:4830)

Jan 9, 2018 10:29:39 AM  STDERR: at com.sygate.scm.install.ui.MainFrame.access$500(MainFrame.java:311)

Jan 9, 2018 10:29:39 AM  STDERR: at com.sygate.scm.install.ui.MainFrame$5$1.construct(MainFrame.java:4363)

Jan 9, 2018 10:29:39 AM  STDERR: at com.sygate.scm.util.SwingWorker$2.run(SwingWorker.java:153)

Jan 9, 2018 10:29:39 AM  STDERR: at java.lang.Thread.run(Thread.java:748)

0

Trying to install the 14 RU1 MP1 patch - nothing happens

January 9, 2018, 11:33 am

≫ Next: Agent Status Offline after reg key set

≪ Previous: Problem installing SEPM v14

$

0

0

I need a solution

I have 14 RU1 and am trying to install the RU1 MP1 patch from the website.  A box comes up for a second with progress bars and then closes on its own.  Symantec version doesn't change.  Reboot and still the old version.

What am I missing?

0

Agent Status Offline after reg key set

January 9, 2018, 12:01 pm

≫ Next: Trying to open a ticket, can't get past "Add Asset Details" page

≪ Previous: Trying to install the 14 RU1 MP1 patch - nothing happens

$

0

0

I need a solution

For some reason many of our agents are showing 'offline' since the reg key began deploying. We do not have an enterprise contract for SEP anymore, so cannot get full tech support. My question is: without getting the agent updates is the SEP agent still having problems? On a machine I am seeing that the Symantec services are turned off, but after starting the services there is no change. I have tried doing a repair through install/uninstall and twice the repair has failed. Any ideas?

0

Trying to open a ticket, can't get past "Add Asset Details" page

January 9, 2018, 1:30 pm

≫ Next: block execution from removable drives - but allowing 1

≪ Previous: Agent Status Offline after reg key set

$

0

0

I do not need a solution (just sharing information)

I'm trying to open an online ticket and when I come to the Add Asset Details Page for my account, it asks me to specify the Entitlement, and I can't get past that because it says "None" and there are no further pull-down entitlement options.

Would someone kindly tell me  how I can get a value in this field other than "None"?  We've been Symantec customers for a number of years.

Thanks

0

• entitlement.jpg

block execution from removable drives - but allowing 1

January 9, 2018, 1:39 pm

≫ Next: Symantec Endpoint Protection keeps stopping

≪ Previous: Trying to open a ticket, can't get past "Add Asset Details" page

$

0

0

I need a solution

Hi all,
I want to use AC to prevent execution of files from removable drives (easy) - but at the same time allow 1 specific application (clickshare) to be executed from USB.

Possible? Any suggestions as to how to do this?

Thanks!

0