Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all 10484 articles
Browse latest View live

MAC and windows device control

September 7, 2018, 7:48 am
$
0
0
I need a solution

Hi Team,

We are planning to setup Endpoint protection 14 for our IT Infra. can you please help me below querys

1. Is MAC machines device can control from Symantec server end , Like USB Block ?

2. If MAC connected Wifi or Wired, or home network , can we control USB block ?

3 . For windows Laptops also can we block USB more than 6 Months ?

4. Can we monitor the logs if any user connected USB external device his/her Laptop ?

5. Firewall management both MAC and windows ?

5. Please share your support email and contact details.

Thanks,

Ranjan

91 9845810364

0
Search

Upgrade Version 14.2 build 770

September 7, 2018, 11:22 pm
$
0
0
I need a solution

After upgrade to Version 14.2 build 770 (14.2.770.0000) 2 days ago, we are having a serious problem.
All the notebooks can’t communicate with SEPM servers, and in the SEPM console regardless of the group they belong to, seem to be offline although many of them are online

Running symdiag we receive details:

'The client cannot comunicate with any of the confiured manager

port 8445 Protocol HTTPS  Response-Error:Exception from HRESULT : 0x80072FOC

port 443   Protocol HTTPS Error Timeout

All the SEPM servers - one of them DMZ are online

All the other workstations that are online can be seen in the SEPM console.

On the other side of the clients on which the SEP was installed appears the notification:" There is one problem - Memory Exploit Mitigation is disable Click Fix "even though MEM policies are disable
 
 
Click Fix - fix this problem but I need to be logged in as Admin

Please help me to solve this critical issue!

0

Endpoint does not appear in SEPM

September 8, 2018, 3:38 am
$
0
0
I need a solution

Hi,

the customer has SEPM 14.0.1904.0000 running on a Win 2008R2 server (also a DC). The clients are SEP 14.0.1904.0000 or 14.0.3752. 6 months ago a junior computer guy used an image to set up two new machines, without preparing the image properly. So I am pretty sure the two new machines ended up with identical SEP hardware ID. They only appeared in SEPM one at a time. This problem was never solved, for lack of interest at the customer. Lets call the two machines E and U.

Yesterday I was at the customer and now none of the two machines were visible in SEPM. I removed SEP from U, downloaded newest SEP (version 14.2.770.0000) and installed it, and read the communication file into it so that it should know how to find SEPM. Hoping that this would change the hardware ID. The machine is Win10 april 2018. Now E (the other Win10 machine) appeared correctly in SNMP. However still no sign of U. The SEP should be compatible with the Win10, according to https://support.symantec.com/en_US/article.TECH235706.html

I ran cmd as admin and ran RepairClonedImage.exe -v. It said it finished successfully. However, the client still does not appear in SEPM. https://support.symantec.com/en_US/article.TECH163349.html

Ping works, and I do not think it is a network issue. I activated the apache access log, https://support.symantec.com/en_US/article.HOWTO80741.html. This is how it typically looks like:

192.168.10.50 - - [07/Sep/2018:18:01:54 +0200] "POST /secars/secars.dll?h=082962A18F61CD85B5D1...A4AECFB4BE2C20FD HTTP/1.1" 200 - "-""-"
192.168.10.154 - - [07/Sep/2018:17:40:07 +0200] "POST /secreg/secreg.dll?l=2 HTTP/1.1" 500 531 "-""Sylink"

.50 is one of the good machines, that is visible in SEPM. .154 is the machine that is not visible. For the good machine there is secars, and a really long number (my abbreviation with ... dots). For the bad machine there is secreg and no long number.

Is there a way to display the hardware ID on a SEP? So that I can check if the two machines U and E have identical hardware ID.

Does a reinstall of the SEP change the hardware ID?

Could it be a problem that a machine has the newest SEP, while the SEPM server is an older version? Could it be a problem with the latest SEP?

How to interpret the Apache log?

Any other insights as to how to fix this?

Grateful for all insights.

0

Client communication

September 8, 2018, 10:49 am
$
0
0
I need a solution

When i open my sep client and go to connection status it shows win inet error 12019 so client unable to connect the manager. What should i need to do

0

Enter Multiple websites in Single Entry on Web Filltering.

