I do not need a solution (just sharing information)
In case anyone else has been waiting for this, I know I was.
https://support.symantec.com/en_US/article.TECH134809.html
-Mike
0
↧
LiveUpdate Administrator v2.3.7 released
↧
Is a computer installed with SEPM protected?
I need a solution
Hi all,
This is my first time deploying SEP 14 for my company.
Already in touch with the vendor to acquire licenses for SEP 14 with 3 year essential support.
I have 3 clients that need protection: a file server and two employee computers.
I also intend to run SEPM on the file server itself. All will be dark network clients as they do not regularly connect to the internet.
The only question there lies: does the file server itself, which is provisioned with SEPM require a client to be installed on it before it can receive the same amount of protection as the other clients? In that case, should the number of licenses I provision be 2 or 3?
Looking forward to everyone's responses. Thanks!
0
↧
↧
SEP clients without internet access constantly generating e-mail notification
I need a solution
Hello.
We have few computers which are SEP clients and have been recently "disconnected" from internet access on our router firewall. We are using external LiveUpdate server and the specific LiveUpdate addresses also were configured (allowed) on firewall. All the virus definition and client versions are up to date so it works, but after this whole operation we are constantly getting e-mail notification from SEPM and the reports are saying "Over the last 3 days the reputation check for unconfirmed files was unsuccessful due to network errors" (something like that, I had to translate it) - yes, this information is provided every 3 days for every client without internet access.
Should I add some address/addresses to firewall list or configure something in SEPM? Is Symantec cheking reputation of some files online in this scenario?
Would be gratefull for every kind of help or suggestions.
0
↧
Error when searching networking via Client Deployment Wizard
I need a solution
Hi.
I get the error in the attached when using the Client Deployment Wizard and searching my network. I have enabled the Computer Browser service and ensured that Fie and Print sharing is also enabled as per: https://support.symantec.com/en_US/article.TECH97057.html
SEPM is running on Windows server 2016 Datacenter.
Any ideas or suggestions?
0
↧
External Logging Not Working
I need a solution
Hello -
I'm running SEPM v12.1.6 build 7004.
I'm wanting to configure external logging to ship my SEP logs into my Graylog system but it doesn't seem to be working.
I followed the steps outlined in this doc, https://support.symantec.com/en_US/article.HOWTO81..., to configure the Syslog server settings in SEPM. On the Log Filter tab, I selected all available options. After waiting for several hours, no SEP logs have appeared in Graylog.
The Syslog Server settings are currently:
Syslog Server: FQDN of my Graylog server (I tried IP address here with no change in results)
Destination Port: TCP/12201
Log Facility: 23
Log Line Separator: CR
The the protocol/port specified above is open between the SEPM and Graylog servers - it's being used to push Windows Event logs between the same 2 machines. I tried different port/protcol combinations just in case.
For the log facility, I started with the default of 6 but moved to 23 after finding that suggestion in another discussion post.
So far, no combination of settings has allowed the SEP logs to be exported to Graylog.
As a test, I turned off the option to export to a syslog server and selected the option to export to a dump file. That, as well, has failed to produce any output. So, it doesn't seem there's a problem, specifically, with exporting to a syslog server but moreso that the export function just isn't working at all.
All of my client log setting policies are set to have the client logs uploaded to the management server. Using the Monitor and Report functions in SEPM, I can see the various pieces of data are actually there. The export function just doesn't seem to want to spit it out.
Any ideas of what I can try to get this working?
Thanks,
Robin
0
↧
↧
v14.2.770.0000 Policy Serial Number Blank, and Location Awarness Disabled and more problems....
I need a solution
Anyone else having problems with the latest v14.2.770.0000 ? It does not appear to be communication with the Manager. The Policy Serial Number, Location Awarness changed to Disabled, and for the Server name, its showing an IP now vs the server hostname.
I had to uninstall and went back to the last stable version which is v14.0.2415.0200.
Before v14.2.770.000 I installed v14.0.3929.1200, found out this one had an issue when a password was required for uninstalling. It would not accept the password. It appears v14.2.770.0000 also has the password uninstall issue. I had to turn off the password required to uninstall.
But more important is the problem with it communicating and getting the policy from the manager server. The shield is green as if things are working correctly. But when making policy changes, they do not get updated. System logs shows they it failed to import the policy. I was also getting a strange issue where IE was unable to go to to any web page. But Firefox worked. Outlook emails were not showing any images either due to this. But after re-installing 14.2.770.0000 it seemed to fix that issue. But the other issues are still there. A system scan was supposed to initiate at noon today, but the client did not start scanning.
Has anyone else experienced any issues like this ?
0
↧
SEP 12 MP 10: Scan Progress does not show in manual scans even when explicitly defined in scan settings
I need a solution
Hi all,
I have some older computers running SEP 12 MP10 on Windows 10, version 1803.
I realised that the scan progress never triggers no matter how many times I have the set the scan progress to be shown, even for custom scans.
All I just get is a message saying so and so scan is in progress. Clicking on it reveals nothing.
I open task manager and I don't see the Rtvscan process that was featured in earlier versions of SEP.
Yet! The scan completes when I see the scan log. I have no idea whether or not any malware was ever found during the scan and if any action has been taken at all.
Is this a known bug for SEP 12 MP 10 clients running on Windows 1803? I have no other different configurations so I cannot ascertain what is causing the problem.
0
↧
new sep version blocking hyperv VM connection?
I need a solution
Since I updated SEP 14 to the latest version on my clients that i use to connect to VM hosted on a WIN2016 hyperv host, I am unable to connect to the VM. I can open the hyperv manager, but double clicking on the VM, or selecting it and clicking connect give no result. I didn't realise this could be connected to SEP until I fresh installed a new win10 client, that could connect perfectly, until I instaleld SEP on it. Ideas?
