Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all 10484 articles
Browse latest View live

Pop up (Windows 10) - WSCSavNotifier.exe

May 4, 2018, 3:12 am
$
0
0
I need a solution

Hi all

I would like to to is someone is experiencing this problem

Some users are recieiving a prompt from the Windows Action Center stating

"Do you want to run this app? You should only run apps that come from publishers you trust"

WSCSavNotifier.exe is digitally signed by Symantec and is safe to run. If it is ignored or canceled the prompt, the SEP client will still attempt to automatically update its content in the background.

Click "Yes, I trust the publisher and want to run this app" to allow the SEP client to perform its remediation action

It seems that if the user does not click "yes" , the file will not automatically signed by Symantec. Someone with the same problem?

thanks

0
Search

How do I get a full week's worth of network attack report information?

May 4, 2018, 8:33 am
$
0
0
I need a solution

I'm only getting the last 24 hours now, the hour before the report comes out.

From SEPM...

Reports, Scheduled Reports tab, network and host mitigation--Attacks.

Popup window...

It's enabled.

Network and Host Exploit Mitigation Report

Full Report

Default

Run every 1 week

Start after    Date from weeks ago  10am

send report to sys admin

So I'm getting yesterday at 10am up to today at 10am.  What I want is a full week in the report, maybe last Friday 10am up to this Friday 9:59:59am,   or just days of the week, 12am-11:59:59pm, any seven days of the week would be fine.

Is there a way to set the time period for report information like that or is it always/stuck at 24 hours all the time?  I think I could switch it and get daily full reports, but I don't want to see these every day.  Once a week is good.

0
1525448984

Unmanaged SEP 14.0.1 MP2 on 2016

May 4, 2018, 4:17 pm
$
0
0
I need a solution

I have a fresh install of Windows Server 2016 Standard where loading the latest SEP 14.0.1 MP2 as an "unmanaged" client isn't downloading the virus definitions for some reason.  I've tried repairing, uninstalling/reinstalling but the result is the same where you get that generic message that the client isn't protected until it gets virus defs.  Even bypassed our proxy server and got the same result.  Note that I always run a checksum against the SEP download from FileConnect.

In contrast, I can load an unmanaged SEP 12 just fine on this 2016 server.  For SEP 14's install, noticed that the ending LiveUpdate process finishes too quickly without any errors (didn't take a screenshot but thought the virus def d/l showed something like "...SDS Reduced" where I opted for the regular client during install) whereas with SEP 12, it's "processing" the downloads for a while.  I've re-downloaded the SEP 14 package from FileConnect and will try again although checksum matched and file size is identical to what I had.

Anyone else with "Windows 2016" servers who want to run the "unmanaged" SEP 14 (latest version as of today) encountering this same issue?

0
1525479809

Symantec Endpoint Proteciton 16 -support Itanium-based

May 5, 2018, 4:48 am
$
0
0
I need a solution

Hi  

Please confirm Symantec Endpoint Protection 16 or any  other version support's  Itanium-based  processor  ? One  of client has multiple  number of Host  and are  looking for Solution .

your  input  will be highly  appropriated  . 

Thanks 

0

Unable to update SEP Client 12 in Windows 10 pro (1703)

May 5, 2018, 6:01 am
$
0
0
I need a solution

Hi guys, I wonder if you could help me, currentlty I have on my PC, Window 10 Pro 64bit V. 1703 , SEP client Version 12.1.6 (12.1 RU6 MP5) build 7004 (7004.6500) I have downloaded the ZIP package to upgrade the SEP client, file name: Sep64_7004To7445_clientDAXMSI.EXE, but when I  try to run it  (as administrator) I get a dialog that says: "SEP Doesn't work on tis version of windows, you need an updated version" ...WTF? I already have it running on my PC, that message makes o sense? I have also tried to upgrade to MP7 first, but I get the same message.

Have you got any idea what may the problem be?

thanks.

