Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all 10484 articles
Browse latest View live

Product error requires attention

January 19, 2018, 8:18 am
$
0
0
I need a solution

Hello,

I'm running Symantic Endpoint Protection version 12.1.7004.6500.105 on a Windows 10 machine.

I do not know when the issue started occur. Just today (January 19th) I got alerted that Symantec Endpoint Processor was not active. But it was not so a few days ago!

After starting the application, I got a message stating "Your old virus are  out of date..." (attachment SEP.docx - Fig 1)

I followed the message's suggestion, but when trying to click "Liveupdate" by opening the yellow shield,  I got a message stating "Symantec Endpoint Protection cannot open because some Symantec services were stopped" (attachment SEP.docx - Fig 2)

After starting the service for the Symantec Endpont Protection (attacment SEP.docx - Fig 3), I again got a message stating "Your old virus are  out of date..." (attachment SEP.docx - Fig 1)

and another message appeared on the stating "Product error requires attention" (attachmento SEP.docx - Fig 4)

The Symantec Endpoint Protection Service got stopped again

And this goes on in an undending loop

What is the solution for this issue ??? How do I get out of this ???

Thank You

    0

    Search

    SEPM Site Management and Replication Design Recommendations

    January 19, 2018, 8:41 am
    $
    0
    0
    I need a solution

    Hey all,

    With my new position at work, I'm getting my hands dirty much more significantly with SEPM and how the sites are setup. 

    Domain 1 - Online.
    Domain 2 - Offline.
    Domain 2 technically has 5 separate sites. We can consider that 4 remote and 1 local, like a spoke configuration.

    Domain 1 handles it's own domain and gets updates through its SEPM. However, my previous colleague also setup LiveUpdate Administrator to distribute updates to the 5 sites of domain 2. Now that the 5 sites are all on the same domain (DOMAIN2), I'd like to see if there is a better configuration method. Each site has its own instance of SEPM, with different licenses and clients. My main goal is to be able to get rid of LiveUpdate Administrator, since this application just seems horrible and unnecessary.

    I've been toying around with the idea of replication, but I don't know much about it and have a few questions. Any and all recommendations are welcome!

    1. What is the best way to be able to get updates and definitions from Domain #1 to Domain #2, so that Domain #2 Site #1 can distribute to the other 4 sites? Presently this is done via LiveUpdate Admininstrator.
    2. If we go this route, do all sites in Domain #2 need to be using the same license? Presently they're individually licensed sites.
    3. Can we have individual administrators per site, as well as administrators that can access the entire setup?
    4. How would deploying clients from the sites work? Does a client get received from its local site, or the site that is initiating the deployment?
    5. Would it be possible to incorporate a site from DOMAIN3 into DOMAIN2?

    I think this is all I have for now. Thank you!

    0

    Very Slow Live Update

    January 19, 2018, 12:00 pm
    $
    0
    0
    I need a solution

    I have a problem with a single client (Win7-64 laptop) when I run an immediate Live Update from home.

    It is connecting to liveupdate.symantecliveupdate.com but running extremely slowly since early 2017. Prior to whatever caused the slowdown, the LU ran in about 20-30 minutes over a slow Internet connection.  Then one day it took 2-3 hours.  Has taken 1-3 hours ever since when run from home.

    Client upgrade (from 12 to 14) and significant bandwidth upgrade on my home network have been done since the slowdown and have done nothing to improve the speed.  When I take the laptop to work and connect using employer network, LU completes in 2-3 minutes.  (Non-portable devices at the employer are updated automatically  from our server.  But since I have this laptop at home, I do most of the updates on my home Internet connection.)

    Just connecting to liveupdate at symantec is taking 15-20 minutes.  There are no other problems with this device connecting to Internet sites, just Symantec LiveUpdate.

    Is there an LU log that I can access to see if it reveals anything?

    Are there ports used in the process that may be closed by Windows firewall or the Internet router?

    Any other ideas?

    0

    New install of SEPM clients not connecting to console

    January 19, 2018, 12:29 pm
    $
    0
    0
    I need a solution

    We are deploying a new SEPM server with Ver. 14. I have created a basic deployment package and remotely pushed it to several servers. I can see on the new version on the clients but they are not showing up in the manager. The local client install on the manager server is showing up, but that is the only one that seems to be working correctly.

