Hi
I have disabled the intrusion policy from SEP management server and i could see it's getting applied for some fraction of minutes but getting enabled again automtically.
Can you please help me on this?
Regards
Dev
Hello everyone,
Sort of new to this thread piece but was curious on the best way to find endpoints in my environment without SEP installed. Any suggestions / best practices? Thanks ahead of time.
We have started testing SEP 14.2 and on atleast two of our Windows 10 machines we see that the SEP service crashes right after boot.
We have tried uninstalling all features except AV and the problem still persist.
If we are quick we are able to open the SEP GUI right after boot before it crashes. It will then be green until it turns red and malfunctioning.
At this point the SEPmaster service stops and we can't open the GUI.
Anyone else experiencing this problem?
The environment is enrolled into the cloud
Torb
Anybody facing this? 27-28 June
Is there any new changes on the IPS signature?....seems like the rule inconsistent
The settings is allow and log only, but apparently a lot got blocked..
Only after placing under signature execption... vnc ok
Hi,
I am looking for verification regarding what firewall ports are required for deploying SEP clients directly from the SEPM server.
At the moment we export clients, move them to SCCM, and deploy them to machines using this method.
I would like the ability to do this direct from the SEPM console, but it looks like there is a connectivity issue.
Can someone verify what Firewall rules need to be in place in order to achieve this?
Thanks.
Dear all,
I am trying to update Mac's SEP using SEPM within a closed network i,e. there are no computers can access internet. I can only transfer the updates using a CDR.
As I understand it, I need to build a live update administrator and download Mac's definition. Next, I need to configure the LUA as my internal LiveUpdate server on SEPM in order to update all my SEPs. Yet, it means I need to allow the LUA to access the internet.
https://support.symantec.com/en_US/article.TECH134...
The Symantec Endpoint Protection Manager cannot host Macintosh LiveUpdate content the same way as it does for Windows clients.
Is there a simplier way to update Mac's SEP using SEPM other than unpacking .pkg on each Mac?
Thanks.
Regards,
Stephen
Hi,
I would like a confirmation on whether SEP 14 Client is compatiable with Microsoft Surface Studio, before deployment decisions are made.
It runs on windows 10 Pro, which is technically supported by SEP 14.
However, there is a previous case where the surface pro(another microsoft surface product) cannot work with SEP client due to it utilizing storage spaces only.
https://www.symantec.com/connect/ideas/symantec-en...
Google searches regarding compatiablity with Surface studio was fruitless.
Detailed specs are given below:
www.microsoft.com/en-us/surface/devices/surface-st...
Thanks for the help.
Hi,
I'm currently trying to create a custom IPS rule in order to flag a specific packet generated by an application. In order to be more specific, I'm trying to intercept a specific DRSUAPI operation packet.
Is it possible to do this with custom IPS? If it is, how can we achieve this?
Thanks!
After being on the phone with lexmark for over three hours, our technician believes that Symantic is blocking our ability to print. We are not sure exactly how to fix this on synamtics end. How would one go about finding and then allowing this traffic to pass through the firewall. I would've perfered to call, but that does seem to be an option.
Hello,
I needed to install SEP 14 on a Ubuntu Server and I followed the KB article listed here:
https://support.symantec.com/en_US/article.TECH228118.html
However I got an error during the install. The error was "No drivers are loaded into Kernel". I googled the error and attempted to find a resolution and I found this KB/Thread which recommends complining manually:
https://support.symantec.com/en_US/article.TECH132773.html
This is where I run into issues. I am not very profficient at Linux so please pardon my ignorance. It stated that I needed to install GCC and then run the command to build it. I scrolled down through the matrix and selected the command but not get it to run succesfully. I simply got "Command not found" when I tried entering:
linux-headers-$(uname -r) build-essential
Do I need to run that command first? Then run the command listed below? Or do I just need to run one and not the other?
./build.sh --kernel-dir /usr/src/linux-headers-$(uname -r)
Any help would be really appreciated. I can attached the log files if needed but I don't think they will be much help.
Hi there,
I found out that I cannot login into the USB drive whenever the Endpoint Protection blocked the access to autorun.inf,
does anyone can help me?
The attachments are the screenshot and viewlog file.
Thanks a lot.
Im running about 15 SEP cliente and they will not update IPS definintion and i get two error messages.
