Update SEPM

March 20, 2018, 7:43 am

≫ Next: Cannot add new Client install package

≪ Previous: REST API to get suspicious file

$

0

0

I need a solution

Hi,

I have a SEPM server 14.0.2415.0200 under Windows 2016 since several months ago. All the computers (W7 and W10) are under SEP 14.0.2415.0200 version.

But for W10 computers, last update of Microsoft are not compatible with 14.0.2415.0200 so I have to update SEP to 14.0.3897.1101

I have to update my SEPM to 14.0.3897.1101 if I want to have the good package to deploy ? or can I "import"  the last version into SEPM without update the SEPM ?

What is the procedure ?

Thanks

0

---

Cannot add new Client install package

March 20, 2018, 8:01 am

≫ Next: How sep roaming client get policy updated

≪ Previous: Update SEPM

$

0

0

I need a solution

I am on SEPM 14.0.1 (14.0 RU1) build 3752 (14.0.3752.1000)

I am on the server itself trying to add the 14.0 client install package. The old packages from before I upgraded from 12.X are there but when I try to add any new ones I get

-Reading the package contents...

-Adding the package into the management server...

-Disabling cancel operation as updating server database...

Then

"An error occurred"

I am using the info files that came with the install code

0

How sep roaming client get policy updated

March 20, 2018, 8:17 am

≫ Next: Older SEP version

≪ Previous: Cannot add new Client install package

$

0

0

I need a solution

Hello Guys,

I am back...After more than 1 year.

Folks,

Just wanted to know if i am a roaming user and my laptop is getting daily update from internet (LUA). 

If i have applied any policy to my laptop and i am not connected to my sepm then how my sep client get policy update. What I know is that my sep client will get virus update through internet (LUA) but what about sepm policy ?

Regards,

Ambesh

0

Older SEP version

March 20, 2018, 8:36 am

≫ Next: Symantec Network Access Control is Disabling automatically

≪ Previous: How sep roaming client get policy updated

$

0

0

I need a solution

Hello,

i dont know if this is possible, but it not harmfull to ask :)

I need to creat a notification that list all the SEP version older than 14.0.3752.1000 (like the default notification that list computer still using 11.X or 12.X)

I trie to do some modification in the response_events.php but with no resoluts.

Need your advices 

Kind regrads

N.Achraf

0

Symantec Network Access Control is Disabling automatically

March 20, 2018, 9:48 am

≫ Next: 123GB quarantine folders in two locations

≪ Previous: Older SEP version

$

0

0

I need a solution

Hi everone 

i'm  facing  Symantec Network Access Control is Disabling automatically in number of systems. 

 we are stating manually this service in systems but after some days its again same think is happening.  any solution for fix this 

0

123GB quarantine folders in two locations

March 20, 2018, 11:19 am

≫ Next: Sonar log errors

≪ Previous: Symantec Network Access Control is Disabling automatically

$

0

0

I need a solution

Our 2008r2 server running 14.0.1ru1 keeps filling up two quarantine folders and maxing out the hard drive space.  One location is C:\Users\All Users\Symantec\Symantec Endpoint Protection, which has two folders --  CurrentVersion and 14.0.3752.1000.105 -- which both have a Quarantine folder that is over 60GB in size.  The other location is C:\ProgramData\Symantec\Symantec Endpoint Protection, which also has the same folder structure as above.  All four locations of Quarantine are each over 60GB in size, this despite me setting the purge options for quarantine to 7 days and 50MB (those settings have since reverted for some reason to 30 days and no limit).  How do I stop this from filling up the hard drive?  We typically try to keep our OS partitions under 100GB if possible, but we've had to add drive space to accommodate this, and this severely impacts our server performance on a daily basis.

0

Sonar log errors

March 20, 2018, 11:24 am

≫ Next: Looking for 12.1.6 mp6 for upgrade path

≪ Previous: 123GB quarantine folders in two locations

$

0

0

I need a solution

Get this when going to Sonar logs

1. The database query timed out. Try reducing the number of filters, or increasing the SQL Server query timeout value.

2. An unexpected error occurred. Try running the query again by using default filter values.

3. String encoding was possibly not UTF-8, and may result from copying and pasting data instead of typing data. Try typing data in the input fields.

only happens with sonar logs 

have added command and connection timeout to reporter.php per tech101746

server 2012

version 14.0.3897.1101

was first noticed in 14 MP2 no issue with upgrade today

0

Looking for 12.1.6 mp6 for upgrade path

March 20, 2018, 12:36 pm

≫ Next: Symantec service Symantec Endpoint Protection (SepMasterService) randomly doesn’t start on a reboot or booting with Windows 10 Professional x64 1709 and 14.0.3897.1101 (14 RU1 MP1b)

≪ Previous: Sonar log errors

$

0

0

I need a solution

Don't look at things in a year and a half and stuff leaves you behind.. 