September 8, 2018, 6:08 am
$
0
0
I need a solution

Hi Everyone

I am new to SPEM. I using Demo Version of 14.2. How to Add Multiple websites in Single Entry on Web Filtering. I want block More then 200 Websites.

So i can't enter each and every website in Web site Fillter.  Is that Anyway to Block Multiple Websites in Just Single Entry..?

And Also How to Block by Category..?

Sorry for Bad English.

0

Symantec SEP 14 Presentation

September 9, 2018, 7:59 am
$
0
0
I do not need a solution (just sharing information)

Hi all,

For my news clients, i need to find a short presentation of SEP 14 Powerpoint.

Thanks for you help.

Ari B.

0

SEp 12.1.6.5 supported Win 2003 and where do i download

September 10, 2018, 4:44 am
$
0
0
I need a solution

HI,

We have a fes Win 2003 64 bit nachines which we want to load SEP 12.1.6.5, i know SEPMver 14.x supports the SEp12 version.

How do i verify till when is this supprted .

Regards

danie

0

Roaming Profiles not being deleted becase of the Log Files

September 10, 2018, 1:20 pm
$
0
0
I need a solution

We have had this issue for many years but it seems it has been increasing to a number of our users. Running SEP 14.2 build 758. Client PC's are Windows 7 32bit, all have roaming profiles. On occasion, when a user logs off the path C:\users\username\Appdata\Local\Symantec\Symantec Endpoint Protection\Logs stays in their roaming profile folder. This then causes .domain profile folders to then be created when they next log on and their roaming profile to not load correctly. If the pc is rebooted then we remove teh profile and a registraty entry and then the user can log back on. I see many threads relating to the Citrix users as well, Is there a setting that we can prevent the logs being saved in a profile or prevent the logs at all?

0
Search

Common installation issues, and precious little guidance available.

September 11, 2018, 8:44 am
$
0
0
I need a solution

We have been tasked with installing SEP on our existing customer machines in mission-critical environments. We are trying to install (in a test environment) SEP 14 onto headless Ubuntu 16.04 kernel version 4.4.0-31-generic. Our customer machines are LAN only with no internet connection. I accept that Symantec state the supported version of Ubuntu 16.04 is 4.4.0-38-generic, however do Symantec expect everybody to get their existing, change management controlled machines to a version that suits them? For us, that would mean multiple engineers travelling to multiple sites to do hours of work, just to get SEP running?

We have followed the Symantec provided instructions for installing SEP on Linux, which makes no mention of pre-req's other than the version of glibc. After digging around we find that 32-bit libraries are required (not on official Symantec documentation as far as I can tell).

Follow our usual process of downloading deb packages on a connected machine and then installing on disconnected machines. Here's where the dependency issues kick in.

sudo dpkg -i /media/cdrom/dependencies/libc6_2.23-0ubuntu10_i386.deb
    error processing, cannot be configured because libc6:amd64 is at a different version (2.23-0ubuntu3)

 So, further digging and apparently, 

sudo dpkg --add-architecture i386 && sudo apt-get update

But, we can't do this on a disconnected machine.

So my questions:

Why haven't Symantec got around this problem yet?

Why haven't Symantec documented the common installation errors?

Why haven't Symantec answered multiple similar requests for assistance in the forums?

0

SEPM 14.x - OS direct upgrade from 2008 to 2012: Does it officially supported?

September 11, 2018, 8:15 pm
$
0
0
I need a solution

Hi,

Anybody has experience on above?

Can we just directly upgrade the OS where SEPM reside (e.g from 2008 to 2012) ?

Any impact expected?

Thanks

0

Erorr while scanning the folder, \Symantec\Symantec Endpoint Protection Manager\data\server_update\180126020_full.zip

September 12, 2018, 5:30 am
$
0
0
I need a solution

Hi,

The Scheduled scan , comes up with error during the scanning of the below listed folder,

Can anyone help, in identifying the use of this folder and the reasons for the failure.

Erorr while scanning the folder, \Symantec\Symantec Endpoint Protection Manager\data\server_update\180126020_full.zip

0

.bat for unblock USB(Mass Storage Device) temporary

September 11, 2018, 3:37 pm
$
0
0
I need a solution

Good day,

Today we have a container with policies to block usb (Mass storage device), everything works correctly. For business reasons, I am looking for information if it is possible to create a .bat file to be able to temporarily enable massive storage devices. Does anyone have any information that I could share?