0
↧
SEP not update definition after upgrade to 14.2
I need a solution
Hello,
I trying to update some clients from 14.0.2415 to the latest version 14.2.7700 but after upgrade them not taking the definition from the server.
Appreciate your help to solve this issue
Thank you
0
↧
↧
How to check the installation of Symantec Endpoint Protection across the entire domain
I need a solution
I am implementing SEP14.x across 3 sites. I currently have SCCM, which is used for endpoint management. My device collection form SCCM has a huge descrepancy from my SEP implementation. I will be honest to say the inventory is not so clean.
Is there a script that i can run to check which PC's have SEP (or anyother antimalware) installed, so i can take it from there?
Your advise is highly appreciated.
0
↧
License management
I need a solution
I am managing SEP 14 across 3 sites. In 2 of the sites there is a high security zone behind a DMZ. I have licenses for the 3 sites (3000 seats) and another set for the secure zones, which have a limited number of clients (no more than 200 devices, 800 seats purchased). What would be the best approach in terms of licensing the 2 groups?
0
↧
SONAR.SuspLaunch!g24 Virus
I need a solution
Hello Team,
We are continuosly seeing the alerts related to Downloader Dromedan attack activity blocked and the culprit service is regsvr32.exe which falls under the category of SONAR.SuspLaunch!g24 as reported by Symantec. Please assist so as to what steps should be followed:
| Windows 7 Professional Edition | SONAR.SuspLaunch!g24 Security Risk | 1 | 08/20/2018 09:16:43 | Default | c:\windows\system32\regsvr32.exe | SHA-256 890c1734ed1ef6b2 422a9b21d6205cf9 1e014add8a7f41aa 5a294fcf60631a7b |
| 08/18/2018 09:04:40 | Active Response disengaged | Windows 7 Enterprise Edition | Info and above | Other | Default | 1 | ||||||
| 08/18/2018 08:55:40 | Intrusion Prevention | Windows 7 Enterprise Edition | Critical | Inbound | Default | 1 | ||||||
| 08/18/2018 08:54:45 | Active Response | Windows 7 Enterprise Edition | Major and above | Inbound | Default | 1 |
0
↧
Hijack.FolderOptions removal and detection
I need a solution
Hi All,
May I ask what will be our resolution to detect, remove and prevent this type of Malware. I already update our SEP 14 manager and all SEP client but still we encounter this Hijack.FolderOptions.
Any Idea how to prevent it to occur again?
Thank you.
Nestor.
0
↧
↧
SEP v. 12.1.7004.6500 not installing on Windows 10 Prof v18.03
I need a solution
SEP v. 12.1.7004.6500 not installing on Windows 10 Prof v18.03. I keep getting an error stating that this operating system is not supported. I have installed it on previous versions of Windows 10 with no problem. Any suggestions? Thanks in advance!
0
↧
Detection by digital signature publisher
I need a solution
I want to block or ban or clean a file based on digital signature publisher. Mindspark Interactive Network, Inc. is a greyware whack-a-mole that hash banning just won't take care of. I need SEP to interogate the file, and upon seeing the digital signature publisher equals Mindspark Interactive Network, Inc., remove the file or clean it or delete it or quarantine it. Any hep on this would be greatly appreciative.
Thanks,
Rogue
0
↧
When triggers port scan detection an active response
I need a solution
Hello,
we're using sep 14.x with activated sep firewall on our W7 Systems. Now I'm just wondering about, why a detected port scan does not trigger an automatic block of the attackers IP address. Could anyone tell me when a logged port scan detection triggers an automatic block and when not. My understandig is, if there is an detected port scan then, if its enabled, IPS is generatig an active response, which means blocking the attackers IP address for a period of time.
till August, 14th this works fine, since then no attackers IPs where blocked anymore. Why?
Thanks in advance for useful suggestions ;-)
Matthias.
See attachments
With block: 2018-08-21 09_55_37-Symantec.png
Without block: 2018-08-21 09_57_04-Symantec.png
0
↧
High Priority: Unable to track Mac Serial Number & domain userid
I need a solution
Hi Team,
Currently in SEP report, in a windows machine, we get userid and system serial number but in MAC there is no way to trace the machine & it becomes very difficult to find the MAC laptops. This will be again serious if we need to track any mac machine in any of the scenarios:
Like Definations outdated, Infected with virus etc. Please treat this on high priority even if we get a serial number that will really help us.
Regards
Dependra Pundir
0
↧
↧
New variant of KillDisk 2018
I need a solution
Hello,
I need more information about the new variant of malware KillDisk , In this post from trenmicro:
https://blog.trendmicro.com/trendlabs-security-int...
Trend Micro products detect this threat as TROJ_KILLMBR.EE and TROJ_KILLDISK.IUE.
You can tell me how Sep identify this new variant of this malware?
Regards
Miguel Angel
0
↧
Symantec Endpoint Protection Device Control
I need a solution
We have added an application and device control policy that is blocking all USB with some devices excluded. Some devices have been excluded by class id and others by device id.
We are having issues with some USB thumb drives not working with the device id being excluded, but others do. Are there specific brands that just don't work?
Another issue we are having is not being able to exclude bluetooth headphones. When the device is plugged into DevViewer, 3 devices are showing up with 3 seperate device IDs and 1 class ID. All 3 device IDs have been excluded and the class ID have been excluded. When the device is plugged in only one of the 3 device names show up and the USB block warning still comes up. Any ideas?
0
↧
Exceptions policy for laptops
I need a solution
If I apply an exception policy to a group of latops will the policy be in affect when the laptops are out in the field and not connected to the SEPM?
Thanks
Stan
0
↧