In a nutshell, 12.1.6 mp6 is installed on our util03 server which happens to be running server 2003. What I plan to do is spin up another version on our util04 server running 2008r2. create a sync partnership between the two, make 04 the primary and take down 03 once all clients are communicating directly to 04. and then... upgrade to the lastest version of 14.x..

I tried upgrading and installing both to mp9 before i realized it will not work on server 2003. 

So,.. Where can i find 12.1.6 mp6 short of torrents since they decided to block access to archived versions..

0

---

Symantec service Symantec Endpoint Protection (SepMasterService) randomly doesn’t start on a reboot or booting with Windows 10 Professional x64 1709 and 14.0.3897.1101 (14 RU1 MP1b)

March 20, 2018, 4:43 pm

≫ Next: How to move SEP Clients from Multiple groups to one group?

≪ Previous: Looking for 12.1.6 mp6 for upgrade path

$

0

0

I need a solution

I suspect I’m getting bad advice from Symantec Support, therefore asking for suggestions of theproblem I outline below.

Problem: Symantec service Symantec Endpoint Protection (SepMasterService) randomly doesn’t start on a reboot or booting. A reboot or running SymDiag with Debug Logging option fixes the problem temporally. The Debud Logging option from SymDiag runs a command to stop and then start the Symantec Endpoint Protection (SepMasterService) service at which point this service starts normally. Windows Event Logs indicate that the Symantec Endpoint Protection (SepMasterService) service stops on shutdown, but on boot there is no call to start this necessary service.

Affected Operating Systems: Windows 10 Professional x64 1709 (not observed with Windows 10 1703 or our Windows 7 computers)

Affected Version of SEP Client: 14.0.3897.1101 (14 RU1 MP1b) and 14.0.3892.1101 (14 RU1 MP1a)

Diagnostics Provide to Symantec Support: Numerous SymDiags from several different computers with and without Debug Logging option have been provided while the problem was occurring

Initial Proposed Solutions from Support: I was initially told this was a known bug with 14.0.3892.1101 (14 RU1 MP1a) and therefore I upgraded SEPMs to 14.0.3897.1101 (14 RU1 MP1b), upgrade affected clients, and additional computers with 1709 version of Windows 10. However this problem seems to be more wide spread with 14.0.3897.1101 (14 RU1 MP1b) and latest update for Windows 10 1709, KB4088776 (https://support.microsoft.com/en-hk/help/4088776), released a week ago.

Current Proposed Solutions from Support (as I understand): Install KB4073290 per TECH248552 (https://support.symantec.com/en_US/article.TECH248...) because this problem has been seen by Symantec Support and only solution from Symantec Support is to install the corresponding KB listed in TECH248552 (https://support.symantec.com/en_US/article.TECH248...) while 14.0.3897.1101 (14 RU1 MP1b) is installed.

Problems with Current Proposed Solution from Support: Checking Microsoft’s KB article for KB4073290 (https://support.microsoft.com/en-hk/help/4073290/u...) stated that is a cumulative update for Windows 10 Version 1709 with AMD processors only. The affected systems are running Intel processors including the system (Intel Core i5-6500) looked at by support this afternoon via WebEx. Also this cumulative update has been superseded by sequential cumulative updates, including KB4088776 (https://support.microsoft.com/en-hk/help/4088776) released by Microsoft March 13, 2018, and installed on the affected systems.

Background History of these 1709 Systems: These systems were originally Windows 10 x64 Professional 1703 systems which had both KB4057144 (listed in TECH248552 (https://support.symantec.com/en_US/article.TECH248...) and 14.0.3892.1101 (14 RU1 MP1a), had one or more cumulative updates for 1703 installed (KB4074592, KB4077528, KB4092077), upgraded to 1709, then latest cumulative update(s) for 1709 installed, and then SEP upgraded to 14.0.3897.1101 (14 RU1 MP1b).

Any ideas or suggestions would be greatly appreciated.

