I need a solution
I heard SEP For linux can Control the CPU and mem
It Can be ??
IF Can where can I find the menu ? (clinet Or Management ??)
0
↧
IS SEP For Linux can control CPU and Mem ??
↧
SEP Log Files
I need a solution
I'm getting reports from our end users that SEP is deleting files when they are doing imports onto there machines.
I can't see the deleted files on the SEPM or the endpoint on the local machine.
Are there any other logfiles on the users machines I can check to prove/disprove SEP's involvement
0
↧
↧
SEPM 14.0.1 MP2 - reverse proxy issues
I need a solution
Hello,
Does anyone have latest SEPM 14.0.1 MP2 with a reverse proxy setup for Linux clients? According to New fixes, https://support.symantec.com/en_US/article.INFO495... they fix issues with reverse proxy. Sadly not in my case :( Still httpd.exe crashing this time is even worst after upgrading from 14.0.1 (RU1) to 14.0.1 (RU1 MP2) .. apache crashes almost every 1-2hrs :( Previously it was working 2-3 weeks before crash. Anyone facing the same issues?
0
↧
Cannot remote push files
I need a solution
Hello,
"The VPRemote Install Bootstrap Service service is marked as an interactive service. However, the system is configured to not allow interactive services." We are getting this error lately when we try to Remote push installations to our clients. We don't know what causes this issue and we have looked everywhere for a fix. We have tried to turn on certain services and tried different regedit solutions, nothing helps. I was hoping i could get some help with this issue! Hello
Kind regards,
Tim
0
↧
Action field values for Endpoint Protection 14
I need a solution
Hi all
Reviewing our logs, we have found a virus alert that SEP14 has the Actual Action listed as "Moved Back". We are not able to determine what this means in simple terms.
Any help?
https://support.symantec.com/en_US/article.TECH102052.html
Thanks
0
↧
↧
New HP laser jet Printer 4000 series
I need a solution
dear all
any clue on this, we have SEP polices configured with application control enabled, but we dont have any device control, these new printer doesn't include driver CD, in fact hp came up with new idea having flash disk inside with driver in it. FIrst time connection to computer it will work as flash driver installs the driver and than it will be a regular USB printer cable.
i'm facing issue with this, it has autorun.inf file which will be blocked by my polices, and they are not safe to allow it too, and can't allow as device cuz we are not blocking any devices, blocking on executiable files from any flash drive this is the polcy for us. allowed only doc and txt files.
please
0
↧
Is it possible check exe files over the Symantec internet interface?
I need a solution
Hallo, I have a folloving problem. Our corporate windows network is protected with Symantec endpoint protection program with latest virus definitions, and, of course, high level of administration restrictions with no manage system posibillity. My work is based on processing big text databases (csv format). I usually use Excel macros, which is sufficient, but time from time I am using also text utilities as awk.exe, sed.exe, grep.exe and many other, which are generally known, but are not allowed and which are not official software in our network enviroment. However, I have them stored on the local disk for long time without any Symantec warnings. Some months before Heur.AdvML.B warning window appeared on my computer related to one of my unofficial exe files. I received a warning from the superior, so I must delete them all from my local disc. But I need them! I can not solve the situation by official route via company management. My question is: Is it posible check some of my exe files over the Symantec web interface or other simillar way? I have not any PC with Wndows to install trial version of Symantec software to make sure theese exe files are clean and safe, to make sure the Symantec endpoint protection installed at corporate network does not mark the files as security hazardous and Symantec heuristic analyse does not show me risc protection window any more.
:-)
Thanks for response
JP
0
↧
Unable to install SEP 12.1.6 MP9 on Win 2003 server
I need a solution
Hi There,
I am trying to install Symantec Endpoint Protection (12.1.6 MP9 - build 7369) in a Win 2003 server (tried with both managed and unmanaged package of core features)
But the setup is failing continuously with an error stating that "The Wizard was interrupted before Symantec Enpoint Protection could be completely installed".
When I had a look at event logs, I could find something like "Faulting application: EFAInst.exe version 6.3.0.15, fault address 0x000088c2".
Also I could see from various blogs that EFAInst.exe belongs to Symantec as a supporting file for the entire setup.
Note: I can able to install SEP 12.1.6 MP7 on the same machine without any error but facing issue only on MP9.
Any idea for resolving this issue will be great help.
Thanks in Advance!
Regards,
Rakesh Subramaniyam
0
↧
Configure active scan from SEPM
I need a solution
Hi,
By default when a client is installed, Scan for threats> Active Scan Upon Startup is not Enabled. Is it to enable the property from the SEPM or need do it on individual Symantec client?
Thanks to let me know.
0
↧
↧
Difference between web console and java console
I need a solution
Are there any differences between the web console and java console?
Is there a document outling the differences?
