I found a webinar on CBI’s website (https://content.cbisecure.com/watch_sep14_webinar_dec_2016) and at 22:50 of the presentations he talks about have a “Red Flag Assessment” of SEP 14 done. I inherited SEPM version 14 server and about 130 clients; and I’m not 100% sure it is configured to best fit my business. I was wondering if someone could give me some information on who to contact about have an assessment made of my system.
The installer operates without a hitch. But in SEP, there is the scary red X and instruction to "Fix".
But on the Security & Privacy panel,
in the bottom fourth where the "blocked" message and the "Allow" button should appear,
there's nothing.
I have reinstalled and rebooted multiple times. Same thing.
The version is build 3752, the version provided by my institution.
What advice, folks?
Hello,
I am installing our new Citrix 7.15 farm, we are going to use the machine creation services to deploy machines from a template.
On the template I installed SEP 14 MP1 build 2332.
Before I create new machines from the template I usually run the ClientSideClonePrepTool.exe.
Everything works fine so far, but everytime i restart the cloned machines, mcs is doing a reset of the machine (MCS - non-persistent)
This is correct like this as we want a clear situation after every server reboot.
The problem is that after every restart a new hardware ID is generated and we end up having multiple entries in the SEP console.
How can we solve this kind of problem, I want to prevent that multiple console entries are generated after a reset of the MCS machine?
On the console server we use SEPM 14 MP1 build 2332
Thank you
I have found out this week after the meltdown / Spectre vulnerability that there might be another one on the horizon. Then as of this morning that has come true with Intel AMT Flaw. So I am wondering is Symantec going to be able to recognize this? Here is the link to the article https://www.hackread.com/critical-intel-amt-flaw-l...
Hi all,
We recently conpleted upgrading all of our SEPM servers to 14.0.1 RU1 MP1 and upon completing this upgrade when attempting to log into the SEPM console for any of these servers we're seeing the "Logging on to the management server" progress bar for upwards of 5 minutes. When logging in from the SEPM servers themselves this only takes a few seconds. The web client also only takes a few seconds. Has anyone else received this issue and if so how was it resolved? Thanks.
Hi ,
i am intending to install new SEPM 14.1 server , and we have an old 12.1.
what is the best practice to move all the policies groups and communication to the new server
Thanks
Hi,
I'm having small issues with the newest EPM version 14.0.1 (14.0.1 RU1) Build 3752 (14.0.3752.1000).
All clients except 3-4 are online with the newest updates. The three other clients receive packages from the server or are updated in general (I didn't see where it got the updates from).
Even though they are updated, the EPM still shows them as outdated with dates from the end of november 2017.
Is there anything that is causing that? Is anyone having the same problems?
Regards & thanks in advance
Hello,
I get an error on cilents that updgrded from 14.0.2415 to 14.0.3876, the ""Network and Host Exploit Mitigation" stuck on waiting for update
i attache the snapshot form client, also get notifiction on SEPM "FILE Replication Lookup Alart"
Any help please
Thanks
Korean console displayed with wiered charactor,
hello,
constantly a message appearing on the client end- traffic has been blocked from this application: Host process for Windows Services(svchost.exe),
please suggest me solution for it and why it comes.
tell me , how troubleshoot from console manager SEPM 14.1.4 ?
Hi
We have a strange problem with centralized exceptions in 14 RU1 (Build 3752) . If we create a new exception, in the "Specify the types of scans" we have only the option to select "Application control". There is no "All" or any other scan technology available anymore to select.
Any suggestions?
Thx
I haven't checked in a while, but has SEPM 14 implemented AD Group based authentication / authorization yet?
For example, if I have SEPM_Admins group in AD, can I setup that group in SEPM as an administrator? This way I only have to add users in AD to my SEPM_Admins group to login to SEPM with their AD credentials.
If not, when does Symantec plan on implementing this?
