Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all 10484 articles
Browse latest View live

Communication Update fails / SylinkDrop

June 20, 2018, 12:49 am
$
0
0
I need a solution

Hi there,

got a problem with Endpoint Protection 14.0.3929.1200 on Windows 10 (mixed from 1511 up to 1803), when we try to connect a unmanaged client to a management server

or are trying to relocate a client to another management server either by SEPM or by exported communications updater we get an error in the log located in c:\temp\clt-inst:

<Status ExitCode="14" Description="Error ( 3 ) in smc -importSylink."/>

SEPM is running on Server 2012 R2, user account used to connect to the client is local admin, client password is submitted with package.

Deactivated tamper protection, but no change.

Dont know where to search further, somebody got the same problem? Just found a post with same problem, but SEP 12.1.

thanks in advance and best regards from germany

Marcel

0
Search

Is LiveUpdate required for processing jdb files?

June 20, 2018, 7:09 am
$
0
0
I need a solution

Hello,

After a recent issue of LiveUpdate being uninstalled from SEPM 14 and .jdb files no longer working, which was fixed by reinstalling LiveUpdate. I wanted to get a clear answer in regards to LiveUpdate being required by SEPM to process and send updates from .jdb files to darknet clients.

Thanks

0
1529508957

Security Advisory ID SYMSA1454: Symantec Endpoint Protection Multiple Issues

June 20, 2018, 7:43 am
$
0
0
I do not need a solution (just sharing information)

Just spreading awareness: please upgrade to the latest available release of SEP 12.1 or SEP 14 (14 RU1 MP1 and later or 12.1 RU6 MP10 and later) in order to remain invulnerable to these two Medium severity CVEs (CVE-2018-5236, CVE-2018-5237)!

Symantec Endpoint Protection Multiple Issues
http://www.symantec.com/docs/SYMSA1454  

The aforementioned issues were validated by product team engineers. A set of Symantec Endpoint Protection updates, Symantec Endpoint Protection (SEP) 14 RU1 MP1 and later or 12.1 RU6 MP10 and later, have been made available. Note that the latest releases of the aforementioned products are available to customers through normal support channels or via live update. At this time, Symantec is not aware of any exploitations or adverse customer impact from these issues. 

0

Memory Exploit Mitigation - Standalone Client

June 20, 2018, 3:17 pm
$
0
0
I need a solution

I have a use case that a client is a stand alone client. One of the applications is not starting due to Memory Exploit Mitigation. It would be easy to change this if it was a managed client. However, with a stand alone client, there are not options to change the defaults or make an exception. I have tried to export a MEM policy from a SEPM and import it. However, this did not seem to work. Anyone else run into this and have a fix?

0

Grateful please how to copy firewall rules from old (window server2008) to new one(win10) on Symantec endpoint manager version 14 ?

June 20, 2018, 8:18 pm
$
0
0
I need a solution

Grateful please how to copy firewall rules from old (window server2008) to new one(win10) on Symantec endpoint manager version 14 ?

0

Increase a process working set

June 21, 2018, 12:38 am
$
0
0
I need a solution

Hi,

May I know if Symantec Endpoint Protection or Veritas Backup Exec need permission in "Increase a process working set"?

cheers

Suan Leng

0

Offline installation of SEPM - is liveupdate needed

June 20, 2018, 2:42 pm
$
0
0
I need a solution

I have SEPM v14 installed on a disconnected network (no internet). I update the definitions manually on the SEPM server using .jdb files. Management is wanting to uninstall liveupdate on the SEPM server.

Can anyone tell me if SEPM will still function correctly without liveupdate installed on the SEPM server? The clients would still have it installed. My other concern is that if SEPM still pushes the defs and SW updates to the clients that have liveupdate installed, will those updates get pushed to the client installed on the SEPM server?

I don't think it's a good idea, but we need a source/reference point to back our decision either way.

Thanks 

0

system requirements for SQL DB 2016 -SEP14.2

June 21, 2018, 4:21 am
$
0
0
Copy all the children of the comment that is the source of this new discussion.
I need a solution 
Question:
SEPM 14.2 will be installed in my environment on Windows Server 2016

What are the system requirements for SQL DB 2016?
0
12042431
Search

Location Awareness issues after upgrade to SEP 14.2

June 21, 2018, 5:16 am
$
0
0
I need a solution

Hello,

Upgraded recently SEP manager and some clients from 14.0.3897.1101 to 14.2.758.0000.

Upgraded clients started having issues with selecting correct location - laptops that have Wi-Fi card enabled (not connected to anything) insist in picking "Wireless" location.

Althought the only IP they have is from the range approved for the "Ethernet Only" location.