0

SEP logs showing ICMP [type=3, code=3] being blocked

May 6, 2018, 10:44 pm
$
0
0
I need a solution

Hi,

I have ICMP [type=3, code=3] being blocked:

Source x.y.128.124 [netmask is x.y.255.255.255.224] 

Destination is x.y.246.161 

====

Source is a Windows 2012R2 host with a route table entry:

Network Desitnation/Netmask/Gateway/Interface/Metric

0.0.0.0/0.0.0.0/x.y.128.97/x.y.128.124/261

====

Destination is a "back box" device Linux based with no user sign-on

I have allowed ping ICMP[type=2] between  x.y.128.124->x.y.246.161

x & y represent the same IP "octet". The gateway for source is correct for our network.

Source and Destination are on different VLANs.

==> Can someone please suggest why ICMP [type=3, code=3] being blocked?

A google search shows that ICMP [type=3, code=3] is usually caused by a "network unreacheable" error.

However this article:

https://www.wilderssecurity.com/threads/type-3-cod...

could be caused by an IGMP error when trying to get route information

==> Any thoughts on this problem?

0

SEPM - http vs https

May 7, 2018, 6:04 am
$
0
0
I need a solution

Hello,

I'm planning to replace self-sign certificate with CA cert and according to these steps https://support.symantec.com/en_US/article.HOWTO81059.html I need to switch communication over HTTP 8014. What if my servers don't have network traffic open via 8014 port towards SEPM but only 443? Is it possible to setup HTTP over 443 and HTTPS on 9443 for example? Should be possible since we can specify custom ports in httpd.conf and sslForClients.conf. 

Any clue?

Greets.

0

Enable HIDS on SEPM 12.1.6

May 7, 2018, 6:59 am
$
0
0
I need a solution

Hello,

Currently using SEPM 12.1.6 MP9

Enviornment : Windows

I have a requirement to install Host Intrusion Detection System(HIDS) on the windows servers. How and where do I enable this features in SEPM ? I also need a document referring to enabling HIDS if Symantec has one.

Thanks,

0
1525711454
Search

IPS for Email Header

May 7, 2018, 2:54 pm
$
0
0
I do not need a solution (just sharing information)

Hello,
Is it at all possible to create IPS rules that can block emails with a particular header? In some cases we use IPS to sucessfully block access to some websites, so was hoping there was a way to do the same thing, but with Email headers.

Basically, we're having trouble with our mail gateway filtering spam correctly, so while this is being resolved, we're looking for a quick solution to block emails from particular domains (Or even subject lines) in the meantime.

0

Alerting_The_User_When_LiveUpdate_Failed

May 7, 2018, 8:47 pm
$
0
0
I need a solution

Hi guys,

Question

+++++++

Need a way to inform/alert the user when LiveUpdate failed, cannot update the virus definitions. 

Is there any way to do it? Can be powershell, the endpoint protection manager.

Searched Symantec website forum, search engines but there is no answer.

Thanks.

0

Upgrading SEPM to 14RU1MP2 - will clients running 14.0 MP2 be managed correctly

May 8, 2018, 6:04 am
$
0
0
I need a solution

Hi all,

Just about to do an upgrade of a SEPM from 14.0 MP2 (all clients also running this version) to SEP 14 RU1 MP2.

Can Symantec confirm that the clients on the lower version will and can be managed correctly with the newest version of the SEP running on the SEPM?

Thanks in advance.

0

Does HIPS have protection for CVE-2018-8174, and what is the best place to answer this type of question?

May 8, 2018, 1:20 pm
$
0
0
I need a solution

Hi there,

  Does SEP's HIPS engine have detection for this threat -

https://portal.msrc.microsoft.com/en-us/security-g...

  Also, is there an internal reference site I can visit to look up specific attacks/vulns to see a) if SEP thwarts it and b) what HIPS (or other) definition versions are required?

0

Virus def for BlackHeart Ransomware

May 9, 2018, 5:52 am
$
0
0
I need a solution

Hi Team,

just wanted to know which virus defs covers BlackHeart Ransomware. On Virustotal.com

symantec deteced as trojan.gen.2.

