The API provided by Symantec is limited.
We want to know the list of infected pc
Is not this the most important thing?
The Symantec rest-api does not provide this information.
Only a few lists are infected.
What pc is infected and what is the ip of that pc
I need a list.
Why not?
You know this is necessary, do not you?
Hello,
I would like an infomation how to fix weak DH key Exchange Supported (PCI DSS). I have got a report from VA scan about weak DH key Exchange Supported on tcp/8443 tcp/8446
106459 - Weak DH Key Exchange Supported (PCI DSS) A service on the remote host supports a weak key exchange mechanism
Description:
At least one of the services on the remote host supports a
Diffie-Hellman key exchange using a public modulus smaller than 2048
bits.
Diffie-Hellman key exchanges with keys smaller than 2048 bits do not
meet the PCI definition of strong cryptography as specified by
NIST Special Publication 800-57 Part 1.
Diffie-Hellman moduli of up to 1024 bits are considered practically
breakable by an attacker with very significant resources.
Solution:
Consult the software's manual and reconfigure the service to use at least 2048-bit DH parameters. Alternatively, disable DH and use only Elliptic-curve Diffie-Hellman (ECDH) instead.
My SEPM server OS is Windows server 2012 R2. All clients are Windows server 2003 R2, Windows server 2008 R2, Windows server 2012 R2, Windows 7, Windows 10
How to solve this issue ?
What is parameter that I should to configure on ssl.conf file ?
After configured cipher suite to ECDH. Is it support for all my clients OS or I should configure parameter on my clients ?
Thank you for your support.
Hi every one,
I try to install SEPM on WIndows server 2016. The computer was join domain.
While in running setup file. I see a warning :
I want to ask if i ignore that and press Continue, What will happen ?? Cause when i press continue and finish the installation, i see that the computer has new user semsrv, semwebser and semapisrv and NT SERVICE/semsrv, SERVICE/semưebsrv, SERVICE/semapisrv also being add to Log on as a Service in Local Policies of computer automatic. But when i uninstall SEPM and reinstall. The warning still appear. I check Log on as a Service in Local Policies of computer again and see all NT SERVICE was disappear.
And another problem is when i config Management Server Configuration Wizard, the erroe Failed to set Symantec Endpoint Protection Manager service account ACLs appear. I do a research and findout that SeSecurityPrivilege is require. I continue search and see to add SeSecurityPrivilege i must do as below :
Go to > Local Security Policy- > Local Policies -> User Rights Assignment on the server you are trying to install on.
Assign your logged in account (eg [domain]/[username]) the following rights:
>Back up files and directories
>Debug Programs
>Manage auditing and Security log
>Restore files and directories
>Take ownership of files or other objects
But after add the user i use to install SEPM to these group above, i still don't see SeSecurityPrivilege in Privilege colum. And the error still appear.
Note : Please notice this is a first time install
Hi, with TLS 1.0 not being supported any more I am disabling this on our servers. However, I have ran into a problem with Symantec.
My current set up is a seprate Symantec server and SQL server, both running on 2012r2, Symantec is version 14 MP2 and SQL version is 2012 SP4.
When I turn off TLS1.0 client side on the Syamntec server (TLS 1.1 and 1,2 are enabled), I am unable to log into the Symanytec Endpoint Manager application, I get the follwoing error, symantec unexpected server error error code 0x10010000
The SQL server has tls 1.1 and 1.2 enabled (Still also has 1.0 enabled while i get to the bottom of this issue), looking through the tech docs it looks like the symantec is hardcodded to speak to the DB over TLS 1.0, i was just wondering if anyone knew where this could be edited?
I have a server computer (IP 172.22.5.11), which has SEPM and SEP installed inside it.
On 172.22.5.11 server computer, i was joined 172.22.5.6 as 172.22.5.11 client.
But when I do LiveUpdate at 172.22.5.6, the system displays: Failed to connect to the live update server! (Such as attack picture).
Now I don''t know how to deal with it, please help !!!
I am having issues downloading the recent AV defitntions from Symatnecs FTP site. These are stand alone machines that need to be updated annually. I have been downloading from the below location:
Is there something going on?
I have 2 servers running 2008 R2 enterprise.
1 has issues with either the forward or reverse DNS zones populating, periodically have DNS issues with workstations.
1 has issues with DHCP. Showing a down, red arrow in DHCP but task options show it is running. This is resolved by restarting the service. This has happened twice in under a week. This started immediately after the upgrade from SEP 12.1.5
All SEP components installed.
