in a risk report downloaded by column shows lot of options in that i need want to know Zone ID Portal URL Presence Portal Removable Files Portal
what is the difference in these three
Thanks in advance!
Hello, collegues.
Yesterday i upgrade all our SEP 14RU1 servers to the latest version 14.2. Upgrading was performed as Symantec recommends - delete replication, stop SEPM service on all servers, upgrading and recreate replication. All done without any errors. But now replication all time failed. We have 3 servers - two on local site and one on remote site. Replication initiated from local to remote done with success. But from remote to local always failed with same error:
2018-06-25 11:15:04.956 THREAD 8913 WARNING: ReplicationTask>> replicate: Unable to fetch changed data from remote site [Site_Name]: Cannot insert the value NULL into column 'IP_ADDR', table 'sem5.dbo.SEM_COMPUTER_NIC'; column does not allow nulls. UPDATE fails.
Our SEP databases resides on SQL Servers 2012.
In additional i can say, what our second network environment have same SEP configuration and after upgrading to 14.2 replication also failed with same error.
May be anybody can help?
Thanks a lot.
Stas.
Hi Team,
My Customer receive an application file hash list every week, and would like us to add a feature that he can import file hash list to make the application exception directly ranther than he need to generate the fingerprint from SEPM manulally in application monitor componment.
BR
Jeffrey Yang
I recently upgraded SEPM from version 12.x to 14.2.
During the server configuration, port 443 was being detected as in use and I was unable to use this port for HTTPS communication. I had to set a custom port 50001 in order to continue.
Netstat shows PID 4 listening on this port which is the System process. I've determined this to be IIS.
I can go into IIS and stop the web site, which allows me to change HTTPS back to 443 - but I receive server errors in the Admin console.
Based on what I have read, I believe IIS is involved in SEPM server communications, so it would appear that SEPM cannot use port 443 because it is being used by itself.
Can anyone provide insight into this? I would like to use the default ports.
SEPM is installed on Windows Server 2008 R2 SP1 and IIS is version 7.5.
Hi Team,
Could someone please let me know where i can find the GUP ip address from client machine.
When using docker for windows with SEP 14 installed on the host, network traffic from within the container is blocked. I've narrowed it down to the "Network and Host exploit mitigation" feature. If I temporarily disable this feature, the container works as expected.
Here are the steps to reproduce:
Here are some associated links for your reference:
https://github.com/docker/for-win/issues/1397
https://www.symantec.com/connect/forums/sep-1216-mp6-windows-10-hyper-v
Hi All,
We have made a policy to " Monitor File Activity"& "Monitor Registry Activity" on the servers running with SEP Client using the Application & Device Control Policy
We referred the below article for "How to utilize SEP for Incident Response"
https://www.symantec.com/connect/articles/how-util...
We are using SEPM 14.0.1 RU1 MP1 in our environment
Although we are getting logs from the server , the registry logs seems to be fine but the file write logs are not that meaningful as thy say what exe is used but not exactly what file changes have been done like " create,modify or delete"
Can someone help on this so that we can gather logs for user activities on server regarding file creations , modifications or deletions of any files or folders.
Please share any article in this regard
Thanks & Regards
Vivek Parmar
My client is an NGO with limited resources.They have SEP 14.0.2415.0200 on their (donated old )server. They were given a brand new Dell with Win10 home SL for a user. To connect to the domain I upgraded it to Win 10 Pro Workstation which uninstalled the working SEP client. Once updated to Win10Pro, the SEP would not install – ‘Windows can't install’ message. I found downloads on your website to update the client software to 14.2 which I presume will install on new windows10. However, the download seems to be an upgrade for installed SEP client rather than a new client program (or it's Korean like the other guys found), so catch-22. How can I install the client SEP? By the way, I'm doing this remotely from the server.
Mike in Durban
Hi there,
After runnung 'Download LiveUpdate Content' in SEPM I get the error below:
26 juni 2018 13:56:23 CEST: Symantec Endpoint Protection Manager could not update Virus and Spyware definitions Win64 12.1 RU6. [Site: Site MGMT01] [Server: MGMT01]
26 juni 2018 13:56:23 CEST: Symantec Endpoint Protection Manager could not update Symantec Endpoint Protection Manager Content Catalog 12.1 RU6. [Site: Site MGMT01] [Server: MGMT01]
Anyone any suggestion how to solve this issue?
Sincerely Alex
Trying to burn a number of USB sticks with an image and getting Inconsistancy error. Internal Error 8027. At least half of these drives are getting this error. I don't have the option of getting new ones. I have been told to make these work.
