Hi All,
Wondering who else is getting the following file being marked as Trojan.Gen.NPE.2?
C:\Windows\WinSxS\amd64_microsoft-windows-lockapp.appxmain_31bf3856ad364e35_10.0.15063.447_none_7c88931f3a3f40fd\LockApp.exe
This is only started today, and it's being reported across our entire Windows 10 estate, I am wondering if it is a false positive?
Cheers.
Hi.
I have a problem with try to block google chrome extension , The extension is ultrasurf , that is a problem with users because these have internet full permision with the extension. How can I block the extension in SEP Manager on clients windows and Linux. the extension isn't a .exe this is a chrome extension
Can somebody help me.
Hello,
Our site is integrated with Symantec VIP. Once we login using Company credentials, we should be prompted by the Symantec pop up asking for the 6 digit codes. Some of our users were not prompted by the pop up and encountered the error: Failed to Load Symantec VIP Javascript!
What is the cause and solution for this?
Thanks,
RJ
Hi Guys,
I am setting up a new server to move our existing site over to new VM's. Old site does have SQL database. I want to install new site, fresh with it's own SQL DB and have the 2 site replicate data before decomming the old site (using server management lists). Once happy with second site and all data, will upgrade to SEPM 14.
1. Any issues with SQL - SQL replication (KB Article\how to) Issues with versions etc
2. Server Managment List good option to move clients?
3. unable to get SEP 14 download from My file connect - issue with current license structure? do i need to contact support?
thanks all
Hi all,
I was just wondering if there were any other government or Academic customers out there who wouldn't mind a discussion about the cancellation of the subscription program and if they managed to get a decent response out of Symantec over the issue.
At our University we only found out this week that the subscription program had been cancelled as we'd previously bought a 3 year renewal and ours is just expiring. It seems it was cancelled last april and no-one had engaged with customers about it.
So the issue is - that I'm sure all other Academic/Government insitutions also had - is that we're now being told that because we have no existing agreement we have to buy a completely new initial purchase at the huge initial cost. We'd only budgeted for our annual renewal and the "new" license cost is going to be astronomical and unaffordable.
I can undertand that we can't just pay maintenance costs on a license agreement that doesn't exist for the new device-count based perpetual license model we need to move to. What I don't understand is why Symantec are not offering to do what has been done in the past for other products. For example when Symantec rebranded Deployment Solution as Ghost solution suite and made Deployment Solution end of life all existing customers had to buy new licenses in exactly the same way. What they did however was offer existing customers massively discounted pricing on the initial license purchases in-line with their expected renewal.
The approach mentioned above isn't only reasonable but also damage limitation. There's no better way to make sure no-one wants to buy any more of your products ever again than to force your customers to rebuy the same products again for no reason at the massive initial purchase cost - when they still have the licensed product in place.
I was wondering if anyone had any success in negotiating such a discount on their "new" license purchase after their Academic/government subscription ended? If so please do let me know! Or if alternatively you're a customer who experience the same issues but just had to rebuy anyway I'd appreciate a quick chat.
Our attempts are falling on deaf ears and it's beginning to look like we'll have to rush through an emergency tender process to move to a new product. We're all pretty apalled at how loyal customers are being treated especially in these sectors whilst everyone is being squeezed - this couldn't come at a worse time.
Thanks for your time and feel free to privately message me so we can keep any further detail off the forums.
Best Regards,
Laurence
Dear Team,
When we pull the reports , we do not get the actual data .
We found that there were few client entries were missing from the report ,
also the firewall report shows almost the same number of logs if you compare a week's log with a month and year.
Please help me the above issue..
Hi,
Got an issue after upgrade SEP from 14.0 to 14.2, i have 10 windows client upgraded and all of them unable to communicate with the SEP Server. At all clients, i found error message that said: "SSL peer certificate or SSH remote key was not OK" in the Troubleshooting - Server Connection Status window.
Another information you guys might to know:
OS: Windows Server 2012 (SEP Server & clients)
Database: SQL Server
Note: Got the installer from official site Symantec and manually installed on server and each client.
Thanks in advance.
I wanted to log into the \\ipaddress:9090 SEPM console, but I see it's not https.
Is that on my end? How would I make that work with https? Or is that how the software is set up? I would assume if I put my credentials in on that http page, it's not secure and something could sniff them out.
Hi All,
Any idea or base ADC as per above subject that can be used?
Thanks
Hi all,
I am trying to run DoScan.exe in this location "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.1904.0000.105\Bin" from command prompt.
This is the command: Doscan.exe /ScanFile "D:\Codehub_Steps.txt"
But once i hit enter, the cursor moves to next line and thats all, and it stays there. No termination of command and no log file created, nothing.
I manually searched for the log file in "C:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.1904.0000.105\Data\Logs\AV" location too. But i can't find anything. The file size is 1kb only.
Some other commands like "Doscan.exe /h", "Doscan.exe /L" are working but only when i try to run scan its not working.
