I need a solution
I enabled a managed detector but cannot find it. It's in a list of computers but there is no easy way to find this. Any clues?
0
↧
Managed Detector - How to find it after enabling?
↧
ELAM scan history
I do not need a solution (just sharing information)
We have several Windows 10 machines with Microsoft ELAM enabled (confirmed in both local policy and in registry). Symantec ELAM is enabled. However, for every Windows 10 machines, we can't find anywhere the ELAM scan log to verify that this feature actually scan the machines at startup. All clients are managed by a SEP Manager, and there is no issue in the communication. Is there a way to verify if a Windows 10 machine is scanned at startup using Symantec ELAM driver? Thanks!
0
↧
↧
Managed Detector - How to find it after enabling?
I need a solution
I enabled a managed detector but cannot find it. It's in a list of computers but there is no easy way to find this. Any clues?
0
↧
Is this experience typical?
I do not need a solution (just sharing information)
We installed SEP 14 in our 64 user network and it was a disaster. The Antivirus scan detected viruses imbedded in the individual mailbox files, which is good - but then it quarantined the entire mailbox ... one time for every instance of a virus ... leaving users with no functioning email history. Worse, in SEP14 the files were quarantined under filenames DIFFERENT than the name SEP logged in their internal logs, so the files could not be restored via the SEP utility and the Tech Support Department had to get specific help, for each file for each user, from Symantec's actual program engineering department! So the bottom line was that SEP quarantine files that it could not recover. This is not a rant, this is documented fact. Symantec had to issue two patches for SEP14 just to fix two of our three problems -- and the third problem is so severe that iy will not be fixed until SEP15.
All of which are part of business. Things happen. But the deal-breaker is that after all the trouble and catastrophic loss of business, Symantec has invited us to BUY ... repeat -- BUY -- the upgraded versions of the software whan available. Software that will finally work as it should have worked in the beginning. Calls, Emails and written letters to Symantec Corporate remain unreturned
We even contacted Ingram Micro and asked THEM to contact Symantec and after 4 attempts even Imgram Micro admits that they cannot get the attention of Symantec.
I'm not asking for new features. It would be nice if Symantec understood a Unix-style mailbox and was able to isolate individual messages but I'm not asking for that new feature. software that can accurately log and then restore files that it quarantined ... should not be too much to ask, should it?
I've asked around my circle of gurus and the best I've heard is "Look. Symantec doesn't have to be good - just better than Avast and McAfee and Kapsersky. If yout think Symantec is arrogant just try one of the others"
Can that possibly be true????
0
↧
Discontinued Part Number 2QQQOZF0-EI1EA
I need a solution
We're from RICOH Vietnam,
We're offering SEP to our customers. However, we've just received information from reseller that since Mar 20, 2018, Symantec is gonna stop providing below part number anymore.
2QQQOZF0-EI1EA SYMC ENDPOINT PROTECTION 14 PER USER BNDL STD LIC EXPRESS BAND A ESSENTIAL 12 MONTHS
Then replace by these 2 part:
SEP-NEW-1-25 Endpoint Protection, License, 1-24 Devices
SW-TIER-3-PRC-CAT-SM Software Maintenance, Tier 3, High Content, Price Category SM
That means, from Mar 20, if a new customer want to buy SEP, they have to buy 1 base license + 1 mainternance. License is perpetual while maintenance needs to be renewed annually to get updating.
What I want to be helped is, is there any official annoucement from Symantec about this change? Because total price of the new package is higher than current, our customers ask for a letter released by Symantec officially.
Thanks for all of your attention.
0
↧
↧
deploy for client issues
I need a solution
Hi , i have issue when deployt for client .
Please see picture and give me your solution.
Many thanks !
if you have any solution please send email to me hoaithanhdo@gmail.com
0
↧
SEP 14x & Veritas Backup conflicts
I need a solution
I have installed SEP 14.x on a Server 2008R2 standard server which is running Veritas Backup exec 16.
Since Installing SEP14.x my backups will not run, they just stay in a queued state. This may be coincidence but im pretty sure SEP is the cause as i havent had any issues with the backups before the install.
Is there any settings/exclusins that need to be applied for Backup exec?
Any advise on this is appriciated.
0
↧
Session Highjacking and Cryptomining
I need a solution
Hello,
I would like to implementing SEP(M) controls on Session Highjacking and Cryptomining. Before I get started on my research, I was wondering if others have any guidance or suggestions on how to implement these controls for protection.
