We installed build 3892 and getting reports from 2 users so far that upon reboot they are receiving an application error. smcgui.exe - application error. The instruction at 0x000000000003D9E0 refeenced memory at 0x0000000000039E0. The memory could not be written. Click on OK to terminate the program.
We have tried uninstalling/reinstalling and this error has persisted.
Planning an upgrade to SEPM 14 from 12.1.x. What is the best method of rolling back to 12 should there be an issue. Can we rebuild the environment from Snapshots of the app servers and restoring the database to pre upgrade? Or is there a Symantec perscribed best practice for a rollback of SEPM
Thank you.
We have workstations on different VLANs and the browse feature does not apprear to use DNS or AD to search for available workstations. Is it really using broadcast? How do I get this to see other subnet VLAN? If I search by IP address, I just get host IPs back (no workstation names).
Please help.
Thanks,
Robert K
We will use SEP 14. Just want to confirm that SEP Manager cannot be used to get MAC clients to receive new virus definitions. A LUA must be set up in our network to do so.
Can I use an internet LUA on Symantec side?
Thanks.
We were running version 12.1.6867.6400 on a Server 2008 R2 machine with no client connectivity issues. Deployed new physical server running Server 2012 R2 and installed 14.0.3876.1100, clients show up in the management console with a green dot on the machine. Allowed machines to auto download the latest package from the SEPM server. 90% updated to 14 but Win 8, 10, 2012 machines dont pick up new AV updates from SEPM. Weird issue is Windows 7 machines are able to recevie the AV definitions without a problem (including some at a remote site with a local GUP).
Troubleshooting:
Part of me believes this issue has to do with a MS patch casuing the issue. Any ideas?
Windows 10 64ビットを利用しています。
タスクバー上で、アイコンが、右下にビックリマークがついた状態になるようになりました。
カーソルを合わせると、何かしらいくつかの問題が発生している状況に良くなり、
右クリックからコンソールを開くと、たしかに、何かしらのエラーが出ていることがあります。
ただ、翌日になると問題がなくなっている(アイコンのビックリマークがなくなっている)ことが
多いです。
他の社員の、Windows 7のパソコンでは、ほぼそのような現象は見られません。
自分が利用している、Windows 10のパソコンでは頻繁に起きているように思います。
解消方法はありますでしょうか。
EndpointProtectionのバージョンは、
「14.0 MP1 ビルド2349(14.0.2349.0100)」
です。
よろしくお願いします。
〔追記〕
Windows Updateが来る前後に、このような状況になる可能性が高いように思います。
Is it advisable to deploy 12.1.6 MP9 to an environment with 7000+ machines and has 12.1.6 MP6 installed?
what is the advantage and disadvantages?
Or should we directly go to SEP 14, within two months time?
Is it a normal upgrade? opr does the Schema of the database change like in 14 and creates lots of hump stones
Hi All,
We have a use case in one of the Customer scenario where they have 50 plus sites & each sites having 700 plus clients. and neither of the sites connects to each other. What component can be used for reporting and policy in the cloud. so that they can move to one console for reporting and policy.
also wanted to understand what would be the required bandwidth at each site, and the size of the update.
Customer is been using SEP 14.1, and have WSUS server to push updates.
Can we use cloud console for SEPM ? Does it support multiple SEPM’S.
Or should give them IT Analytics and connect all SEPM. The issue with ITA is that they are on embedded database and I guess ITA works only if the SEPM dB is SQL.
Appreciate your comments.
Thanks
Recently we had a few instances of the WannaCry ransomeware in our environment. My understanding is that it was a new variant and we have yet to be able to determine if running a scan with Symantec will remove the infection, we have determined using Malwarebytes will remove this infection and I found 2 previous articles that leads me to believe the general assumption is that it is possible located here.
https://support.symantec.com/en_US/article.HOWTO12...
https://www.symantec.com/security_response/writeup...
My primary question now is how would I go about determining if this would be the case with the new variant we've seen? I know if I were to have the hash I'd be able to run it through virustotals to determine if it is detected however I'm unsure if this confirms a scan would remove it. If anyone could fill me in on how to determine if scanning will remove a specific infection that would be great. Thanks.
I have one primary site(management-srv-av-192.168.76.2) and one secondary site(hyderabad-srv-hyd-192.168.76.3).I have created one location(Hyderabad) on the group(ICICI NDC Users).I have created a condition for hyderabad location.Now i observerd the client machine it is fluctuating the server(some times srv-av server and some time srv-hydav server).Please suggest.