After some long trail and error i saw that what helped is to change from "If all of the IP addresses of the client computer are listed below" to "If the client computer has one of the IP addresses listed below"  - but this is not good enough.

No other IP addresses exist on the client.

Any ideas?

Perhaps its a bug?

Thanks !!!!
Gennady

Y:\>ipconfig /all

Windows IP Configuration

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel(R) Ethernet Connection I218-LM
   Physical Address. . . . . . . . . : 28-D2-44-65-19-FD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.1.1.135(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   DHCP Server . . . . . . . . . . . : 10.1.1.59
   DNS Servers . . . . . . . . . . . : 10.1.1.59
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Check Point Virtual Network Adapter For Endpoint VPN Client
   Physical Address. . . . . . . . . : 54-5C-A5-51-E2-07
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) Dual Band Wireless-N 7260
   Physical Address. . . . . . . . . : 7C-7A-91-59-60-E1
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 7C-7A-91-59-60-E2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 4:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter
   Physical Address. . . . . . . . . : 7E-7A-91-59-60-E1
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 7C-7A-91-59-60-E5
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

0

How to identify running scheduled scan

June 21, 2018, 6:03 am
$
0
0
I need a solution

Hello,

Is there a way how to identify running scheduled scan on a system? Eg. running process, registry key or some existing file?

I need to implement an automated restart of SEP service in case of need, but condition must be that scan is not running.

Thanks,

Michal

0

Tracking down exception creator

June 21, 2018, 8:50 am
$
0
0
I need a solution

Hello World,

          I am trying to find out who created an exception in my installation of SEPM 12 from several months ago for documentation purposes.  SEP support says that they only track that a exception profile was changed and by whom, but not what was changed.  In the excepion list there is no owner of each exception.  Short of going into the database and trying to find the field, I am stuck.  The only thing we have to go on is if the exceptions are listed in order by time they were created.  Support will not validate this.  Has anyone here been able to find a report or log file that shows who, what, and when? 

Thank you.

0

Client Only Install 3929 to 758 Failing

June 21, 2018, 11:31 am
$
0
0
I need a solution

Greetings!

I am trying to understand why the client only install is failing. I see the return code is 23. What is that?

06/21 11:23:17.571 [4850]  SymDelta FileVersion: 14.0.0.0
 Log initialized: LogLevel=4 Log, Size=2097152, RotationCount=2
06/21 11:23:17.582 [4850]  (SymDelta::CSymDelta::invokeUnzip)  Inflating...\\?\C:\Users\Michael.Orechoff\AppData\Local\Temp\pftBD43.tmp\Patch.dax
06/21 11:23:18.226 [4850]  (SymDelta::CSymDelta::invokeUnzip) UnZipTask took (milliseconds): 640
06/21 11:23:18.230 [4850]  (SymDelta::CSymDelta::PerformApplyDelta) Performing [ XDELTA3 - Apply Delta ]
06/21 11:23:18.250 [4850]  (SymDelta::CXDeltaTool::Apply) Dir: \\?\C:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.3929.1200.105\Data\Cached Installs
06/21 11:23:18.250 [4850]  (ApplyPackage) Apply package command line: "DummyXdeltaPath" -d -s %src% %patch% %out%
06/21 11:23:18.250 [4584]  (LaunchXDeltaInternalAndWait) Launching: "DummyXdeltaPath" -d -s "\\?\C:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.3929.1200.105\Data\Cached Installs\Setup.exe""C:\Users\Michael.Orechoff\AppData\Local\Temp\SymDelta_15404\Patch.dax.tmp\Setup.exe.DIFF""\\?\C:\Users\Michael.Orechoff\AppData\Local\Temp\pftBD43.tmp\SmcLU\Setup.exe":
06/21 11:23:18.289 [4850]  (SymDelta::CXDeltaTool::Apply) Return Code: 23
06/21 11:23:18.289 [4850]  (SymDelta::CSymDelta::processDirs) ApplyDelta Operation failed.
 
Mike
0

Add finger print scanner device as a default hardware device based on class

June 22, 2018, 7:34 am
$
0
0
I need a solution

In our enviourment the users has finger print scanner device. We have different OU for each location as its a PAN India project. On these OU all USB is blocked expect human interface device (keyboard/mouse). But now the users have been provided with a new usb finger print scanner device.

This device is getting blocked as we insert in the system but as the application gets installed it start working without any restriction. As the policy is getting bypassed.

Kindly check this issue.

0

SEP 14 Upgrade to new site

June 22, 2018, 7:58 am
$
0
0
I need a solution

Hi All, 

I got some questions for the best approach to upgrading to SEP 14. Due to old server OS, we want to have the new SEP 14 consoles with the latest and greatest. My customer has the following and I am looking for the best approach to setting up a SEP 14 enviroment.