Kindly let me know which virus defs covers BlackHeart Ransomware.

0

Issues Upgrading Client to 14 RU1 MP2

May 9, 2018, 12:10 am
$
0
0
I need a solution

Hi everyone

We recently had to update our Symantec Endpoint to 14 RU1 MP2 (14.3929.1200) up from 14 MP1 (14.0.2415.0200) to allow for support to upgrade from Windows 10 1703 to 1709. 

We are doing the upgrade through SCCM and the install seemed to go through fine until we did the first round of Win 10 1709 updates. After a bit of investigation I found some machines were successfully updating to the new client version but were leaving remnants in the Program Files (x86)\Symantec\Symantec EndPoint Protection of the old version of Endpoint. For example the machines would have both the 14.0.2415.0200.105 and 14.0.3929.1200.105 folders in the install directory along with the full contents of this folder. The version of the SMC.exe in the main directory had successfully updated.

Has anyone else come across this issue and managed to do a clean uninstall, or know why only certain machines have this behaviour? 

0

Upgrade multiple clients with different sep versions

May 9, 2018, 2:25 am
$
0
0
I need a solution

Hi,

Our envoirenment has a mix of SEP 14 and 12 clients. I've set the auto deployment to deploy 14.0.3929.1200 to all clients in all groups, but some of the older clients are still on 12 and cannot update due to their OS restrictions, so I need to deploy the latest 12 version too (12.1.7445.7000) to update them.

As I already have 14.0.3929.1200 deployed to all groups, if I deploy 12.1.7445.7000 aswell to the same groups, will this 12.1.7445.7000 version only install on the systems that need it (SEP 12 versions, system that dont support SEP 14), and it won't downgrade 14.0.3929.1200 clients to 12.1.7445.7000?

Does SEPM 14 have any intelegence in the background to update the cleints to the latest supported cleint version automatically that has been deployed or will it keep changing the cleint versions back and forth?

Thanks!

arden

0
Search

Venerability Alerts

May 9, 2018, 7:34 am
$
0
0
I need a solution

Good morning, Does anyone know if theres a way to sighn up if Symantec Endpoint Protection and LUA products have an venerability? an alert via email or a site that I can visit. Same as Microsoft offers.

0

SEPM certificate replacement

May 9, 2018, 8:29 am
$
0
0
I need a solution

Hello,

Long story short despite my previous post and thoughts about traffic over HTTP/HTTPS. Is it possible to replace SEPM certificate having only one port (443 in this case) open from client servers to SEPM? Theoretically should be possible as apache accepts custom ports but anyone here tried that? 

Best regards

0

Best Practice in setting up client groups in SEPM

May 9, 2018, 11:31 am
$
0
0
I need a solution

Hi Guys,

What is best practice on setting up client groups in SEPM? 

Should it be done by

Location ie. LA, San Diego, San Fran, New York

Type - workstation, laptop, device

OS - Windows, MAC, Win 7, Win 10, UNIX

Department - HR, IT, Marketing

What have you had the best results with and what does Symantec recommend?

0

Adjusting the Intensive Protection Policy

May 10, 2018, 6:24 am
$
0
0
I need a solution

I've been working my way through tuning out all my Intensity Level 3 detections so taht I can adjust the Intense Protection Policy up to start blocking Level 1-3 and detecting at Leve 4 & 5.  I went to adjust it, and I found that I cannot.  I even tried duplicating the policy and adjusting it there.  Anyone else encounter this issue?  What gives?

0

Is both Outlook Scanner and POP3/SMTP Scanner needed?

May 9, 2018, 8:49 pm
$
0
0
I need a solution

Good aftermoon,

We are using Outlook 2016 to download messages from an POP3 account. Can you please advise us if we need to have both Outlook Scanner and  POP3/SMTP Scanner installed?

Can we get away with just having Outlook Scanner installed?

Thank you :)

0
Viewing all 10484 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>