    Thank you.  

    0

    Cannot move client to a new SEPM14

    January 20, 2018, 9:42 am
    $
    0
    0
    I need a solution

    I just installed a new server with SEPM 14 , I am trying to move some clients that are currently connected to a 12.1.6 SEPM server (a different machine), I had tried to export the communication package and import it manually to some SEP 14 clients , also tried to remotelly push the communication package, but for some reason looks that it connects momentarly to the new server and then connects back to the old server...what am I doing wrong?

    Thanks!

    0

    SEP 14 Replication

    January 22, 2018, 12:27 am
    $
    0
    0
    I need a solution

    Hello everyone, we have SEPM 12.1.6 MP4 deployed with an emebdded datbabase installed on the DC ( which is not a best practice) supported about 400 agents. We are planning to upgrade the SEPM to 14 and to move it to a different dedicated server from the DC. In order to do that I have the below plan if my mind. I just wanted to have your expert opinion in my approach to make sure it is a seamless process.

    1) Upgrade the SEPM 12.1.6 to SEPM 14 on the DC.

    2) once upgrade is done, installed another SEPM on a different machine as a replication partner (Install the new SEPM with SQL database instead of embedded)

    3) once replication has been completed sucuessfully. Create an MSL list to point the clients to the new SEPM.

    4) once all the clients are moved to the new SEPM uninstall SEPM from the old DC.

    5) Then install  a new SEPM  on a new server to an existing site running with SQL database so that we have two SEPMs as Primary and Secondary for Failover.

    Does the above stretegy seems fine to you. The other thing I would like to confirm is we can configure replication between SEPM with embedded database and SEPM with SQL database, right?

    Your comments are appreciated. Thanks 

    0

    Exclutions not working?

    January 21, 2018, 7:02 am
    $
    0
    0
    I need a solution

    Hello,

    I'm using VirtualBox and it kinda clashes with Symantec Endpoint Protection (version 14).

    Basically, the SEP blocks all outgoing connections from Guest VMs and they can't connect to internet and such.

    I've read on the forum that I can put the virtual box's application in "Exclusion", and so i did, but it seems that it doesn't work (tested it).

    few questions please:

    1. How can i make sure that the exclusions work?.

    2. Any other idea / way of making the exclusions?.

    Thank you.

    John.

    0

    SEP 14.0 RU1 MP1 build 14.0.3892.1101 - GUI crashes

    January 21, 2018, 7:09 am
    $
    0
    0
    I need a solution

    Hi

    I have updated pc's to the latest version of SEP.

    On PCs where I have Teamviewer13 installed, whenever I sign in on the Teamviewer interface to "Computers and Contacts", the SEP gui crashes instantly.

    I get a pop up saying that Symantec Endpoint Prrotection has stopped working

    The icon in the tray vanishes

    and I get a pop up aplliction error notice stating that smcgui.exe has referenced memory that cant be written.

    If I sign out of Windows 10 and back in, SEP is back to normal ... until I sign in to the Teamviewer interface again....

    Can anyone advise?

    Regards

    M

    0

    Search

    NTP blocking VM traffic on HyperV host after upgrade to 12.1 RU6 MP7

    January 22, 2018, 3:14 am
    $
    0
    0
    I do not need a solution (just sharing information)

    Scenario:

    The HyperV hosts and hosted VM's all have AV + NTP installed, the firewall policy for the hosts only have rules necessary for the hosts themselves, not the hosted VM's (they have their own FW policies).  We have just upgraded to 12.1 RU6 MP7 from 12.1 RU5, now NTP on the host is blocking traffic destined for its VM.

    In the host's NTP traffic log, the VM's MAC and IP address are shown in the local host details. 

    I can work around this by creating a rule to allow all traffic to the VM's MAC address, however why do I now need to create these rules?

    I have a case raised - 13921775, however Symantec support have been fairly poor, with the advice given of 'uninstalling NTP' and that this is fixed in MP8 (different issue): FIX 4074754 https://support.symantec.com/en_US/article.INFO436...

    I have found the following threads, but none have a solution:

    https://www.symantec.com/connect/forums/endpoint-p...

    https://www.symantec.com/connect/forums/sep-window...

