Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all 10484 articles
Browse latest View live

SEPM central administration trough Replication

April 25, 2018, 8:19 am
$
0
0
I need a solution

Hello,

i have two dedicated SEPM (in different domains A/B) that have no connection to one another. Through Replication i want to consolidate the administration in a SEPM in a third Domain (C).

A<->C<->B

Domain C has network connection to the SEPM in domain A/B, but not the attached clients.

I have the following requirements

1. Administrate SEPM A/B and the attached Clients through SEPM C.

2. SEPM A/B should be independent from one another

In a test environment it looks this way.

-i can push client commands from SEPM C to clients attached on SEPM A, so i think the command is not directly send to the client, but through SEPM A.

-all groups/policies from SEPM A/B will be replicated to one another through SEPM C.

Question 1: Is this scenario viable? Any suggestions?

Question 2: Is it possible to manage Clients on SEPM A/B through SEPM C, even if SEPM C has no direct network connection to the clients?

Question 3: Is it possible to prevent policy/group replication between Site A/B through C?

Best regards

0
Search

Unimplemented Trans2 Subcommand attack detected but not blocked. Application path: SYSTEM

April 25, 2018, 11:01 pm
$
0
0
I need a solution

Dear All,

Today we have received the IPS signature traffic [SID: 30239] Audit: Unimplemented Trans2 Subcommand attack detected but not blocked. Application path: SYSTEM. This traffiic is outbound traffic  intiated from the workstation towards the windows server 2003.

same alert has been triggered on two days back. We have isolated the machine from the network and install MS17-010 patch on that workstation. checked the symdiag logs no threat detection were found. But again same traffic was detected in our environment for same machine.

I am quite sure that the mentioned signature, by default is being allowed in our SEPM IPS policy. 

As per the below Symantec link. For the mentioned signature the severity level is low. But need to investigate why that workstation triggered this traffic. Totally confused. Can anyone help on the same.

https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=30239

Thanks in advance

0

How to enable usb device on the user

April 26, 2018, 4:36 am
$
0
0
I need a solution

Hello,

I would like to block the pendrivers in the whole company, but excluding one group from AD.

Until now, I have deployed the package in computer policy mode.

Is it possible, does SEPM support such a solution?

pozdrawiam

Art

0

how to interpret Risk logs pulled form SEP Client

April 26, 2018, 5:02 am
$
0
0
I need a solution

HI,

i have pulled risk logs from SEP client of infected system to analyze them.

i need the help to understand how to intrepret cloumns in the logs.

Kindly help me to understand how to interpret below information.












ActionRisk TypeLogged ByOriginal LocationComputerUserStatusCurrent LocationPrimary ActionSecondary ActionAction DescriptionDate and Time
Cleaned by deletionHeuristic VirusAuto-Protect scanC:\(Folder)Endpoint HostnameUsernameDeletedDeletedClean security riskQuarantineThe file was deleted successfully.4/25/2018 1:39:32 PM
Cleaned by deletionHeuristic VirusAuto-Protect scanC:\(Folder)Endpoint HostnameUsernameDeletedDeletedClean security riskQuarantineThe file was deleted successfully.4/25/2018 1:42:55 PM
Cleaned by deletionHeuristic VirusAuto-Protect scanC:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\SRTSP\Quarantine\Endpoint HostnameSYSTEMDeletedDeletedClean security riskQuarantineThe file was deleted successfully.4/25/2018 1:41:17 PM
Cleaned by deletionHeuristic VirusAuto-Protect scanC:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\SRTSP\Quarantine\Endpoint HostnameSYSTEMDeletedDeletedClean security riskQuarantineThe file was deleted successfully.4/25/2018 1:44:39 PM
Cleaned by deletionHeuristic VirusAuto-Protect scanC:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\SRTSP\Quarantine\Endpoint HostnameSYSTEMDeletedDeletedClean security riskQuarantineThe file was deleted successfully.4/25/2018 1:46:10 PM
0

Is it ok to not reboot after install for an extended period?

April 26, 2018, 7:35 am
$
0
0
I need a solution

I have a few servers that I'd really like to upgrade from v12 - v14, but they won't be rebooted until sometime next month.  Is it ok to install v14 over v12 and leave the client in a "needs to reboot" state for a few weeks?

I've done that on a test server, and it seems as though v14 is working fine - getting new definitions, reporting to SEPM 14, etc.

Thanks!

0

SEPM 14 RU2 Install: Embedded Database Recommendations?

April 26, 2018, 8:41 am
$
0
0
I need a solution

Hello all,

We are in the process of standing up a new server that is going to act as our primary SEPM server for multiple sites. Our biggest issue is if we are going to be able to stick with the free embedded database, or if we are going to have to purchase SQL. I've been searching online for the past few hours and have been able to find any recommended suggestions for SEPM as to when you should use one database or the other. We've heard varying numbers of the recommended clients for the embedded database but can't find any confirmation.

