Hi there,
One of our customers wants to install Symantec Endpoint Protection V14 on a standalone (neither network nor internet access) PC - so far so good. The customer has a special interest in implementing the Application Control mechanism within SEP V14. My question is if it is possible to install, configure and run Application Control on a stand-alone PC (Win 10 Pro) ?
Thanks a lot.
Best regards,
Christoph
Hello,
Is it safe to assume that if an event says Actual Action: Details pending it will eventually be followed by the Requested Action?
For example:
Actual action: Details pending,Requested action: Quarantined
Thank you!
Hi all,
I currently need to deploy SEP 14 on a standalone machine which is isolated and I would like to know if it is possible to download the custom Host Integrity policy templates, such as the Secure Workstation templates, from Symantec LiveUpdate onto a separate machine and transfer it into the standalone machine when the opportunity arises.
If anyone could point me to a documentation that shows if it can be done, I would greatly appreciate it.
Thank you in advance,
Joel
After upgrade from 12.1.6 to 14.0.1 (14 RU1) clients stopped updating definitions. All clients with old and new client version.
Than I upgraded to 14.0.1.1 (14 RU1 MP1) but it didnt help. Clients are communicating with sepm. Sepm updates definitions correctly.
I also upgrade few replica servers and they works fine.
There are a lot of unkown errors in sepm:
java.lang.NullPointerException com.sygate.scm.server.util.ServerException: unexpected server error.
at com.sygate.scm.server.util.ServerLogger.log(ServerLogger.java:476)
at com.sygate.scm.server.util.ServerLogger.log(ServerLogger.java:441)
at com.sygate.scm.server.util.ServerLogger.log(ServerLogger.java:437)
at com.sygate.scm.server.util.ServerLogger.log(ServerLogger.java:433)
at com.sygate.scm.server.task.PackageTask.run(PackageTask.java:817)
at java.util.TimerThread.mainLoop(Timer.java:555)
at java.util.TimerThread.run(Timer.java:505)
Caused by: java.lang.NullPointerException
yeasterday many below errors but today only above:
2018-02-12 12:57:54.096 THREAD 35 WARNING: Recompile all groups for key [progress.serverVersion].
2018-02-12 12:57:56.589 THREAD 35 SEVERE: Unknown Exception in: com.sygate.scm.server.task.PackageTask
java.lang.NullPointerException
at com.sygate.scm.server.metadata.BinaryFileCollection.getFile(BinaryFileCollection.java:2266)
at com.sygate.scm.server.metadata.MetadataManager.getFile(MetadataManager.java:579)
at com.sygate.scm.server.metadata.MetadataManager.getFile(MetadataManager.java:574)
at com.sygate.scm.server.configmanager.ConfigManager.getFile(ConfigManager.java:2500)
at com.sygate.scm.server.task.PackageTask.writeBinaryFileToDisk(PackageTask.java:4182)
at com.sygate.scm.server.task.PackageTask.publishContent(PackageTask.java:3981)
at com.sygate.scm.server.task.PackageTask.publishLiveUpdateDirectory(PackageTask.java:3672)
at com.sygate.scm.server.task.PackageTask.publishSecurityContents(PackageTask.java:926)
at com.sygate.scm.server.task.PackageTask.run(PackageTask.java:583)
at java.util.TimerThread.mainLoop(Timer.java:555)
at java.util.TimerThread.run(Timer.java:505)
I am running SEPM 12.1.6 MP5 on Windows Server 2012 R2 Datacenter with an external database.
The server is in an extremely controlled environment and security is wanting us to justify Port 80. We do not use LiveUpdate but import virus definitions from the previous day from our user network Symantec Server (by downloading the .jdb file) to this server as a requirement. Please don't get lost in the WHY we do that ... I just need to know if we can safely disable port 80 if we are not using Live Update? I previously understood Port 80 was required for the User Interface Web GUI and/or communications between the SEPM and the client. I have looked at several links and could not really verify my understanding of this port. I appreciate any guidance you can lend. Thanks!
We recently upgraded to SEP v14.0 RU1 MP1 build 3876. Our clients have the Cisco Umbrella Client v 2.1.0. Multiple people, including myself, have noticed that SEP doesn't seem to be playing well with the Umbrella client. (SEP 12 did not have any issues.) For me, when I browse the web, CPU use for Chrome & IE both shoot up when I go to a webpage. Even opening blank tab causes it. I am normally playing music in VLC and it stutters something fierce. A couple instances of chrome.exe shoot up to 25 in the Task Manager. Occasionally dnscrypt-proxy.exe, part of the Umbrella client, will also start hogging CPU.
I uninstalled SEP and everything was fine immediately. I reinstalled it and found that the problem started again, though not as bad as before. However, it has gradually gotten worse and is back to where it was.
Has anyone else noticed this kind of behavior or any other conflict between SEP 14 and Cisco Umbrella?
Skip
I'm testing the Applciation & Device Control policy and I've ran in to an issue.
I've created a custom Bat file and I've attempted to block the file using its MD5 hash.
After reading and follwoing the documentation; I can still launch the Bat File.
https://support.symantec.com/en_US/article.HOWTO80...
Has anyone tried to block files by MD5 Hash?
Is there a better discpritive tutorial on how to block rogue files and appliations?