Hi I am unable to Block gmail from firewall. I tried to block using block rule for mail.google.com but still when i open google chrome i can login from there. I am using 12.1.6 Mp5 symantec endpoint protection manager and i am able to block twitter and youtube by using the wildcard.Please advise on to Block gmail if anyone have done it.
We upgrade from version 12-14..
Now when we try to access the SEP via Java application it is not loading.. any solution to fix this? thank you!
I have numerous SEPMs scattered around and the V14 MACs have started showing "Network Intrusion Prevention Component is Malfunctioning". I have 1200 V12 MACS and none of them have the error. I am NOT running IPS.
Any advice?
SEP Version 14.0 RU1 MP1 (14.0.3876.1100)
Since upgrading a small group of Server 2008 R2 RDS Servers from SEP 14.0.2415.0200 to 14.0.3876.1100 those particular servers have begun reporting various Memory Exploit events such as:
Blocked Attack: DLL Injection of Network-Sourced DLL attack against C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
For managed clients, where/how do you disable "intrusion prevention and memory exploit mitigation notifications?"
Don't want to disable memory exploit mitigation, just these memory exploit notifications.
Previously tried to disable these notifications via the affected server's location specific policies and disabling Windows Toast Notification but that has had no affect. In addition, the actual SEP client still shows the following setting as being enabled and greyed out:
SEP Client-->Change Settings-->Network and Host Exploit Mitigation-->Configure Settings-->Notifications-->Display Intrusion prevention and memory exploit mitigation notifications
Any suggestions on how to disable these particular notifications?
Thanks
Hello Everyone,
We are currently migrating from Kaspersky Endpoint 10.3 to SEP 14.1. We have roughly 500+ devices that will be making the migration and we are trying to get things ready to go to make the deployment. We currently have SEPM configured on a 2016 server that seems to be working properly as well as our policy's adjusted to how we want them. We ran into a problem while setting up the SEPprep tool to configure the removal of Kaspersky on a computer prior to installation. We export the package from SEPM change the file names as required, and copy them into the exported installation directory. When we remote push the software installation package it will run through and successfully remove Kaspersky Endpoint Security 10 as well as Kaspersky Network Agent without any issues. After that it goes to execute the renamed SEPsetup.exe file and fails. Below is the log from one of the test machines that we are using. Restarting the machine doesn't do anything. I created a ticket and contacted support via phone but was told that they aren't trained nor do they support the SEPprep script. The remove 3rd party antivirus software feature that is packaged into install settings will not remove Kaspersky Endpoint 10.3. I'm really looking for any help here. I see there are others that have had similar issues but all of there forum posts do not seem to have real resolutions attached to them.
Computer Name: CSG-960
01/24/2018 14:42:06:227 SEPprep starting!
01/24/2018 14:42:06:321 Removing: Kaspersky Endpoint Security 10 for Windows
01/24/2018 14:42:06:321 Attempting to run: msiexec.exe /x {7911E943-32CC-45D0-A29C-56E6EF762275} /qn REMOVE=ALL REBOOT=R /qn
01/24/2018 14:42:58:508 Exit code: 0
01/24/2018 14:42:58:571 Removing: Kaspersky Security Center 10 Network Agent
01/24/2018 14:42:58:571 Attempting to run: MsiExec.exe /X{BCF4CF24-88AB-45E1-A6E6-40C8278A70C5} REMOVE=ALL REBOOT=R /qn
01/24/2018 14:46:19:962 Exit code: 0
01/24/2018 14:46:21:712 Attempting to run: SEPsetup.exe /s /w /s /w "/v/qn /l*v C:\windows\TEMP\SEP_INST.LOG REBOOT=ReallySuppress"
01/24/2018 14:46:22:243 Exit code: 1610
01/24/2018 14:46:22:243 Symantec Endpoint Protection is NOT installed.
01/24/2018 14:46:22:243 Added tool to local system RunOnce key, please reboot to run tool again.
01/24/2018 14:46:22:243 SEPprep stopping!Below is a screen capture of the error that is placed in event viewer.
Below is the log from temp from VPRemote
VPRemote.exe starting up with cmdline: C:\TEMP\Clt-Inst\vpremote.exe
Starting service: vpremote.exe...
Launching Command: "C:\TEMP\Clt-Inst\vpremote.exe" -launch
The process was created successfully.
Successfully deleted service: vpremote.exe.
Using vpremote cmdline args
Process CmdLine: "C:\TEMP\Clt-Inst\setup.exe" /s /w /v"/qn /l*v "C:\windows\TEMP\SEP_INST.LOG" REBOOT=ReallySuppress"
The process was created successfully.