0

How to move SEP Clients from Multiple groups to one group?

March 21, 2018, 6:47 am

≫ Next: download insight is not functioning correctly

≪ Previous: Symantec service Symantec Endpoint Protection (SepMasterService) randomly doesn’t start on a reboot or booting with Windows 10 Professional x64 1709 and 14.0.3897.1101 (14 RU1 MP1b)

$

0

0

I need a solution

Hello All,

Please help me with the steps about how to move SEP clients in SEPM 14.0 MP2 from multiple groups to One group using moveclient Script.

Appreciate any help.

0

download insight is not functioning correctly

March 21, 2018, 1:14 am

≫ Next: Critical SEPM Services and Ports for monitoring - SEPM 14

≪ Previous: How to move SEP Clients from Multiple groups to one group?

$

0

0

I need a solution

After installing the new version of the client 14.0.3897.1101 on all clients, the error "Failure download insight" appeared.

On the clients cost OS Windows 7/10

If manually install the client, the error is the same

Reboot does not help.
Diagnostic tools freezes during the retrieval of SEP descriptions

0

Critical SEPM Services and Ports for monitoring - SEPM 14

March 21, 2018, 1:53 am

≫ Next: Outlook, programmatic access

≪ Previous: download insight is not functioning correctly

$

0

0

I need a solution

Can I please get the list of services and ports which need to be monitored for SEPM 14 servers ( Windows 2012 R2) - Using a third party Monitoring tool

Current Environment 

SEPM 14 - 3 Sites ( 2 Servers per Site)

Dedicated SQL Database

Inter-Site Relplication - Configured

During my research on Symantec forums found these are the important services and Ports, Am I missing something or are these enough to ensure we are monitoring all the critical services

Ciritcal Services: SEP Manager - 14

margin-top:0in;margin-bottom:0in" type="disc">

semlaunchsrv

semsrv

semapisrv

semwebsrv

Critical Ports: SEP Manager - 14

margin-top:0in;margin-bottom:0in" type="disc">

8443 - Server Management Port

9090 - Web Console

8014 - Client Communication (HTTP)

443 - Client Communication (HTTPS)

8446 - Remote Management Web Port (API)

8447 - Process Launcher

8765 - Server Control Port

8445 - Reporting Port

0

Outlook, programmatic access

March 21, 2018, 3:51 am

≫ Next: Invalid object name 'LOCAL METADATA' on SEP upgrade

≪ Previous: Critical SEPM Services and Ports for monitoring - SEPM 14

$

0

0

I need a solution

I'm having some issues with SEP on a remote desktop session host running Windows Server 2012 R2 and Outlook 2016.

Users on this server get a warning that an application (ERP) is trying to send an email on their behalf and asking them to allow or deny. This works without issue when running the application
on their local computers. Checking the health of the SEP-client on the server shows that everything is running OK.

Programmatic Access settings in Outlook on the server reports that this version does not support detecting Antivirus. From what I've gathered this is expected/by design?

A workaround would be disabling these prompts but I would prefer not to.

Is there anything I've missed here to get rid of these prompts?

Thanks in advance!

0

Invalid object name 'LOCAL METADATA' on SEP upgrade

March 21, 2018, 4:06 am

≫ Next: USB Drive Scanning With SEP

≪ Previous: Outlook, programmatic access

$

0

0

I do not need a solution (just sharing information)

all old threads are locked so i can't post solution

so this is new thred with solution to above error.

if you have problem with upgrade and you have checked tath your SQL user password is OK (no login error on SQL) then problem is probably in schema.

connect to your SQL server and find database and check name of your tables. my tables were under sem5 schema and all tables, views and oprocedures are named sem5.* so it is sem5.LOCAL_METADATA and upgrade proces searchs for table named dbo.LOCAL_METADA.

to corect error you need to rename all tables, procedures and views to dbo.*

you can use this link for help

https://stackoverflow.com/questions/17571233/how-t...

0

USB Drive Scanning With SEP

March 21, 2018, 7:38 am

≫ Next: Swapping to Computer Mode

≪ Previous: Invalid object name 'LOCAL METADATA' on SEP upgrade

$

0

0

I need a solution

I've gotten USB drive scanning to work in SEP based on the instructions in a previous post below.  This works on unencrypted USB drives with no issues.  However, if a USB drive is encrypted and then unlocked after it is mounted, it appears that the drive scan takes place.  However, the total number of files that are scanned is 0.  Has anyone gotten this to work on encrypted drives?  If so, what did you end up modifying in the USBScan script that was put together by a Symantec SE?  I've also noticed that even right-clicking and doing a manual scan on an unlocked USB drive does not scan any files either.

https://www.symantec.com/connect/forums/hi-policy-...