I am trying to do some clean up and better management of our SEP environment. Currently we have our groups laid out in this fashion:
- Main company
- default group
- Our organization
- Servers
(Under here are the individual server groups)
- Workstations
(Under here are the individual workstation groups)
Th issue I run into is that the individual groups do not inherit the policies of the parent (due to exceptions and such), so when I do have an exception that I need to apply to all devices, I have to go into every policy (Which currently sits at about 60) and add the exception in.
Is there a better way of managing the exceptions that apply to all devices, while still having the individual policies for application exceptions?
I could connect to Symantec Endpoint Protection 14.x via API. I Can do this with sysadmin user:
"role": {"bitMask": 8,"title": "sysadmin"
}when I change this user to admin, I couldn't access some resources like groups and fingerprints (I can do this from admin panel)
"role": {"bitMask": 4,"title": "admin"
}Is it normal? Why couldn't admin access to resources? some companies don't want to give sysadmin user for integrations. Is there any solution for this?
Any help or document would be appreciated.
I could still use a little help wrapping my head around how to install SEP14 on our Citrix environment.
I have about 45 virtual servers that are configured as VDA-agents. Do I need to run the Virtual Image Exception Tool on each of these servers, and then instal the SEP VDI package on those servers?
Thank you.
We currently got SEP 12 hosting its database on a SQL 2008 R2 Server and we are building new SEP 14 environemnt with SQL 2016 (the old SEP 12 & SQL 2008 R2 will continue to run in parallel). We have build new SEP 14 application server but we could not find any details on how to migrate (copy) the data from old SQL database to new SQL database. We have restored (overwrite) old sem5 database on new SQL Server but application fails possibly because old database scheme is different.
Is there a documented process on how to migrate the data from old SQL database to new database ?
Windows 10 Version 1709 (OS Build 16299.x). SEP Version 14 (14.0 RU1 MP1) build 3876 (14.0.3876.1100).
After a Windows patch applied around 1/3/18, SEP started displaying a product error message. The Symantec tech note https://support.symantec.com/en_US/article.TECH248552.html provides a method to fix it, which has been working. However, today I noticed that two Windows 10 computers that received the above MS KB fixed themselves, that is the product error message went away replaced by the familiar green dot.
Live Update is attempting to connect but failing with errors
The following Symantec products and components are installed on your computer:
> AP Portal List
> Intrusion Prevention Signatures
> Symantec Endpoint Protection Client
> Common Network Transport Library and Configuration
> SEP Client Security Updates
> Symantec Whitelist
> Centralized Reputation Settings
> Power Eraser Definitions
> Endpoint Detection and Response
> AdvML (Static) Win64
> SEPC Error Submission Control Data
> Extended File Attributes and Signatures
> Submission Control Thresholds
> Revocation Data
> Virus and Spyware Definitions SDS Win64 (Reduced)
> WSS Traffic Redirection
> SONAR Definitions
Initializing...
Connecting to liveupdate.symantecliveupdate.com...
Connecting to update.symantec.com...
Failed to connect to the LiveUpdate server.
Session summary: 0 update(s) available, 0 update(s) installed.
LiveUpdate session is complete.
Hi,
We have a problem with all our clients on windows 10.Its a strange issue.
The tray icon says "There are multiple problems."
When we open the client it says: "No problems detected".
We use client version 14.0 RU1 MP1 and build 3876 (14.0.3876.1100). But the problem existed with older versions of SEP.
SEPM has the same version.
The same client is also used on Windows 7 with no problems.
Anyone has an idea?
Glenn.
Hello,
Can someone tell me the latest version thats available and safe to install for SEP and SEPM?
Versions im currently running:
SEP: 14.0.2415.0200
SEPM: 14.0.2415.0200
Is 14.0.1 MP1 newer?
Thx,
LEVD
I have noticed that the agt_risk.log (and other logs) is not updateing from agt_risk.tmp file.
We need log files to be able to load them into splunk.
Any idea why it is not updating and how can we change the update interval of External Logging?
Hi,
We have made external reporting setup to be able to send log files to splunk.
However we notice that the log file is not updating. The update frequency is set to 30 seconds and we can see .tmp file being updated but not the log file.
Any idea how we can change the settings so it is updating frequently.
Kind regards
Hi All,
Apologies if I have asked this question before. We are still on SEP 12 at the moment. We have a DLL that is an in house written file that keeps alerting in SEP as suspiceous and gets blocked occaisionally. Now, it is usually located in one of 4 paths and I have entered the paths in and the exclusion exceptions work fine. The problem is that this file can also be used in other locations. This means adding loads of extra exception rules which I do not want to do. Is there a way to just allow this filename (no path) to be ignored by SEP (would use the #md5 actually). So is it possible just to create a ADC rule to allow this particular DLL filename to be ignored by SEP?
Cheers
PaulC
Hello
It is possible to disable a computer for a time interval when the Symantec Endpoint is not updated with the latest updates from the management console?
If it is possible how I can do that?
Thanks.
Hello,
Symantec has known about the Storage Space drive issue with Surface Laptops for over 6 months. It was reported in July 2017, confirmed again (many times) in November 2017, December 2017 and January 2018 through posts in the forums.
When is there going to be a solution available for the installation of Symantec 14.x onto Storage Space Drives - specifically the ones found in the MS Surface Laptop? And what happens when MS and Dell both start using the Storage Space Drive option in the rest of their laptop systems?
I'm sure as a company Symantec doesn't want to give up any ground in the marketplace but it has been over 6 months and no updates or progress notifications.
Check it out for yourself - all of the new MS Surface systems with 1tb HD's are *only* coming with the storage space drive configured from the factory...
C.