Kindly advice.
Hi, I have a SEPM 14.2 installed on a Windows Server 2016.
Previously, my SEP clients were able to connect to the SEPM, however due to some reasons, the SEPM was uninstalled and reinstalled.
After the reinstallation, the SEP clients are unable to connect to the SEPM server anymore.
I have enabled the secreg logs and the logs shows the following:
ProcessReq >> Bad request, Secreg cannot find tag from request! Secreg cannot continue to process this request! Tag is: Mac=".
4 Bad Request, MacAddress is invalid!
The network seems fine and firewall at both the SEP and SEPM are disabled.
I have tried to reinstall again but to no avail.
Could not find any help on this topic.
Does anyone have an idea of what is happening?
I need help with remote deployment of SEPM clients(2000plus) with SCCM. The various configurations needed. What i found here was Deployment(update) of SEP Clients but i need help with fresh installation and creating on policies.
I received this message from Symantec Endpoint Protection on three servers and I want to know if this is a false positive. Normally, ntoskrnl.exe is located in c:\Windows\system32 and c:\windows\winsxs is a Windows system folder so I can't determine if this is a virus or not.
Security Risk Found!Trojan.Gen.NPE.2 in File: c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.3.9600.18758_none_5d130c9f87fe5243\ntoskrnl.exe by: Scheduled scan. Action: Cleaned by Deletion
Hello! Where can I subscribe to newsletters about the release of new versions SEP/SEPM ?Is this possible?
Hi guys,
I have inherited a SEP12 environment that I am currently upgrading to 14.2 - essentially starting afresh as the SEP12 environment is a bit of a mess.
However, there are a TONNE of exceptions for SQL; a mix of files, folders, even entire drives.
What is the best practice when it comes to running SEP 14.2 on SQL servers? We don't want our databases or servers to become corrupt, inaccessable or grinding to a halt!
Thanks!
1. I am running SEPM 14.0.1 and need to quickly upgrade some SEP virtual clients to 14.2 for a short period before upgrading my SEPM to 14.2. I have had a few strange issues but for the most part it is working EXCEPT when I install the 14.2 CLIENT on the Server. I need some help with this ASAP.
2. Also noted - we use a tool called Industrial Defender that showed several firewall changes that I can't find information about.
One example:
Before SEP Package added and deployed:
| Firewall Rules | In: any - Out: internal | Allow - Local: 808 Remote: 161 - disabled |
After the SEP Package added and deployed to several clients:
| Source IF | Destination IF | Source Addr | Destination Addr | Action | Schedule | Service | Status | Change Type |
| UNKNOWN | UNKNOWN | any | internal | Allow | UNKNOWN | Actual: Local: 808 Remote: 161;Config: Local: 161 Remote: 161 | Actual: disabled;Config: enabled | FW Rule Change |
3. All Local: 5355 (Local and Remote) have been deleted. ??
Hello,
I have scheduled to download two different products (14.0 & 14.2) in a two different time. and i have only one distribution center. I have added both products into the same distribution center and looks like my download is ok but distribuion is failing. I have no clue what am i doing wrong. Any idea how should i configure it ?
Hi guys, i need help on this.
We have a non-persistant VDI environment (Citrix) and create the clients by cloning master-images. The OS is Windows 7 (W10 images not testet yet). Everything was fine until SEP 14.0.x. I have upgraded the SEPM to 14.2.758.0000 and now to the latest 14.2.760.0000.
After upgrading the SEP Client in our W7-Client-Master-Image to 14.2 i noticed a strange behaviour in the SEPM VDI groups. The online clients status is offline, but it shows the logged-in user and IP, but no client version, last time active, policy number or whatever. Only one client shows up as online with the green dot and all the information.
We had trouble with duplicate HardwareIDs before with cloning, so i checked this. But the HWID is always unique. I checked the ersecreg.log and found all VDI clients have the same AgentID in the log. Checked the registry \SMC\SYLINK entries and found the same AgentID string as the HostGUID entry. So maybe something went wrong with the cloneprep and we did it over, but again the clients have all the same (new) AgentID from the Master-Image. So we tried with the ClientSideClonePrep Tool and the RepairClonedImage Tool but these only changes the HWID. The AgentID is still the same after using the tools or deleting the reg keys by hand and a reboot of the Master-Image. Where does the client still found the AgentID and put it back into the registry?!
Havn't found an answer to this. Seems duplicate AgentIDs are as bad as having duplicate HWIDs ;-)
BTW, what is the AgentID /HostGUID used for exactly?
Thanks for your time on this.
Jan K.
Hi Team
I recently noticed a blank screen when i select reports in Symantec endpoint Protection manager. No clue to troubleshoot.
Please help.
Regards,
Santhosh B S
Hi Team,
We have Symantec Endpoint protection Manager 12.x version in our environumnet.
If i upgrade one of my client to 14.x version, will SEPM can still support & update definitions?