Removing temporary installation source files from: C:\TEMP\Clt-Inst
Deleted File C:\TEMP\Clt-Inst\Setup.exe
Deleted File C:\TEMP\Clt-Inst\PkgSrcList
Deleted Directory C:\TEMP\Clt-Inst\
One or more files or folders was marked for delete on reboot!
Trying to mark for delete on reboot file C:\TEMP\Clt-Inst\VPRemoteExecutionStatus.xml
One or more files or folders was marked for delete on reboot!
Deleted File C:\TEMP\Clt-Inst\VPRemote.dat
The vpremote processing has completed.What I also found was that following the guide/infromation here https://support.symantec.com/en_US/article.TECH148513.html it states at the note:
Note: Step 7 will not work with a client package obtained from a CD because not all files will be imported into the Symantec Endpoint Protection Manager (SEPM) database. Client packages from the CD have a data1.cab file. Make sure the installation package does not contain any .cab files.
Which is funny becuase when I extract/save the .msi files from SEPM there is a .cab file in the directory. When I contacted your support channel they told me to just delete the .cab file and try again. Which resulted in the same failure to run/install via SEPsetup.exe.
I even transfered the installation package folder with SEPprep added and ran the application from the test computer directly. Executed the setup.exe or sepsetup.exe. It will remove Kaspersky again but fail to install SEP. Which writes no information to eventviewer nor anything to a log file in a temp directory but does produce this pop up error on screen.
Below is the sepprep.ini file that we are using
[Settings]
ShowGUI=N
ShowMessageBox=N
MessageBoxText=Prepairing your system for Symantec Endpoint Protection 11.0. During this process other antivirus products will be removed.\n\nIf you are prompted please fully remove these products.
AutoRunAfterUILoads=N
AskBeforeRemoval=N
SilentMSIInstaller=Y
RemoveSymantec=N
CheckDiskSpace=Y
ResumeAfterReboot=Y
EnableLogging=Y
LogPath=%temp%
RunBeforeRemoval=
RunAfterRemoval=SEPsetup.exe
[UninstallPaths]
SOFTWARE\McAfee\ePolicy Orchestrator\Application Plugins
[ProductNames]
;Programs that must be removed first
Cisco Security Agent
McAfee Agent
McAfee Anti-Spyware
Kaspersky Anti-Virus 6.0 for Windows Servers MP4
Kaspersky Anti-Virus 6.0 for Windows Workstations MP4
Kaspersky Anti-Virus 8.0 for Windows Servers Enterprise Edition
Kaspersky Endpoint Security 10 for Windows
Kaspersky Endpoint Security 10 Network Agent
Kaspersky Endpoint Security 10 Maintenance Release 1 for Windows
Kaspersky Endpoint Security 8 for Windows
Kaspersky Security Center Network Agent
Kaspersky Anti-Virus 6.0 for Windows Workstations
Kaspersky
Kaspersky Small Office Security for Personal Computer / File Server, all versions
Kaspersky Total Security
Kaspersky PURE, all versions
Kaspersky Anti-Virus, all versions
Kaspersky Internet Security, all versions
Kaspersky Password Manager, all versions
Kaspersky Fraud Prevention for Endpoint, all versions
AVP Tool driver
Kaspersky Security Scan 3.0
Kaspersky Security Scan 2.0
Kaspersky Endpoint Security 8/10 for Windows (for File Servers)
Kaspersky Endpoint Security 8/10 for Windows (for Workstations)
Kaspersky Anti-Virus 6.0 R2 for Windows Workstations
Kaspersky Anti-Virus 6.0 R2 for Windows Servers
Kaspersky Anti-Virus 6.0 FS MP4
Kaspersky Anti-Virus 6.0 SOS MP4
Kaspersky Anti-Virus 6.0 WKS MP4
Kaspersky Anti-Virus 8.0 for Windows Servers Enterprise Edition
Kaspersky Network Agent 10
Kaspersky Lab Network Agent 8/9
;The name of antivirus companies
McAfee
Trend Micro
Sophos
Kaspersky
avast!