    Any help appreciated!

    0

    Invoke-RestMethod to interact with SEPM Groups

    January 22, 2018, 5:34 am
    $
    0
    0
    I need a solution
    I'm trying API Rest method with Symantec EndPoint Manager 14 (14.0.3876.1100)
     
    [System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $True }
    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;
     
    $cred= @{
    username = "myaccount"
    password = "mypassword"
    domain = ""
    }
    #converts $cred array to json to send to the SEPM
    $auth = $cred | ConvertTo-Json
    $Authent=Invoke-RestMethod -Uri https://mySEPM:8446/sepm/api/v1/identity/authenticate -Method Post -Body $auth -ContentType 'application/json'
    $access_token = $Authent.Token
     
    #Lists All groups
    Invoke-RestMethod -Method Get -Uri https://mySEPM:8446/sepm/api/v1/groups -Headers @{Authorization='Bearer '+$access_token}
    #Creates NewGroup
    Invoke-RestMethod -Method Post -Uri https://mySEPM:8446/sepm/api/v1/groups -ContentType "application/json" -Headers @{Authorization='Bearer '+$access_token} -Body @{Groupid = "E7CE611599EF43D34050E441973EE6A7";Name = "NewGroup";Description = "NewGroup_description";inherits = "True"}
     
     
    Method Get returns an array with properties of each groups (ID, name, description, ....)
     
    I want to create a new group "NewGroup" under a group with ID "E7CE611599EF43D34050E441973EE6A7"
    Method Post returns an error 500
     
    Invoke-RestMethod : The remote server returned an error: (500) Internal Server Error.
    + Invoke-RestMethod -Method Post -Uri https://mySEPM:84 ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
        + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
     
    I think there is an error in body section.
    Someone knows the good syntax for this ?
     
    Thank you in advance.
    0

    Recovering Client Groups and PCs in the SEP Manager

    January 22, 2018, 8:02 am
    $
    0
    0
    I need a solution

    I'm not sure what happen, but a colleague upgraded one of our servers to the new SEP Manager v14 over the weekend.  I came in today to find groups and all the clients that were listed in those groups missing. I have looked all through the manager, but I don't see a way to recover them. I also have gone to SEP client on my computer and clicked on update policy and also ran smc -updateconfig in a  "run" command. Yet, I still don't see my computer or any of the other computers that were deleted showing up. Any suggestions on where to go from here?

    0

    Excel files reporting "someone else is working in file" when trying to save to network share

    January 22, 2018, 8:13 am
    $
    0
    0
    I need a solution

    I've been encountering an issue with Windows 10 clients using Office 2016 Excel to open/edit/save Excel files to a network share.

    We are running a mix of SEP 14.0.3752-14.0.3876 clients, managed by SEPM 14.0.3876. Our file server is Windows Server 2016. Our clients are Windows 10, builds 1607, 1703, and 1709.

    What happens in that a user opens the Excel file, makes edits, goes to save, and gets an error that the file is being worked on by another user and cannot be saved (which is not the case). A ######.tmp files gets created on the share (which is normal when an Excel file is saved), but this file should disappear during a proper save. Instead, the ######.tmp file remains, so Excel thinks that the Excel file is in use and fails to save.

    The real kicker here is that it happens randomly across various users having the issue, and from one day to the next, I might not see it on the same client working on Excel files on the same share. And I cannot duplicate the error when I try. It is maddening!

    Why am I posting this in a Symantec Forum? Because I have tried various workarounds on the Windows side with no luck, but the constant in all this is that SEP is running on my Windows 10 clients (and Windows Server clients). I even removed SEP from the file server hosting the share, leaving only the Windows 10 clients running SEP, but I am still seeing the issue.

    Any thoughts? Perhaps SEP is running some sort of scan that is causing the locking, but if that were the case, wouldn't I see this on all my clients accessing the multiple shares on my servers?

    0

    Batch file to run stop and start smc service

    January 22, 2018, 2:06 pm
    $
    0
    0
    I need a solution

    Hi, I've written a batch file to stop the smc service, but each time I run it, there is a User Account Control pop-up that asks for permission to stop the service.  Is there a way on my command line that I can prevent this pop-up from occurring?  I want the procedure to be silent.

