Hello.
I need help in synchronizing the symantec endpoint on the server and the client.
I created an exe file in the admin console and installed it on the client.
Previously, the server automatically connected to the client.
I can enter the admin console in the browser on the computer-client.
I am trying to find documentation on how the communication piece of this works. It says in the admin guide that "location" is no longer used once SEPM is tied to SEPM Cloud. So how does the communcation work? Does the system attempt to connect to SEPM on-prem and if it cant it then checks in with the cloud instance? Is the "cloud instance" only a connection point for SEPM on-prem server or do the endpoints have some other way to communicate with it?
If you have links or documentation on this it would be much appreciated. I am hoping that cloud is like an off-prem management server for mobile systems, like laptops, to check in with for management purposes.
Hello everyone,
I have a big problem. I have a hardware device ID list with 700 ID´s and i need edit the device name of the 30 devices in list. I already tried everything but i not found a option to search a specific ID. In browser like a in a pdf document we can "press ctrl+f" and write a specific name that i am looking for and search, but in SEPM we can´t. If i roll the drop to down and look one-by-one i know that i can, but is a hard work.
I see several of the following messages in the symantec logs. What does it mean? Is it a problem
Aug 8 14:40:03 whcs-mi-es-4 symcfgd: subscriber 4 has left -- closed 0 remaining handles
Aug 8 14:40:18 whcs-mi-es-4 symcfgd: subscriber 5 has left -- closed 0 remaining handles
Aug 8 14:40:22 whcs-mi-es-4 symcfgd: subscriber 6 has left -- closed 0 remaining handles
Aug 8 14:40:51 whcs-mi-es-4 symcfgd: subscriber 7 has left -- closed 0 remaining handles
Aug 8 14:40:51 whcs-mi-es-4 symcfgd: subscriber 8 has left -- closed 0 remaining handles
Aug 8 14:40:51 whcs-mi-es-4 symcfgd: subscriber 9 has left -- closed 0 remaining handles
Aug 8 14:40:51 whcs-mi-es-4 symcfgd: subscriber 10 has left -- closed 0 remaining handles
Aug 8 14:40:51 whcs-mi-es-4 symcfgd: subscriber 11 has left -- closed 0 remaining handles
Aug 8 14:40:51 whcs-mi-es-4 symcfgd: subscriber 12 has left -- closed 0 remaining handles
Aug 8 14:40:51 whcs-mi-es-4 symcfgd: subscriber 13 has left -- closed 0 remaining handles
Aug 8 14:40:55 whcs-mi-es-4 symcfgd: subscriber 14 has left -- closed 0 remaining handles
Aug 8 14:42:25 whcs-mi-es-4 symcfgd: subscriber 15 has left -- closed 0 remaining handles
Aug 8 14:42:25 whcs-mi-es-4 symcfgd: subscriber 16 has left -- closed 0 remaining handles
Aug 8 14:42:25 whcs-mi-es-4 symcfgd: subscriber 17 has left -- closed 0 remaining handles
Aug 8 14:42:25 whcs-mi-es-4 symcfgd: subscriber 18 has left -- closed 0 remaining handles
Aug 8 14:42:25 whcs-mi-es-4 symcfgd: subscriber 19 has left -- closed 0 remaining handles
Aug 8 14:42:25 whcs-mi-es-4 symcfgd: subscriber 20 has left -- closed 0 remaining handles
Aug 8 14:42:25 whcs-mi-es-4 symcfgd: subscriber 21 has left -- closed 0 remaining handles
Aug 8 14:42:25 whcs-mi-es-4 symcfgd: subscriber 22 has left -- closed 0 remaining handles
Aug 8 14:42:25 whcs-mi-es-4 symcfgd: subscriber 23 has left -- closed 0 remaining handles
Aug 8 14:42:25 whcs-mi-es-4 symcfgd: subscriber 24 has left -- closed 0 remaining handles
Aug 8 14:42:25 whcs-mi-es-4 symcfgd: subscriber 25 has left -- closed 0 remaining handles