Thank You
0
↧
Allow single IP to port scan machines
I need a solution
Hello,
We have a Retina CS server protected with DCS we would like to use to scan our SEP protected Windows 10 hosts on another subnet.
When we run a port scan traffic is blocked for 600 seconds. Is there anyway to JUST allow the one IP to scan these hosts?
IPS exclusions are not optimal in this case as it will allow all sources to scan our devices on internal network. https://support.symantec.com/en_US/article.HOWTO81159.html#v8148757.
0
↧
SEPM LiveUpdate: Uses old LU server even though this has been changed
I need a solution
Hello all,
I have been scratching my head on this one. We are in the process of eliminating our LUA server since this product has been failing us very frequently lately. We have another group that houses a better working LUA server, so we are moving our various SEPM consoles to point to that server.
One console in particular, however, refuses to accept the changes that I made when it comes to the LiveUpdate download source. Looking in the console, I can see that the only entry we want in there is there, and it is the new server. Even when initiating a LiveUpdate in SEPM, it tells us NAMEOFNEWSERVER is going to be the download source.
Unfortunately, every single time we initiate a LiveUpdate, it continues downloading from OLDSERVER. Also looking in C:\ProgramData\Symantec\LiveUpdate\Settings.LiveUpdate, we see the old server listed here, not the new.
Why is the console not updating the files to the proper server? What can we do in order to force this change? We have already rebooted the server and stopped / restarted services several times however that hasn't worked.
Thanks!
0
↧
Best Practices for Web Traffic
I need a solution
I was just curious what the best way to setup rules would be in regards to website browsing.
We recently deployed SEP 14 to our environment, and are seeing a number of legitimate web traffic being blocked. Mostly SSL providers like globalsign.net and comodoca.com, as well as some website's itself like Equifax.
For now, we have been adding them to whitelist rules within Symantec's firewall, but we are a large company so this isn't a realistic solution when web traffic is unpredictable.
What would the risks be for creating a rule to allow all port 80 and 443 traffic through chrome.exe and iexplore.exe? I feel as though that's not likely the most secure solution.
I would appreciate any input!
0
↧
↧
Importing SEP 12 RU6 MP10 clients into SEPM 14 RU1 MP2 Fails
I need a solution
I am following HOWTO81175 (https://support.symantec.com/en_US/article.HOWTO81175.html), but when I’m trying to import SEP 12 RU6 MP10 clients (SAV32.info and SAV64.info) it fails the following:
An error occurred
- Reading the package contents...
- Adding the package into the management server...
- Disabling cancel operation as updating server database...
The directory I’m importing from has the corresponding .dat file and part of the full 12 RU6 MP10 download (SEPM\Packages). I’ve done this with pervious 12.x clients and 14.x SEPMs without issues. Any suggestions on loading 12 RU6 MP10 clients into 14 RU1 MP2 SEPM?
0
↧
SEP 14 client installation on Dual Boot machine
I need a solution
I have customer with MacBook configured with dual boot. Both Mac OS and Windows OS are supported by SEP 14.
May i know if i should install SEP client on both OS? Does it crash/conflict in this way?
Thanks
0
↧
LiveUpdate Administrator -- Distribution request fails
I need a solution
We have some issues with distribution requests in LUA. It succeeded for SEP 12.1 RU6, but not for SEP 14.0 or 14.0 Advanced RU1.