Is there any documentation for the latest version of SEPM, that outlines how many clients the embedded database is good for, as well as instructions on moving to SQL down the road? Any guide that is current / updated that outlines why we should choose one or the other.

Thanks!

0

N-Able Discovery causes SEP clients to block connection to the server

April 26, 2018, 3:51 pm
$
0
0
I need a solution

N-able discovery process causes SEP to block connection to the server. We are taking on a new client that has SEP and cannot take a chance with causing the network to go down. I have talked with N-Able support and they are less than helpful. I also dont know exactly what it gets detected as either.

The Probe scans the defined network addresses using the following protocols:

Windows Management Instrumentation (WMI)
SNMP
NETBIOS and Active Directory Services Interface (ADSI)
ICMP (ping)

0

Unpacks install script then deletes everything except install script and containing folders

April 27, 2018, 5:23 am
$
0
0
I need a solution

(Windows Server 2003) I am currently installing Symantec Endpoint protection on a server bed.  I have installed the SEPM on the management server, then I installed SEP on the  two domain controllers.  When I try to install SEP on the SEPM server the in seems to unpack files as the progress bar fills in then once it seems to almost be done it starts deleteing the unpacked files except for some temp files and the install script and (besides the progress bar going back down to nothing then disappearing) does nothing else.  No start menu folders or icons are made and there is no program put into the control panel add/remove programs list.  When I reboot the temp files are gone and all that remains is the C:\Program files\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Scripts\installscript.sis file.  How can I remembdy this situation and get the Enpoint protection manager to install properly? This happens on all remaining memeber servers.

0
Search

Using REST API for getting suspicious files from endpoints - need help

April 30, 2018, 1:31 am
$
0
0
I need a solution

Hi folks,

I was trying to implement this mechanism in my integration:
https://support.symantec.com/en_US/article.TECH239...
(Endpoint Protection 14 REST API support for deleting or fetching a file based on hash value)

Unfortunately got into dead end, maybe you can give a tip how to move further. Hers what I did:

I use postman for API tests. I'm able to authentincate /api/v1/identity/authenticate , I get a token back. Next step is to order SEPM to go to endpoing and grab the file using:

/api/v1/command-queue/files?file_path=c:\windows\notepad.exe&computer_ids=C[...CUT...]3&sha256=933E1778B2760B3A9194C2799D7B76052895959C3CAEDEFB4E9D764CBB6AD3B5 

all I get as a return is a command_ID. Great. After some time I can see that command was executed successfully in the SEMP console. Now I would like to download the file (eg. for further analysis), but according to article for that I need a file_ID - /api/v1/command-queue/file/{file_id}/content

The question is... where to get file_id?

Did anyone actually successfully implemented the mechanism from the article?

0

This app can't run on this PC

April 30, 2018, 9:22 am
$
0
0
I need a solution

Hi!

We have Win 10 in all network computers with SEP 14.x and works perfectly but we got new PC's and now when I'm trying to install SEP 14.x on the new computers I got this error. (Screenshot attached for your reference). Thanks in advance for your support.

0

Where to get SEP 14.0 RU1 MP2 from?

May 1, 2018, 12:41 am
$
0
0
I do not need a solution (just sharing information)

I am installing the new Windows 10 Spring Creators Update/April 2018 and I would like to install the latest version of SEP.

We currently have 14.0 RU1 MP1 and I heard that the MP2 is fully compatible with Windows 10 1803...

I cannot see it in the admin console..this is what I get

Can someone please direct me as to where to get the installation files for the latest SEP?

Thank you in advance

 

0

Reinstall the SEP client on 500 computers remotely

May 1, 2018, 4:26 am
$
0
0
I need a solution

Hi guys, New to Symantec Endpoint Protection. Question ======= Is it possible to reinstall the SEP (12 or 14) client on multiple machines (500) at the same time without using powershell scripts or third party tools? Using only the endpoint protection manager. Endpoint machines are Windows 7 Enterprise. Do you have some recommendations and practical examples? Thank you.

0

Live Update Administrator failed to download definition SEP14.0 RU1

May 2, 2018, 5:25 pm
$
0
0
I need a solution

I have installed the last version LUA (Version: 2.3.6.47). Every day, the download definitions of SEP 14.1 fail. Finally, after many times to executed the schedule, it finish succesfully.

I have other schedule task (SEP 12.1.5) doesn't have problem when  it to donwload.