Hi,
could someone give me info about Network and Host Exploit Mitigation and Compliance Events:
"[SID: 30548] Web Attack: JSCoinminer Website attack blocked. Traffic has been blocked for this application: C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" ?
Tnx a lot
D
Hi,
I shall upgrading the SEP Manager for 14.0.38 to 14.0.39. Only the manager is being upgraded not the clients. Does any one has a working document that would list the steps please for the upgrade?
Guys,
I am failing to reinstall my antivirus on windows server 2008. What happened was the first installation was interrupted and it did not finish up.
I managed to uninstall any symantec from my control panel and deleted all folders of it from my program files.In addition i deleted any norton files from regedit. But when i try to reinstall the antivirus i am receiving an error that says another antivirus of same version is already installed please uninstall from control panel. When i check from control panel none of symantec antivirus is present.
I have tried to get some symantec removing tools like Clean Wipe and CEDAR but still i am failing to reinstall the antivirus
ERROR MESSGE
Another version of this product is already installed. Installation of this version cannot continue until the existing version is uninstalled. Use Control Panel to configure or remove the existing version of this product.
Please assist if there is any other procedure.
Hello all
How can be found the machines enabled as unmaged detectors in SEPM14?
Thanks
Good afternoon,
We are seeing the following message on our Symantec Management Console and Site Servers (From Endpoint Solution)
PUA.Winexe!g1 was quarantined (winexesvc.exe)
From my reading, this is when a Linux system tries to initiate some kind of communication. Is there a way to find what the source address is so I can determine if this is coming from another server/service?
Thanks!
Hello,
I need to know how to get the autoprotect status of a Mac OS X SEP 14 client. It's real easy on windows, you just check the registry. I need the same ability on the Mac. I know its possible as the Cisco Any Connect client can check it when doing a posture check. I would even settle for a C or C++ library command and write my own tool if I have to.
Thanks!
I got error :
Failed to connect to server
Make suer that the server is running and you session has not time out.
...
on Event log I found
The Java Virtual Machine has exited with a code of -1, the service is being stopped.
Hi everyone,
I was install SEP Client on EndUsers Computer and after few minutes a popup appear require restart. After restart, the client now up to date.
I want to ask is there anyway to make client auto perform Full Scan after initial install or it the defualt setting and don't need to configure ??
Cause i don't see any Full Scan in Scan logs on both SEPM and SEP Client
I install from file 'SymantecExtractor'
Error message showing :
The installer could not install all the selected components. If the problem persists,
Please contact customer support and quote reference number d39c658017
3 errors on event viewer
1. Windows Installer installed the product. Product Name: Symantec Endpoint Protection. Product Version: 12.1.7266.6800. Product Language: 1033. Manufacturer: Symantec Corporation. Installation success or error status: 1603.
2.The description for Event ID 37 from source Symantec Endpoint Protection cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
SepMasterService
the message resource is present but the message is not found in the string/message table
3. Installation failed
Binary data: 7B46343035373031442D324442382D344246422D393541462D4432453645413137324546437D
hi all
please help me , i have sep products in our company but when i send email outside , email reject or block with RBL or CBL site , our site is bad .
how to remove a blocked from our email in RBL or CBL site when email send
best regrads
Hello all,
Over the last 7 - 10 days we have noticed a rash of Windows 7 desktops in our environment that the networking suddenly stops working on the Windows 7 client system. These are 32 bit and 64 bit machines. We discovered that removing the SEP client and reinstalling it fixes the problem. We have recenlty pushed out Microsoft updates from May, and I'm wondering if anyone else has seen this issue and knows if it is tied to a particular Windows update, or if the SEP tech support folks have seen this and already know what may be the root cause.
Clients are 14.x for SEP, OS is Windows 7 32 and 64 bit.
Thanks for any guidance that can be offered.
At the moment we are using SEP 14.0 MP2 build 2415.0200 and while trying to update old 1709 to new 1803 windows update tells that SEP is not compatible and needs to be removed before update can continue. We have also tried to install WIn10 1803 and then install SEP afterwards, but it did not work any better. Is that version of SEP somehow outdated or where is the rat?
Do GUP's download from other GUP's or do they download from the SEPM's? IE if I assign 10 desktops at a site to be GUP's, will 1 download from the SEPM and then the remaining 9 download from the locally updated GUP?
Many Thanks