For SEP 14.0 Advanced RU1, it always seems to stop at 39 %. I will attach the recent LUA log, but this seems to be the first lines when there's an error:
2018-04-18 09:45:31,770 [http-nio-7073-exec-17] INFO monitor.MonitorManager - ### Percent complete calculated as (for publish) 39 2018-04-18 09:45:31,811 [publishTriggerHelperThread71055] ERROR common.ContentRepository - saveDataTemporaryForPublish() - LuaException copying payload files 2018-04-18 09:45:31,888 [validate3] ERROR SymIniFile.IniFileParser - java.io.FileNotFoundException: C:\TempDownload\publish\10\10\10252\65911524037531702\sepc$20virus$20r$20definitions$20sds$20win64$20$28x64$29$2014.0$20ru1_microdefsb.curdefs_symalllanguages_livetri\liveupdt.grd (The system cannot find the path specified) 2018-04-18 09:45:31,889 [validate3] ERROR common.LUASecurity - IdsSecurityPackageNotTrusted : C:\TempDownload\publish\10\1523967551jtun_sep14ru164en180403002c3sds.m30 , PackageFile: 1523967551jtun_sep14ru164en180403002c3sds.m30 C:\TempDownload\publish\10\10\10252\65911524037531702\sepc$20virus$20r$20definitions$20sds$20win64$20$28x64$29$2014.0$20ru1_microdefsb.curdefs_symalllanguages_livetri\liveupdt.grd: File was not listed in this guard file , 2018-04-18 09:45:31,889 [validate3] ERROR common.LUASecurity - com.symantec.gfs.FileNotTrustedException: PackageFile: 1523967551jtun_sep14ru164en180403002c3sds.m30 C:\TempDownload\publish\10\10\10252\65911524037531702\sepc$20virus$20r$20definitions$20sds$20win64$20$28x64$29$2014.0$20ru1_microdefsb.curdefs_symalllanguages_livetri\liveupdt.grd: File was not listed in this guard file 2018-04-18 09:45:31,889 [validate3] ERROR download.ValidateDownloadHelper - 2 Package is not trusted, its calculated GRD is not the same as GRD from fileC:\TempDownload\publish\10\1523967551jtun_sep14ru164en180403002c3sds.m30 2018-04-18 09:45:31,889 [validate3] ERROR download.ValidateDownloadHelper - Following error code is received in verifying the package: 235 2018-04-18 09:45:31,889 [validate3] ERROR download.ValidateDownloadHelper - File size: 9812974 2018-04-18 09:45:31,889 [validate3] ERROR util.PublishThreadUtil - update validation failed - 1523967551jtun_sep14ru164en180403002c3sds.m30 belonging to minitri: sepc$20virus$20r$20definitions$20sds$20win64$20$28x64$29$2014.0$20ru1_microdefsb.curdefs_symalllanguages_livetri.zip 2018-04-18 09:45:31,889 [validate3] INFO publish.ValidationThread - validatePayload returned:false 2018-04-18 09:45:31,889 [validate3] INFO publish.ValidationThread - Validation result for payload (both master and slave): 10:10:252 result: false
The most recent request was from 09:42:51 -- 09:45:33. The LUA version is 2.3.6.47, and the distribution center is the default one set up by the installation. We have recently uninstalled LUA and installed it again, to try to solve this problem. Confirmed deletion of C:\TempDownload and C:\Program Files (x86)\Symantec\LiveUpdate Adminsitrator after uninstalle. There were no changes to the drive locations or permissions when distribution started to fail.
Recently, I've also had some issues with Download Request in LUA. We implemented the changes to Tomcat configuration in https://support.symantec.com/en_US/article.TECH247... , and also increased timeouts under Configure > Preferences. Now all download requests seem to succeed. Previously, one download request may have filled up the disk, but the disk is now expanded, and we have reinstalled LUA after that happened. I hope someone can help with this strange problem..
0
↧
Why SEP 14 cannot detect virus that hiding file and creating shortcut?
I need a solution
We have some computer that when we plug external hard drive or flash drive it creates shortcut and hide files.
We currently using SEP14 but it does not detect it.
0
↧
↧
how symantec insight exam client data
I need a solution
hi
I know Symantec Insight is a cloud-based security technology to check file reputation ,our company have very strict policy on any cloud based solution. i just would like to know if i download a file from internet, will this file update to symatec cloud to do checking? for example we can not deploy Cynic sandboxing becasue its cloud based.
0
↧
Server 16 and SEP 14.0 MP2
I need a solution
Hi - I came across a problem with installing software and SEP client caused the installation to slow down considerably. It took about an hour to complete the installation which it should take 15 minutes. Last week was Microsoft patch week so I rolled back the patches and with success SEP didn’t slow down the install. It took about 15 minutes to complete as normal for this install. Below is the version of SEP and Windows Server 16 I used, and I was able to duplicate this problem consistently. The way we get past the slowdown was to stop SEP manually to allow the install to complete. Memory and processor didn’t spike when the slow down occurred.
Server 16 ver 1607 build 14393.2189 (upgraded with problem)
Server 16 ver 1607 build 14393.2155 (before upgrading no problem)
SEP ver 14 (14.0 MP2) build 2415
Thank you,
Billy
0
↧
Where can I see more information about the small yellow SEP popup notifications?
I need a solution
I see these once a while, more so on servers. On the lower right usually right after I log in, Symantec puts up a little popup box that will say something about an attack happening.
They might look like this....
"Symantec Endpoing Protection
[SID: #### ] Attack: SMB Double
Pulsar Ping detected
Symantec Service framework"
with a yellow exclamation point on the left.
The box(es) will pop up and disappear quickly. It's difficult to get a screenshot of them.
I checked the SEP client logs. Nothing there. Looks normal for the system, risk, and scan log.
Checked SEPM. No special notifcations. Looks normal.
No emails are generated by these events.
I wouldn't mind seeing something in SEPM . Logging into a client machine isn't realistic. If there was some attack happening but it was being warded off, great, SEP is doing its job. I wouldn't mind knowing if several users were seeing these popups though.
Where can I get more info on what the events are that causes these? And what are these little popups in general?
0
↧