Hi,
We are using the SEP in our organisation and we have huge number of desktop and facing an issue related to virus.
we are receiving the huge alert of virus where the actual action taken by the Symantec End-point protection solution is shown as "Details Pending", three things i need in this contrast:
1. what is the "Details pending" action which is taken by the SEP solution..?
2. does this action (details pending) is required to monitor in SIEM as security purpose...?
3. is there any method by which we can eleminate this or remove this action (details pending) and only Deleted, Querrtine, cleaned action taken by the SEP solution.
Please provide the solution for above issue.
Thanks
-Vishal
Has anyone else experienced daily crashing of their Chrome browser since updating to 14.0.1?
We are a predominately 32bit windows 7 house, however this seems to be separate from the operating system. We ran 14.0 MP2 for quite a while without issue. We then updated to 14.0.1 and we have had chrome crashing daily. This has also been seen on x64 windows 10
The crash is a hard one, freezing the PC until your forcefully close the chrome application via task manager.
This seems to be associated with when updates are processed as it only happens once or twice a day, sometimes within minutes of definitions being updated. The crash relates to SYSFER.DLL or IPSEng64.dll/IPSEng32.dll
I have tried:
Annoyingly I cannot reproduce the error on demand so troubleshooting is a slow process, and for some reason it doesn't seem to be happening to all PCs (mine is immune).
I don't want to have to try rolling back the client on all affected systems, it will take quite a while to uninstall and reinstall (up to 120 PCs).
Any help would be appreciated.
-Phil
After installing sep 14.0.1.MP1 on windows 10 1607 edition, explorer.exe hangs. when i right click on desktop and click on refresh windows hangs. after 2-3 mins it came back to normal.
Hi,
I'm using a virtual machine (vmplayer) installed on Windows 10.
I need to allow all ip traffic from/to this vm machine.
I tried allowing application but it did not resolve the issue.
Any suggestions?
Hi,
Quite a few years ago I created an install source location with the expanded client package files so the various teams could automate the installation of SEP. I used a script to copy the various AV Def files from the IIS locations on the SEPM server into the client packages so they would always be up to date when a new PC/Server is rolled out. This worked fine with SEP 11 & 12.
Now that SEP 14's using the micro def format, the original KB's are no longer relevent. (https://support.symantec.com/en_US/article.TECH204...)
Exporting 10-12 packages once a week is chewing up about 30-40 minutes at a time and I'm getting sick of doing it. (And I sometimes forget to do it and the desktop guys get AV def out of date alerts on newly installed PCs and it freaks them out, thinking our SEPM server is broken or something.)
Does anyone have a script / process they can share that will enable this to continue to be done using SEP 14 that uses the cloud lookup configuration? Or ideally, can Symantec please update the above document to reflect the new architecture?
Cheers
Steve
Hi,
When I try to open any Word doc(x) file, Word 2010 will not start because it gets blocked by SEPM (MEM).
If I start Word first - without opening a file - Word start fine and I can even open with same file without problems.
Other antivirus/malware software does not find a thing (Malwarebytes, VirusTotal) so this looks some kind of false possitive.
Had the same thing happening with VLC a while ago btw.
Seems like if there was once a vuln in the past Symantec is quick to blacklist exe's?
I'm running an unmanaged client, how can I "fix" this issue, other than disabling MEM?
Relevant log:
851/17/2018 12:09:19 PMMemory Exploit MitigationCriticalIncomingNone0.0.0.00N/A192.168.0.100N/AC:\Program Files\Microsoft Office\Office14\WINWORD.EXE610100Attack: Return Oriented Programming API InvocationuserPC Default11/17/2018 12:09:27 PM1/17/2018 12:09:27 PMBlocked Attack: Return Oriented Programming API Invocation attack against C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Hello everyone, i have upgraded to SEP 14.1 MP1 and have enrolled SEPM to the cloud portal. However once login to the portal I dont see an option to activate trial for Application Hardening feature introudced in the new version?
Can you please share me with the steps for enabling the trial for Application hardening in the cloud portal?
Your support is appreciated. Thanks