Error log says
*********************************
Date : Tue Jun 26 10:08:46 2018
Error Number: (8027)
Message: A GeneralException occurred
Version: 11.0.0.1502 (Dec 4 2006, Build=1502)
OS Version: Professional Service Pack 1 (Build 7601)
Command line arguments:
Active Switches :
AutoName
PathName : 584 ImageRestore.vbs
DumpFile : 1.1:\Users\posluser\Desktop\APTOS GHOST\aptosInstaller.20170330.GHO
DumpPos : 671132489
Last LFO Buffersize : 0
Last LFO Path :
Full Path : 1.1:\Users\posluser\Desktop\APTOS GHOST\aptosInstaller.20170330.GHO
Disk:Partition : 1:1
Drive Letter : C:\
Last LFO Filesystem : Native
FlagImplode : 0
FlagExplode : 3
Operation Details :
Total size.........13469
MB copied..........13462
MB remaining.......7
Percent complete...99%
Speed..............336 MB/min
Time elapsed.......40:03
Time remaining.....0:01
A registry error occurred
Unexpected result - internal error
size > 0
Generated at ..\NtRegistryCell.cpp:57
Any thoughts?
Hello everyone,
I have two SEPMs with a shared SQL database running 14 RU1 MP1 and I have clients also on the same version. Recently we have noticed that a huge number of clients 2500+ are stuck on the definations date of June 14th. Altough the SEPMs have the definations updated on themselves with a date of June 25th, that is of yesterday, However for some reasons clients are stuck on a specific date and are not updating definations from SEPM.
Can you please let me know what could be the issue?
How can I identify the root cause as why the clients are not updating definations?
How can I turn on sylink logging on SEP clients to identify as why this failure is happening.
Your suppport is appreciated. Thanks
I was looking to see if there was any documentation for best practices as far as updating/changing the uninstall PW for SEP goes? We recently needed to update it and would like to get into the habbit of changing them regularly and wanted to see if there was a suggested interval for this? 90 days, 180 days, a year? If anyone has this info please let me know.
Hi Symantec People.
Need assistance on how to handle the update definition and policy for users that not connected on VPN?
Some users are not connected on VPN - how we can ensure that those clients are using the correct policies?
How we can manage users that not connected on VPN?
I am working on script which will scan perticular file . If files contains virus then script will hanlde accordingly.
Do anyboday have idea how we can implement this ?
Currently I am using below command but it doesnt return any flag by which we can determine whether file is problomatic or not .
sudo /opt/Symantec/symantec_antivirus/sav manualscan -s test.txt
We need to move our current SEPM database (Which is on cluster as instance) to New Server Instance which will resultu in new DB IP and hostname
I have gone thorugh all the related articles but I have not really got any exact answers that I need.
Can someone please let me know what are steps need to performed on SEPM sever and how exactly should we point the SEPM to new database ?
Articles I have already gone through are
https://support.symantec.com/en_US/article.TECH132...
https://support.symantec.com/en_US/article.TECH104...
http://www.symantec.com/docs/TECH174821
I know we need to run through "management configuration wizard" and follow next steps, but any detailed answer would be greatly appreciated.
Thank you
Hello - our company just was hit by a "zara 2018" .bip extension ransomeware. We have Symantec Endpoint 14 installed on all of our Windows 7, 8 and 10 clients, as well as our 2008 R2 servers. A Wndows 7 client was the host of the ransomeware, and it went from share to share. Our servers have Symantec Endpoint 14 installed on them as well. Our Symantec Server did not notify me of the activity. The way it was identified is by the user who came into log on to his computer and found the message that all his files were encrypted. Can anyone tell me why the Symantec Endpoint did not detect this intrusion? It also appears that it was before hours so no one had been on the infected client system to initiate the attack via email or other route. I am very concerned & am doubting whether Symantec will catch the next intrusion.
Hello - our company just was hit by a "zara 2018" .bip extension ransomeware. We have Symantec Endpoint 14 installed on all of our Windows 7, 8 and 10 clients, as well as our 2008 R2 servers. A Wndows 7 client was the host of the ransomeware, and it went from share to share. Our servers have Symantec Endpoint 14 installed on them as well. Our Symantec Server did not notify me of the activity & it is not recorded in any log file. The way it was identified was by the user who came in & logged onto his computer, and found the message that all his files were encrypted. Can anyone tell me why the Symantec Endpoint did not detect this intrusion? It also appears that it was before hours so no one had been onsite or on the infected client system to initiate the attack via email or other route that we can see. I am very concerned & am doubting whether Symantec will catch the next intrusion. Any advice/input would be greatly appreciated - thanks.
Any assitance would be greatfully welcomed.
I have a question and I can’t find a corresponding forum which answers it yet or any related googled articles out there with the answer either. I am trying to distinguish between the uses of a SEP 14 vs a web application firewall. Pro's vs Con's or supporting articles I can read up on to help me understand them better. Trying to decide the best solution protecting a webserver hosting a small app and back-end server environment, nothing too complicated or important behind it as it relates to data. I just want it to be hacked and taken offline. Ultimately trying to see which can best protect me against the owasp top 10 attack list.
Any assistance or guidance is greatly appreciated,
I am trying to uninstall the Kaspersky endpoint protection 10 agent by performing a remote push from sepm on windows 7 clients, but it is not working.It does not remove Kaspersky and it does install the sep agent, so the two agents are active on the computer at the same time.Instead, I perform the same action on Windows 10 computers and everything works perfectly.My version of SEP is 14.2.
Any ideas?
Thank you