OLD Enviroment

Console A - Server 2008 + SQL Database 7000 Clients

Console B - Server 2008 Embedded console 2500 Clients

New Enviroment

1. What would be the best Hardware (VM) recommended for the 2 new consoles. Please be detailed in the CPU, RAM, Storage c: d:

2. Want to keep the same structure of 2 seperate consoles. 1 with SQL and 1 with embedded

3. What would be the best approach to moving clients from old enviroment to new enviroment. (a.b.c?)
         a. Install SEP 14 on new servers > upgrade old console to 14 >have DB replicate > setup managment server list
         b. Install SEP 12 on new servers > DB Replicate > Setup Management Server List > Upgrade to 14
         c: other?
 

Thank you for your input

0

Multiple Windows 7 clients appear as a single client

June 22, 2018, 8:03 am
$
0
0
I need a solution

I have SEPM running on Windows Server 2012 and I am trying to install SEP 12.1.4013.4013 on 4 VMs. The VMs were created from a single Windows image and then loaded onto each computer where I ran sysprep before installing SEP.

I completed the client deployment remotely with no problems for each client but on the Client page of SEPM, there is only one entry. If I refresh the page, the client name will cycle between the 4 hostnames of the VMs so that only one is displayed at a time. It appears that SEPM is treating all 4 clients as a single deployment. If I run a command on the single client such as a remote restart command, it will only restart the VM that has its host name displayed at the time on SEPM. It seems like there may be a problem with how the VMs were deployed. Any help is appreciated!

0
Search

ARP Mac Spoofing alerts generated continuously from endpoints

June 24, 2018, 4:33 am
$
0
0
I need a solution

We have upgraded the Clients from SEP 12.1.MP9 to SEP 14.

Contioounsly every 10-15 minutes we get

Unsolicited incoming ARP reply detected, this is a kind of MAC spoofing that may consequently do harm to your computer. Packet data is shown in the right window

We insattled Wireshark on  the machine and noticed that for every ARP Inbound request , there is a definite Outbound reply. yet this issue seems occuring since months now

The request is between the endpoint machine and router 

We have machines from multiple site, with their respctive routers, giving alerts

We have around 50,000+ alerts

Support asked to enable ANti-Mac Spoofy but still the same error persists.

0

Some clients lose connection after upgrade to 14.2

June 23, 2018, 2:22 pm
$
0
0
I need a solution

I recently upgraded SEPM from 14.0 RU1 MP2 to 14.2 and after pushing out the new install package three clients are now unable to connect to the server. Looking under Help --> Troubleshooting --> Server Connection Status on each client shows the error: "Peer certificate cannot be authenticated with given CA certificate". Clicking "Details" tells me to run the Symantec Diagnostics Tool.

After running SymDiag, the only "Requires Attention" item is "Service IPS Network Filter Driver is not configured and operating properly" with the details of "Service last exited with code 31" but I have that same item on working clients so I don't think that is the problem.

I have tried installing the client via Push, exporting the install and manually installing and installing the Unmanaged package from the download and then converting to a Managed client and I get the same error each way. Going back to 14.0 RU1 MP2 restores communication with the SEPM.

I'm not sure what certificate and CA certificate are in play here so I'm wondering if anyone has any suggestions?

0

14.2.758 Client Location awareness Bug ?!

June 24, 2018, 11:42 pm
$
0
0
I need a solution

we have upgrade some Clients to 14.2.758. After Upgrade the Client Location awareness not working correct. I investigate my policy and find no differnces befor upgrading the Server.

Clients with Version older than 14.2 working correct. I build a test group steb by step  with Location Policy and find the Problem.

When i define only a Subnet die Loction is not working, define i the subnet as IP -Range the  location is set correct.

is this a bug  or a Feature 

kind regards

henrik

0

How to Set a Notification for an Attack in Intrusion Prevention Event Logs?

June 25, 2018, 4:22 am
$
0
0
I need a solution

Hi,

I'm looking for a solution in "SEPM14 RU1 MP1b" console to set a notification or scheduled report for "intrusion prevention attack event log" , for example, if any IPS attack occurred on a server , it automatically sends an email for administartor.

But I did not found anything about IPS attack details like (Monitor--->Logs, Network and Host Exploit Mitigation Logs: Attacks) in "Notification Conditions" or "Scheduled Reports".

With thanks and best regards,

Shadi.A

0
1529931228

Comprehensive Risk report - Action taken Blocked

June 25, 2018, 5:40 am
Viewing all 10484 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>