Thanks
0
↧
SEP v14 API: Adding computers/endpoints
I need a solution
Hi All,
I've been looking at the docs for the SEP v14 REST API, but can't seem to find any way to add computers to the client list/inventory. I can see a delete (api/v1/computers/delete) for deleting computers, but there doesn't seem to be an add or create operation. Does anyone know if this is currently supported by the REST API? I'm looking to be able to add machines into the inventory, and to deploy SEP agents to these machines remotely.
Thanks!
Matt
0
6138691
↧
↧
Is this experience typical?
I do not need a solution (just sharing information)
We installed SEP 14 in our 64 user network and it was a disaster. The Antivirus scan detected viruses imbedded in the individual mailbox files, which is good - but then it quarantined the entire mailbox ... one time for every instance of a virus ... leaving users with no functioning email history. Worse, in SEP14 the files were quarantined under filenames DIFFERENT than the name SEP logged in their internal logs, so the files could not be restored via the SEP utility and the Tech Support Department had to get specific help, for each file for each user, from Symantec's actual program engineering department! So the bottom line was that SEP quarantine files that it could not recover. This is not a rant, this is documented fact. Symantec had to issue two patches for SEP14 just to fix two of our three problems -- and the third problem is so severe that iy will not be fixed until SEP15.
All of which are part of business. Things happen. But the deal-breaker is that after all the trouble and catastrophic loss of business, Symantec has invited us to BUY ... repeat -- BUY -- the upgraded versions of the software whan available. Software that will finally work as it should have worked in the beginning. Calls, Emails and written letters to Symantec Corporate remain unreturned
We even contacted Ingram Micro and asked THEM to contact Symantec and after 4 attempts even Imgram Micro admits that they cannot get the attention of Symantec.
I'm not asking for new features. It would be nice if Symantec understood a Unix-style mailbox and was able to isolate individual messages but I'm not asking for that new feature. software that can accurately log and then restore files that it quarantined ... should not be too much to ask, should it?
I've asked around my circle of gurus and the best I've heard is "Look. Symantec doesn't have to be good - just better than Avast and McAfee and Kapsersky. If yout think Symantec is arrogant just try one of the others"
Can that possibly be true????
0
↧
Discontinued Part Number 2QQQOZF0-EI1EA
I need a solution
We're from RICOH Vietnam,
We're offering SEP to our customers. However, we've just received information from reseller that since Mar 20, 2018, Symantec is gonna stop providing below part number anymore.
2QQQOZF0-EI1EA SYMC ENDPOINT PROTECTION 14 PER USER BNDL STD LIC EXPRESS BAND A ESSENTIAL 12 MONTHS
Then replace by these 2 part:
SEP-NEW-1-25 Endpoint Protection, License, 1-24 Devices
SW-TIER-3-PRC-CAT-SM Software Maintenance, Tier 3, High Content, Price Category SM
That means, from Mar 20, if a new customer want to buy SEP, they have to buy 1 base license + 1 mainternance. License is perpetual while maintenance needs to be renewed annually to get updating.
What I want to be helped is, is there any official annoucement from Symantec about this change? Because total price of the new package is higher than current, our customers ask for a letter released by Symantec officially.
Thanks for all of your attention.
0
↧
deploy for client issues
I need a solution
Hi , i have issue when deployt for client .
Please see picture and give me your solution.
Many thanks !
if you have any solution please send email to me hoaithanhdo@gmail.com
0
↧
Tamper Protection Alert for Citrix Xenapp
I need a solution
Hello ,
I'm getting below alerts from my Citrix Xenapp servers on continues basis.
Any thoughts why these applications are trying hook up Symantec processes ? I have some issue with functionality a custom application(Healthcare) published on citrix. I'm wondering alerts has anything to do with that ?
Can anyone give me details of the below Symantec processes and what it does ?