Do you have any idea about to solve the problem  about donwload when the definitions of "Symantec Advanced Endpoint Protection 14.0 RU1 English"

0

SEP Client 14.0.3897.1101 (14.0RU1 MP1) Stops When it finds new Virus

May 2, 2018, 9:51 pm
$
0
0
I need a solution

Hi 

SEP Client 14.0.3897.1101 (14.0RU1 MP1) Stops When it finds new Virus file not able to delete and stops, need to restart manaully , Also noticed when new deffnations arrives 

Thank you, 

0

IPS alerts

April 24, 2018, 7:33 am
$
0
0
I need a solution

I would like to know if we can stop IPS notificaions on Client end. I particularly want to know if we have the possibility of blocking juse the desired notification, than blocking all.

This article doesnt say if we can block one particular alert: https://support.symantec.com/en_US/article.TECH105013.html

0
1524581346
Search

SEP Client 14.0.3897.1101 (14.0RU1 MP1) Stops When it finds new Virus

May 2, 2018, 9:51 pm
$
0
0
I need a solution

Hi 

SEP Client 14.0.3897.1101 (14.0RU1 MP1) Stops When it finds new Virus file not able to delete and stops, need to restart manaully , Also noticed when new deffnations arrives 

Thank you, 

0

What is the difference between SEP 12.0 vs 14.0?

May 3, 2018, 4:04 am
$
0
0
I need a solution

Dear All,

Can any one explain me the difference between Symantec 12.0 vs 14.0 and also tell me what are the added features in 14.0.

Regards,

ABUL

0

File Not Found error happens when downloading an AntiVirus Definitions from liveupdate.symantec.com

May 3, 2018, 7:39 am
$
0
0
I need a solution

Hi Symantec LiveUpdate team,

file not found error happened when the SPE Virus Definitions auto upgrade job downloading Norton AntiVirus Definitions package.

I'm not sure what's happening, there was the pachage in upgrade list but failed to download it, and 2 hours later the auto upgrade was back to normal and downloaded the package successfully.

Please help to do some research on it, please comment freely if more information is needed.

Thanks 

Kevin

Version: SPE 7.8 AV Definitions for x86_64-linux

Time: 2018/04/05 00:42:41 (UTC -0700)

00:42:41.667356 [Check for Updates - START]
00:42:41.713033         Result Code: 0x00010000
00:42:41.713077         Result Message: OK
00:42:41.713136         Component Status Changes:
00:42:41.713180                 None
00:42:41.713211         [Component - START]
00:42:41.713245                 Component ID: {BAE8FC84-53DC-11E1-8A6B-005056A9534A}
00:42:41.713275                 Available Updates: 1
00:42:41.713305                 [Package - START]
00:42:41.713341                         Item: Virus Definitions
00:42:41.713372                         Description: Norton AntiVirus Definitions
00:42:41.713401                         File: 1522909520jtun_dsslinen180404023.m35
00:42:41.713430                         Reboot Flag: false
00:42:41.713462                         Sequence Name: CurDefs
00:42:41.713492                         Sequence Number: 180404036
00:42:41.713520                 [Package - END]
00:42:41.713549         [Component - END]
00:42:41.713595 [Check for Updates - END]
00:42:41.713657 [Package Download - START] 
00:42:41.713697         Component: {BAE8FC84-53DC-11E1-8A6B-005056A9534A}
00:42:41.713728         File: 1522909520jtun_dsslinen180404023.m35
00:42:41.790871         Result Code: 0x80010732
00:42:41.790913         Result Message: FAIL - file not found
00:42:41.790943 [Package Download - END]

0

How to disable the little yellow network attack popup notifications?

May 3, 2018, 1:55 pm
$
0
0
I need a solution

We had seen them occasionally in the past.  Having something attack isn't a huge surprise.  (And we hadn't located the logs in SEPM.  Those logs are really buried...)

Currently my area is "under attack."  Symantec is fending them off.  In the SEPM network attack logs we can see them and there are a lot more over the last few weeks.  We're working with other IT security people.  The infected machines are outside my area though, outside my control.  I just have to put up with someone else's apparently infected machines trying attack mine.

Those little yellow popups though... How we disable those from popping up?  It looks like 3-4 times per day something is sweeping through ip addresses.  If you're using your computer when it gets attacked, Symantec puts up the little yellow notification.  That is actually what caught our attention at first.  Everyone started mentioning that they kept seeing those pop up.  But now we're aware of it.  

How do we disable those popups, especially for a regular user?  I don't mind getting reminded that the network attack issue is happening myself.  Users don't need to see the popups frequently though.

Is there a policy I can tweak and push out in SEPM to stop those from popping up, as opposed to visiting every machine to tweak a setting?

0

SEP 14

May 4, 2018, 3:02 am
$
0
0
I need a solution

Hello Experts,

Need your expertise currently we have 3nos standalone SEPM running on each location having embedded database in it. we want to implement replication faliover for those SEPM server. can anyone has any experience kindly comment. also share the document articels for the same.

0
Viewing all 10484 articles
Browse latest View live
Search