    Thanks

    0

    Ransomware Encryption - .arena Variant

    January 22, 2018, 2:56 pm
    $
    0
    0
    I need a solution

    Good afternoon forum.

    To start with, this community forum has a tremendous amount of subforums. I read through every single one and choose this subforum for my question. If this was the wrong choice, let me know and I'll move this posting.

    A couple of months ago I was infected by one of the .arena ransomware strains. It encrypted every file on my PC.

    Specifically: myfilename.txt.id-00C77069.[whoareyou666@cock.li].arena 10/6/2017 11:52 AM

    I actually had a popular malware product running on the system, but it didn't prevent it. I'm not here to lay blame on that product, but I'm wondering if Symantec has a pay-for solution to decrypt my files.

    Thanks for any suggestions.

    0

    Windows Cluster is blocking by SEP NTP

    January 22, 2018, 10:31 pm
    $
    0
    0
    I need a solution

    We are having a Windows Cluster Environment with Two nodes connected. We have installed SEP 14 MP2 on both the servers on local drive and we have implemented the customized firewall policy based on our requirement.

    Few days later we come to know that the standby node in the cluster got down. After a dig deeper we found that the SEP is causing this issue. When we disable the SEP by smc -stop the cluster is working fine.

    To isolate this issue we have applied any any rule in Firewall Policy, it started working fine, but the customized policy contains the necessary ports for the Windows Cluster. Even though it is not working properly.

    How we can proceed further to fix this issue?

    Regards

    Sathiyapprakaash, A.K

    0
    Search

    SEPM email alert with Office 365

    January 23, 2018, 1:52 am
    $
    0
    0
    I need a solution

    Does SEP 14 support email alert via office 365? If not, what are the option? Thanks

    0

    How to view corrective actions log in SEPM

    January 23, 2018, 2:36 am
    $
    0
    0
    I need a solution

    Hi 

    I test virus on windows 10 and I see this log in symantec agent, But I can't find log on Symantec Endpoint Protection Menagement.

    How to view corrective actions log in Symantec Endpoint Protection Menagement?

    0

    SEP Application and Device Control (sysfer.dll) blocking McAfee Validation Trust Protection (mfevtps.exe) service from running

    January 22, 2018, 7:16 pm
    $
    0
    0
    I need a solution

    Hi,

    I'm using SEPM 14 MP2 and having issue in running McAfee Client Proxy (MCP) version 2.3.2.251 installed on Windows 10 (version 1703).

    MCP services run fine when SEP is installed without Application and Device Control feature. I have seen some threads which mention that Symantec injects sysfer.dll into processes for ADC.

    I have added following McAfee files and folders exception but it still doesn't help in starting McAfee Validation Trust Protection Service (mfevtps.exe).

    However, if I add C:\Windows\System32 (not including subfolder) under Application Control exception then the services run fine.

    How can I troubleshoot or narrow it down further to the file which is getting called by mfevtps.exe service and getting blocked?

    Exceptions in place (includes subfolders):

    1. C:\Program Files\Common Files\McAfee\
    2. c:\program files\mcafee\
    3. c:\program files (x86)\common files\mcafee\
    4. c:\windows\system32\mfevtps.exe
    0

    viirus and spyware protection and compliance not updating

    January 22, 2018, 9:27 pm
    $
    0
    0
    I need a solution

    Hi,

    ​I have installed primary symantec server(Global) along with  secondary site(Bangalore).Virus and spyware protection summary and compliance is not updating in the sepm.

    Please help

    Server configuration:2016 standard

    SQL Server :2014

    AV:12.1.6(12.1 TU6 MP6)
     

    0

    Manually import client packages into Endpoint Protection Manager

    January 23, 2018, 4:25 am
    $
    0
    0
    I need a solution

    Currently "12.1.7004.6500" version package available in my Client install Package on SEPM.

    I want to add "12.1.7369.6900" version client package into my SEPM package manager.

    I have downloaded latest client install patchec form (https://support.symantec.com/en_US/article.INFO466...) this link but unable to add using "A client install package" option.

    Becuse on my serial only 14 version full package is available to download.

    0
    Viewing all 10484 articles
    Browse latest View live
    Search
    <script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>