Thanks,
| Event Type | Action | Caller Process ID | Caller Process Name | Target |
| Tamper Protection | Block | 9924 | C:\PROGRAMDATA\CITRIX\XENAPP MP AGENT\PLS.EXE | C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.1904.0000.105\Bin\MigrateUserScans.exe |
| Tamper Protection | Block | 9924 | C:\PROGRAMDATA\CITRIX\XENAPP MP AGENT\PLS.EXE | C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.1904.0000.105\Bin\ccSvcHst.exe |
| Tamper Protection | Block | 9924 | C:\PROGRAMDATA\CITRIX\XENAPP MP AGENT\PLS.EXE | C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.1904.0000.105\Bin\FixExtend.exe |
| Tamper Protection | Block | 8924 | C:\PROGRAMDATA\CITRIX\XENAPP MP AGENT\PLS.EXE | C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.1904.0000.105\Bin\FixExtend.exe |
| Tamper Protection | Block | 8924 | C:\PROGRAMDATA\CITRIX\XENAPP MP AGENT\PLS.EXE | C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.1904.0000.105\Bin\MigrateUserScans.exe |
0
↧
↧
Win10 1709 incompatibility
I need a solution
Hello,
We are having trouble installing SEP 14.0 MP2 on a Win10 laptop running Win10 1709 and have read on this forum that it is not compatible with SEP versions pre-14 RU1. However we have a half-dozen client laptops in our enterprise currently running 1709 and SEP 14.0 MP2 with no problems. Specifically their SEP / Win10 build numbers are:
14.0.2332.0100 / 1709 Build 16299.194
14.0.2332.0100 / 1709 Build 16299.248
14.0.2415.0200 / 1709 Build 16299.194
14.0.2415.0200 / 1709 Build 16299.248
These machines all communicate properly with the SEPM with no issues. It is possible that this version of SEP was installed prior to the 1709 upgrade and maybe that is how this was achieved?
0
↧
How to invoke a client infected with malware from the rest api
I need a solution
This is the rest api that can identify infected clients
{reportType} / {startTime} / to / {endTime}
What is the format of reporttype and starttime?
I tried putting a number like "20180101" or "0101"
I got an error.
What format should I put?
Or show an example api to identify infected clients
0
↧
Disable Autorun
I need a solution
Block Autorun is enabled in Application and Device Control in Symantec.
This policy blocks Autorun for all drives or only USB?
How can we make the policy block autorun on all Drives including CD+Dvd+USB
0
↧
Exclude individula file from SEP without having to prefix folder path?
I need a solution
Is it possible to exclude an individual file (without having to prefix the actual path as it may be found in various directories). For example one filename is [ FileClassifier32.msi ].
Thanks a lot
Lefteris
0
↧
↧
if missed scan when open computer start again?
I do not need a solution (just sharing information)
hi guys, i have question for scans i did schedule scans for Friday 12:30 but, i noticed when i restart computer scan is not continuing or not beginning, and i did when missed scan start retry 1 day, but one day pass and full scan not started. also i dont want startup scancs to run when users log on, i want if missed this schedule scan clients next day or when open computer start the automaticly full scan. what can i do? i need script or some configurations? thanks.
0
↧
An unexpected exception has occurred SEPM v14.0.1
I need a solution
We are receiving the following system event notifications from our SEP Console v14.0.1 (14.0 RU1 MP1) build 3876 (14.0.3876.1100)
Event Type : An unexpected exception has occured
Description: Unexpected server error
Looking at the scm-server-0.log file (attached), I see the following events with exactly the same time stamps as the SEPM event notfications
2018-03-20 09:42:45.594 THREAD 91 SEVERE: in: com.sygate.scm.server.task.ExternalLoggingWorker
java.net.SocketException: Connection reset by peer: socket write error
at java.net.SocketOutputStream.socketWrite0(Native Method)
at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:111)
at java.net.SocketOutputStream.write(SocketOutputStream.java:143)
at com.sygate.scm.server.task.ExternalLoggingWorker$SyslogClientFactory$2.sendLog(ExternalLoggingWorker.java:3200)
at com.sygate.scm.server.task.ExternalLoggingWorker.handleLog(ExternalLoggingWorker.java:515)
at com.sygate.scm.server.task.ExternalLoggingWorker.run(ExternalLoggingWorker.java:359)
at java.util.TimerThread.mainLoop(Timer.java:555)
at java.util.TimerThread.run(Timer.java:505)
Has anyone fixed this issue ? Thanks
0
↧
REST API to get suspicious file
I need a solution
Dear community,
I would like to use Symantec REST API in order to get a suspicious file.
I use the following method in the API: api/v1/command-queue/files (documentation here: https://support.symantec.com/en_US/article.TECH239975.html)
The url is like that when I execute the script: api/v1/command-queue/files?file_path=C:\Users\MYUSERNAME\Desktop\token.txt&computer_ids=mycomputer_id&md5=myhash
The command is successfuly sent to the management console but when It is executed on the endpoint, the result of the command is "error: Couldn't find the file". I tried all possible syntax and it doesn't work with file_path argument. I also tried with sha256 hash.
Does someone use this API and is it working for you ? Can I have some help?
PS: Also if you know where to find EOC documentation it could help me also for the next step (for the method: /api/v1/command-queue/eoc) ?
Thanks for your help,
0
↧