Aug 8 14:42:25 whcs-mi-es-4 symcfgd: subscriber 26 has left -- closed 0 remaining handles
Aug 8 14:42:25 whcs-mi-es-4 symcfgd: subscriber 27 has left -- closed 0 remaining handles
Aug 8 14:42:25 whcs-mi-es-4 symcfgd: subscriber 28 has left -- closed 0 remaining handles
Aug 8 14:42:25 whcs-mi-es-4 symcfgd: subscriber 29 has left -- closed 0 remaining handles
Aug 8 14:42:25 whcs-mi-es-4 symcfgd: subscriber 30 has left -- closed 0 remaining handles
Aug 8 14:42:25 whcs-mi-es-4 symcfgd: subscriber 31 has left -- closed 0 remaining handles
Aug 8 14:42:25 whcs-mi-es-4 symcfgd: subscriber 32 has left -- closed 0 remaining handles
Aug 8 14:42:25 whcs-mi-es-4 symcfgd: subscriber 33 has left -- closed 0 remaining handles
Aug 8 14:42:25 whcs-mi-es-4 symcfgd: subscriber 34 has left -- closed 0 remaining handles
Aug 8 14:42:25 whcs-mi-es-4 symcfgd: subscriber 35 has left -- closed 0 remaining handles
I have been hitting a problem where it look like a SAV scheduled scan is kicked off and very quickly causes a Linux reboot. I can look in var/log/messages and see several messages in the log from Symantec and then the messages stop and that is followed up by messages that the Linux kernel is booting. Sometimes the system comes back up and other times it does not boot and we have to go through a recovery console. I can readily create this on one of our systems by simply kicking off a scheduled scan. We have other systems that don't seem to be effected. They are all running a similar version of Symantec. Has anyone seen a similar problem and does anyone have an idea of what causes this and a possible resolution. A snippet from /var/log/messages shows messages from SAV and then the kernel starts to boot.
Aug 8 16:04:03 whcs-mi-es-4 rtvscand: Scan could not open file /sys/devices/pnp0/00:04/power/runtime_usage [00000003]
Aug 8 16:04:03 whcs-mi-es-4 rtvscand: Scan could not open file /sys/devices/pnp0/00:04/power/runtime_suspended_time [00000003]
Aug 8 16:04:03 whcs-mi-es-4 rtvscand: Scan could not open file /sys/devices/pnp0/00:04/uevent [00000003]
Aug 8 16:04:03 whcs-mi-es-4 rtvscand: Scan could not open file /sys/devices/pnp0/00:04/resources [00000003]
Aug 8 16:04:03 whcs-mi-es-4 rtvscand: Scan could not open file /sys/devices/pnp0/00:04/options [00000003]
Aug 8 16:04:03 whcs-mi-es-4 rtvscand: Scan could not open file /sys/devices/pnp0/00:05/id [00000003]
Aug 8 16:04:03 whcs-mi-es-4 rtvscand: Scan could not open file /sys/devices/pnp0/00:05/tpm/tpm0/dev [00000003]
Aug 8 16:04:03 whcs-mi-es-4 rtvscand: Scan could not open file /sys/devices/pnp0/00:05/tpm/tpm0/ppi/request [00000003]
Aug 8 16:04:33 whcs-mi-es-4 log-courier: 2018/08/08 16:04:23.677512 Transport error, will try again: Server did not respond within network timeout
Aug 8 16:04:33 whcs-mi-es-4 audispd: node=whcs-mi-es-4.watson-health.net type=AVC msg=audit(1533762273.976:2056): avc: denied { open } for pid=1425 comm="collectd" path="/var/log/collectd.log" dev="sda3" ino=1074791467 scontext=system_u:system_r:collectd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file
Aug 8 16:04:33 whcs-mi-es-4 audispd: node=whcs-mi-es-4.watson-health.net type=SYSCALL msg=audit(1533762273.976:2056): arch=c000003e syscall=2 success=yes exit=8 a0=562985488830 a1=441 a2=1b6 a3=24 items=0 ppid=1 pid=1425 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="collectd" exe="/usr/sbin/collectd" subj=system_u:system_r:collectd_t:s0 key=(null)
Aug 8 16:04:33 whcs-mi-es-4 audispd: node=whcs-mi-es-4.watson-health.net type=PROCTITLE msg=audit(1533762273.976:2056): proctitle="/usr/sbin/collectd"