0

• Encrypted-Unlocked USB.png
• Unencrypted USB.png

---

Swapping to Computer Mode

March 21, 2018, 10:17 am

≫ Next: Unable to log into LiveUpdate Administrator 2.3.647

≪ Previous: USB Drive Scanning With SEP

$

0

0

I need a solution

In SEPM, I have AD OUs synced from Active Directory. I have both Computer OU containers and User OU containers seperately. Each holds Computers and Users which are department specific.

When I do a Remote Push for User Mode, to add new clients, they seem to initially add as Client Mode sucessfully, but later I noticed the User shows "Offline" and it's moved to the Computer OU and says the Computer Name is Online. On top of this, when I right click, "Switch to User Mode" is greyed out.

Why is it automatically moving to Computer Mode instead of User Mode? Since my policies like Firewall are applied to the User OU, when it moves over to Computer OU the firewall rules are no longer the same.

0

1521660098

Unable to log into LiveUpdate Administrator 2.3.647

March 21, 2018, 11:17 am

≫ Next: Allow RDP Firewall Rule

≪ Previous: Swapping to Computer Mode

$

0

0

I need a solution

I have LiveUpdate Administrator 2.3.6.47 running on a Windows Server 2016 instance. Install of LUA went smooth. I have a local administrator account setup and when I log into http://<servername>:7070/lua/logon.htm, I get the following message:

User admin is already logged in. 

It is possible that you did not properly log out and as a result your session is still active.
If you wish to proceed, click on the Force Log Off button. This will destroy the currently active session and log you in.
Click on Cancel to go back to the login page.  

I got that message after I logged in for the very first time. If I click "Force Log Off", it doesn't log me in, the screen just refreshes and wants me to sign in again. When I sign in, I get the same message. So I'm unable to log in at all. I attached a screenshot of the message as well.

Any help here is much appreciated.

0

• Screen_Shot_2018-03-21_at_2_15_19_PM.png

Allow RDP Firewall Rule

March 21, 2018, 1:43 pm

≫ Next: How to submit bulk email phish to Symantec?

≪ Previous: Unable to log into LiveUpdate Administrator 2.3.647

$

0

0

I need a solution

This issue has me confused. I've tried a lot of troubleshooting steps. I'm just trying to create a rule to allow all Remote Desktop traffic.

At first I followed the Symantec guide to allow RDP, and targeted the MSTSC executable. This did not work, and showed the traffic was blocked. So, to test, I've created a rule to explicitly allow all traffic between my computer (202) and the test computer (162):

I make both computers update Policy via Symantec Endpoint Troubleshoot, and still get:

3/21/2018 2:29:24 PMBlocked15IncomingTCP192.0.10.202<Mac>18007192.0.10.162<Mac>3389C:\Windows\System32\svchost.exeNETWORK SERVICENT AUTHORITYDefault33/21/2018 2:29:13 PM3/21/2018 2:29:22 PMBlock all other IP traffic and log

 

As seen there, the default "Block All other IP Traffic" rule takes priority. The only way I can get RDP to be successful is by disabling that rule, or disabling the Sym Firewall. Both are not acceptable solutions.

0

How to submit bulk email phish to Symantec?

March 22, 2018, 12:47 am

≫ Next: Symantec Version 14 (14.0 mp2) Build 2415 showing as newest version in FileConnect

≪ Previous: Allow RDP Firewall Rule

$

0

0

I need a solution

Hi, I have a question regarding email phish

Since we have 4000+ email phish or 100+ everyday. I'd like to submit it by batches or bulk submission. Can someone help me? Thanks.

0

Symantec Version 14 (14.0 mp2) Build 2415 showing as newest version in FileConnect

March 22, 2018, 3:20 am

≫ Next: Windows 10 tools not working with SEP

≪ Previous: How to submit bulk email phish to Symantec?

$

0

0

I need a solution

All clients our company are on Symantec Version 14 (14.0 mp2) Build 2415. I can not seem to get version 14 RU1 (14.0.1) or newer in FileConnect as it is telling me that I am on the newest version. Why is this happening?

Please see attached picture

0

• Capture.PNG