Webroot
BitDefender
F-Secure
AhnLab
;Key words used in product names
AntiVirus
Anti-Virus
Antispyware
Anti-spyware
AntiTrojan
Anti-Trojan
Client Security
Security Agent
Internet Security
Endpoint Protection
Total Security
Total Protection
Personal Firewall
Client Firewall
;Known product names
Norton Internet Security
Norton 360
Norton Antivirus
Norton SystemWorks
McAfee Total Security
McAfee VirusScan Enterprise
McAfee VirusScan
McAfee Antispyware
McAfee Total Protection
McAfee Active Virus
McAfee Internet Security
Trend Micro Internet Security
Trend Micro AntiVirus
Trend Micro SecureSite
Trend Micro Worry-Free
Trend Micro OfficeScan
Trend Micro NeatSuite
Trend Micro InterScan
Trend Micro ServerProtect
PC-Cillin
Sophos Anti-Virus
Sophos Endpoint Security
Sophos Client Firewall
Sophos Computer Security
Panda Administrator
Panda Internet Security
Panda Global Protection
VIPRE® Antivirus
VIPRE Antivirus
VIPRE Enterprise
CounterSpy Antispyware
Windows Defender
Microsoft Forefront Client Security
Forefront Client
BitDefender Antivirus
BitDefender Total Security
BitDefender Internet Security
BitDefender GameSafe
Agnitum Outpost
Outpost Security Suite
Outpost Firewall
Outpost Network Security
AVG Free
AVG Internet Security
AVG Anti-Virus
AVG 2010
AVG 2011
Avira AntiVir
Avira Premium Security
Avira WebProtector
CA eTrust
CA iTechnology
CA Internet Security
CA Anti-Virus
CA Personal Firewall
CA Anti-Spyware
eEye Blink
eEye Iris
eEye Retina
ESET NOD32
ESET Smart Security
ESET Enterprise Security
AntiTrojanVirus
Anti-TrojanVirus
Internet Guardian Angel
Finport Simple Anti-Virus
Fortinet FortiClient
FortiClient
Frisk F-PROT
F-PROT Antivirus
F-Secure Client Security
F-Secure PSB Workstation Security
F-Secure Anti-virus
G DATA AntiVirus
G DATA InternetSecurity
G DATA TotalCare
G DATA NotebookSecurity
G-DATA AntiVirus
G-DATA InternetSecurity
G-DATA TotalCare
G-DATA NotebookSecurity
K7 Total Security
K7 Antivirus
Kingsoft Internet Security
MWTI eScan Internet Security
eScan AntiVirus
eScan Internet Security
eScan Corporate Edition
eScan Enterprise Edition
Nifty Corp. Security
Norman Security
Norman Endpoint Protection
Norman Virus Control
Norman Online Protection
PC Tools AntiVirus
PC Tools Internet Security
PC Tools Spyware Doctor
Quick Heal AntiVirus
Rising Internet Security
Trustport Antivirus
VirusBuster VirusBuste
VirusBuste
TrustPort Antivirus
TrustPort PC Security
TrustPort USB Antivirus
TrustPort U3 Antivirus
ClamWin Free Antivirus
ClamWin
Spybot
ZoneAlarm
Proventia
BlackICEHello,
We are experiencing a similar issue with Windows 10 1709 as described by this article but with SEP 12 RU6 MP9
https://support.symantec.com/en_US/article.TECH247...
Does anyone have any solution to this issue?
Hi,
We have a condition in SEP 12 FW to ckeck if the client is using Juniper Virtual Network Adapter to connect through SSL-VPN, this condition was selected from predefined list. After we upgraded our SSL-VPN Gateway, SEP FW don't recognize the Network Adapter anymore. We opened a Case by Pulse Secure and they confirmed that as per the update apart from the Network Directories the is no changes done in the Virtual Adapter Setting.
Has anyone faced this before and can someone shed some light on how to solve this. Or could anyone help us to understand how the SEP is fetching the virtual adapter information.
Thanks.
How can be it?
Also Windows 7 Activity Center sy than my antivirus and my anti spyware are out of date
Live Update cant connect to servers even if at internet options (Internet Explorer) I have correct the proxy settings (current now since 2 weeks at our LAN no use proxy, or maye an invisible proxy)
I am trying to push out an upgrade from my SEPM to its clients. I am going from 12.1.6168.6000 to 12.1.72666800. I am getting the error "Client has failed to apply upgrade package due to integrity errors." It is doing this for all my clients. I enabled sylink.log on one client and saw this information:
"Unable to query return content length for SendRequest, 122"
and
"CMC FAILED to act on the package.. Full version: 1 Filename: <Folder Path> Error Code:21"
I can export the package and install it on the systems manually without any issue. I also found the autoinstall located at <Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\smclu\setup>. I can manually run the installation from there as well.
Any suggestions?
i want to create report is older than the 7 days of definition date. what can i do for the report setting ?
i need received the report by email per day. the report detail is virus definitions distribution older than 7 days but the option of definition data do not have this chosen.