Aug 8 16:04:33 whcs-mi-es-4 rtvscand: Scan could not open file /sys/devices/pnp0/00:05/tpm/tpm0/ppi/response [00000003]
Aug 8 16:04:33 whcs-mi-es-4 rtvscand: Scan could not open file /sys/devices/pnp0/00:05/tpm/tpm0/ppi/transition_action [00000003]
Aug 8 16:13:30 whcs-mi-es-4 kernel: Initializing cgroup subsys cpuset
Aug 8 16:13:30 whcs-mi-es-4 kernel: Initializing cgroup subsys cpu
Aug 8 16:13:30 whcs-mi-es-4 kernel: Initializing cgroup subsys cpuacct
Aug 8 16:13:30 whcs-mi-es-4 kernel: Linux version 3.10.0-862.el7.x86_64 (mockbuild@x86-034.build.eng.bos.redhat.com) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC) ) #1 SMP Wed Mar 21 18:14:51 EDT 2018
Aug 8 16:13:30 whcs-mi-es-4 kernel: Command line: BOOT_IMAGE=/vmlinuz-3.10.0-862.el7.x86_64 root=UUID=22fc43e8-7157-4aab-a649-3d745a772e90 ro crashkernel=auto nomodeset biosdevname=0 net.ifnames=0 LANG=en_US.UTF-8
Aug 8 16:13:30 whcs-mi-es-4 kernel: e820: BIOS-provided physical RAM map:
Aug 8 16:13:30 whcs-mi-es-4 kernel: BIOS-e820: [mem 0x0000000000000000-0x000000000009bfff] usable
Aug 8 16:13:30 whcs-mi-es-4 kernel: BIOS-e820: [mem 0x000000000009c000-0x000000000009ffff] reserved
Aug 8 16:13:30 whcs-mi-es-4 kernel: BIOS-e820: [mem 0x00000000000e0000-0x00000000000fffff] reserved
Aug 8 16:13:30 whcs-mi-es-4 kernel: BIOS-e820: [mem 0x0000000000100000-0x000000004bfaffff] usable
HI,
I have a few branches which require a GUP. Within those branches, I have two subnets (example 192.168.1.0 and 192.168.10.0). I have successfully created a GUP using the 192.168.1.0 subnet. I have created another liveupdate policy for the subnet "10.0" with explicit GUP found in the 192.168.1.0 subnet. At this point, the server in the 192.168.10.0 subnet indicates that it updates the policy on the server and sees the group update provider mapping entries. However, the system does not appear to update.
I have a few questions regarding the process.
1. Can I force the client system to update via a GUP?
2. Is there a way to see the logs associated with when the system attempts to update?
3. The GUP is supposed to update from the SEPM. Is there a way to schedule the updates of the GUP from the SEPM. How often does the GUP actually update from the SEPM?
Thanks,
Corey
Hi everyone,
My licensing doesn't expire until October (2 months from now) yet I see ton of Symantec Endpoint Protection contains licenses that are about to expire in my event viewer
When I check SEP Manager the licenses are fine with expiration in October yet they have an exclamation sign? What gives? Is that normal? To be flooded with expiration warnings 2 months ahead of time? I get the event in my event viewer about every 4 hours or so
Thanky ou
~B
Hello
Why Seats used are diferent from total endpoint showed in the dashboard of SEPM? (see attached file)
How seats used is calculated?
Thaks
I would like to create a MAC client package without the firewall but unlinke Windows packages I cant seem to find a way to exclude features for the SEP client.
We have a user who travels frequently, and use multiple VPN clients to connect to multiple development environment and the SEP client prevent him to access some systems.
We found out in the logs some blocked connection to certain remote IPs, I have tried creating exclusions in the firewall policy but there are just too many to create for him.
He would like to use the MAC OSX default firewall and keep the Virus protection.