"An update for Intrusion Prevention Signatures failed to install. Error: Content update general error (0xE0010001), DuResult: General error (32)."
"New content update failed to download from the management server. "
After running SymDiag I get one error sying
"Service "IPS NEtwork Filter Driver" is not configured and operating properly"
and the details says: "Service Last exited with code 31"
Both clients and manger run 14.0.3897.1101 (14.0.1 MP1)
How can i solve this error ?
Mikal
Hi all,
We are running SEPM 14.0.RU1 MP2(build 3929) on Windows Server 2012 R2 Standard 64-bit(wmvare)
-2 servers for internal(desktops,notebooks) and another one for external (DMZ) (notebooks),
all with the OS installed on drive C,and SEPM on drive D where we can have more space than drive C and with a database SQL Server on another Microsoft SQL Server .
We have to install/migrate the same SEPM version to Windows Server 2016 and migrate clients to new servers.
I do not have the names of the new servers and the IP address yet and I know there are several variants depending on the fact that
the new servers keep the name and IP address of the old one,or the name and / or IP address may be different.
Please advise me how to proceed and how to apply DR in this situation and what would be the best way to solve this.
How can I test without affecting servers that are in production?
-copy db backup to another computer,install the same version of SEPM and use restore database - to find out if structure, groups, policies are being maintained ? or
-DR with private key backup (recovery _...-...-.... zip) and database backup?
I know that each SEPM upgrade modifies the Server private key backup,and we have the files saved for each server separately,as well as the database backup,that we do weekly...
Thank you !
Hi! We have a problem iwth our Power Shell scripts which are blocked by your antivirus.
We have a Team Foundation Server build agent and in our builld process executes some power shell scripts.
All worked fine before tonight.
From this night we see this message always whern trying to start build process:
Security risk found!SONAR.AM.PS!g1 in File c:\buildagent\bin\agent.worker.exe by SONAR scan:
Action. Action Description: Access blocked
We have added this folder to Exceptions but it not fixed our problem
What happened? Please fix your prevent protection! It works wrong!
Add popular build systems to exceptions, because it normal action for buildAgent to execute scripts which do some remote work
Configuration:
Windows Server 2012R2
PowerShell v 5.0
Symantec Endpoint Protection 12.1.6 (build 12.1.6867.6400)
Hello all,
Could someone please let me know if there's an official document from Symantec on how to Clear Corrupt Defintions for SEP 14.x
As usual the pathetic technical support does not know how to and doesn't even have an article for SEP 14.x
All I get from the tech support is articles for SEP 12.1 and SEP 11.x stating that it should work on SEP 14.x
Thankyou
Farhan Khan
Hi Everyone,
I built a pretty beefy VM for SEEM. I am looking to upgrade SEP to 14.2. I thought I might install the new SEPM on the server with SEEM. Is this possible or do I need to spin up a new VM?
Thanks,
Mike
I just upgraded my SEPM installation from 14.0 to 14.2 and am testing it out on my client test group. One issue I am seeing is that the RSAT Server Manager tool will not launch with this version of SEP. The Server Manager process is there in task manager using a lot of cpu cycles and multiple instances can be spawned quickly using up all available cpu resources. The Server Manager GUI or even the splashscreen does not appear.
If I launch an elevated powershell window and run ServerManager from it, Server Manager launches with normal cpu usage.
This is the only way I am able to launch it, right clicking the shortcut and selecting run as admin does not work.
RSAT version is 1709 x64. Windows up to date with June cumulative update.
Hello,
I'm looking for a solution that I need to connect my SEPM Database externally with a third party tool. So would like to know more information like what is the DB name like Mysql or Micrososft Database, Port to connect to with, the password to connect and so on.. Please help me out with this stuffs. Thanks in advance.
Also additionally is that password which I need to use is DB creds or the windows AD password which I used to login the server.
How do I create some exceptions to allow SMTP and POP3/IMAP traffic destined for specific machines? The firewall policy is not enabled, so this would be for some other policy.
Hi all,
I have a problem with symantec endpoint protection
i can't update symantec endpoint protection on client
when i clicked button "fix" on SEP, pop up alert "symantec endpoint protection has requested a protection definitions update. this problem will disappear after the update".
I checked SEPM but i dont' fixed.
Thanks all.