Hi there,
We are experiencing client installation failures with the latest version 14.2.770.0000 (clean installations, updates from previous versions via auto-upgrade not affected). After the initial reboot, the client GUI doesn't open (error: "Symantec Endpoint Protection cannot open because some Symantec services are stopped. Restart the Symantec services and then open Symantec Endpoint Protection" (attached). Reboot doesn't fix the issue.
Already liaising with Support but I'm curious to hear if others are seeing this too.
Cheers,
Michael
GUP is taking update from SEPM but Clients are not taking update from GUP
configuring SEPM to connect with the Microsoft SQL Database.It is refusing to connect.the error code is 11501.
We recently had issues with our VMs and in the process of resolving those issues we found ourselves with lots of "ghost connections". One solution is presumably to go into Regedit and delete them but that worries me because as a trial I just disabled them and found that the File Server then lost contact with the Active Directory machine even though the active NIC/Teefer weren't touched. As soon as I re-enabled them we were back in business. So although - say - NIC 5 and Teefer 5 are active NICs 4,3,2 and their relevant Teefers are still bound to some necessary protocol. This isn't a mega-deal as we are only three people and the server farm consists of an AD, File Server, and a Mailserver which is not in the Domain. My task is to remove these spurious Teefers and their correponding NICs but how? Do I uninstall Symantec completely, reboot and remove and remaining NICs and Teefers and then reboot again and reinstall? Or do I just use Regedit and trust the system to reconnect? (Doubtful)? The ghost connections are at the root (I believe) of another problem we have concerning the RPC server service which loses contact and then we cannot log in at all! Any ideas please? Jean
We have unmanaged clients on our network that I need to convert to managed clients. What's the best way to search for and find those unmanaged clients? It doesn't make sense that they had this feature available in SEPM 11, but took it away. I've looked under Home>Security Status>View Details>Unknown Device Failures and nothing is listed. I also set up a notification, but this is a university, and I don't really want to know when anyone brings an unknown device onto the campus. I just want to find the SEP installs that are unmanaged and convert them to managed.
When I log on my computer (purchased 6/1/18) there is a small rectangular box in the lower right corner that displays "Firewall needs attention". I contacted HP and they looked all around my computer and said it was a Symantec issue. Is this related to Windows Defender? How can I determine the problem? Thanks!
Hi,
Kindly confirm Symantec has protection for AR18-221A: MAR-10135536-17 North Korean Trojan: KEYMARBLE.
Hi All,
has anyone encountered this error message before when sending out emails. This message popped up on a users machine . See attached.
SEP v14.0.2415.0200 installed on Win 7 Enterprise edition The outlook plugin is not installed and the option is disabled. I have searched and there was a similar issue but on v12.
Hi Team,
LUA downloading and distrubuting but clients not updating, please help.
Hi there,
my client wants to have highly available SEPM for his1000 clients.
Is it possible to have
1. 2 SEPM with embedded DB managing all 1000 clients, so SEPM A sees all 1000 clients, the same as SEPM B
2. or have 2 SEPM's pointing to a clustered database.
Thank you.
Searching for Best Practice for copying Anti-Virus definition from Host to VM.
We have 100 laptops in Windows 7 which are getting the Anti-Virus definition update from SEPM version 12.1.6. These laptops use low bandwidth connection, most of the time offline with no internet connection.
Each laptop has a VM player installed and both the Host OS and the VM have the SEP client. Currently, Host and VM clients get the definition update from SEPM separately.
Issues we have
1. The same definition will be downloaded twice and took over an hour to update.
2. When the host connected to the SEPM to update, the VM may not be running, so only the Host updated. We have to remind users to run the VM while they are connecting to the network to get definition update.
We want the laptop only download the definition one time when the definition changes, and both host and VM are updated.
I read some articles and forum here.
1. Can I setup the Host client as the Group Update Provider (GUP) and provide definition to the VM?
2. Can I change the Virus definition location in the VM to point to the Host folder, so both Host and VM share the same definition?
3. During startup, create a script to copy the definition from host to VM?
Please provide some suggestions and what would be the best practice. If this question has been answered before, please provide a link.
Thank you!
Edmund