Have an excellent week.

0

Symantec Endpoint Protection agent is unable to connect to SEPM 14

September 12, 2018, 7:52 am
$
0
0
I need a solution

I have a new SEP 14 cleint installed on a Windwos 2012 R2 at a remote site but this client cannot connect to SEPM server. Anyone can help?

I can ping the SEPM server and telnet to the SEPM server but cannot browse the SEPM via TCP 8014 port.  I can see the taffic of TCP 8014 passed through the firewall but the connection was timeout.

The Sylink log showed below error.

08/30 13:02:26.796 [2356] <SendRegistrationRequest:>http://<<Server IP>>:8014
08/30 13:02:26.796 [2356] <InternetCallback> HttpOpenRequest; Internet status: 60; CtrlBlk: 06772508
08/30 13:02:26.796 [2356] 13:2:26=>Send HTTP REQUEST
08/30 13:02:26.796 [6060] <InternetCallback> HttpSendRequestEx; Internet status: 100; CtrlBlk: 06772508
08/30 13:02:26.828 [2356] AH: (InetWaiting) bFinished is TRUE on CtrlBlk: 06772508
08/30 13:02:41.011 [5832] <CSyLink::mfn_DownloadNow()>
08/30 13:02:41.011 [5832] </CSyLink::mfn_DownloadNow()>
08/30 13:02:45.746 [3804] <InternetCallback> HttpEndRequest; Internet status: 100; CtrlBlk: 06772508
08/30 13:02:45.777 [2356] 13:2:45=>HTTP REQUEST sent
08/30 13:02:45.777 [2356] 13:2:45=>QUERY return code
08/30 13:03:15.773 [2356] <SendRegistrationRequest:>ERR to query SMS return code=9
08/30 13:03:15.773 [2356] <SendRegistrationRequest:>LastError=12002
08/30 13:03:15.773 [2356] 13:3:15=>QUERY return code completed
08/30 13:03:15.773 [2356] <SendRegistrationRequest:>SMS return=0
08/30 13:03:15.773 [2356] <ParseHTTPStatusCode:>0=>Uninterpreted Status
08/30 13:03:15.773 [2356] <SendRegistrationRequest:>ERR to query content length
08/30 13:03:15.773 [2356] <SendRegistrationRequest:>Content Lenght => 
08/30 13:03:15.773 [2356] Throw Internet Exception, Error Code=12019;AH failed to read internet file
08/30 13:03:15.773 [2356] CInternetException: <mfn_ReadDataFromServer>: The handle is in the wrong state for the requested operation

Thanks,

Joe

0

GUP showing as False in machine details of GUP Server.

September 12, 2018, 11:35 am
$
0
0
I need a solution

GUP server is properly configured as GUP in Policy, though showing False in its machine details.Neither it is reporting to the GUP monitor.

0

how to install teefer.sys firewall driver using a script

September 13, 2018, 1:44 am
$
0
0
I need a solution

after SEP install we see "firewall not loaded" message on our win 10 machines installed with network install (MS Deployment toolkit)

we know the workaround is to uninstall SEP, install the teefer driver on the nic, and reinstall symantec

We also noticed that when we install the teefer driver before SEP it works fine, so in our deployment script I want to install the teefer driver before sep gets installed but cannot find a way to script installation of the driver...

anyone know a script that will do that?

0
Search

14.2 Integration Policy - not working

September 13, 2018, 4:13 am
$
0
0
I need a solution

Hi all,

I am trying to use the integrations policy to redirect traffic to WSS.

In the PAC file URL box in the policy I have tried: https://portal.threatpulse.com/pac& the Global PAC FileURL as defined in WSS and set up a known location in WSS.

I have left the port as the default 2968.

When I point my browser to the Global PAC File URL it works but when I use this in the policy it doesn't work!

Any ideas?

Thanks!

Sam

0

SEP cloud Portal - cannot Enroll

September 13, 2018, 6:32 am
$
0
0
I need a solution

Hello,

I am having trouble to Enroll the cloud portal. When I click at "Get Started" button, it opens a Windows Explorer window with some JAR files. I have already installed JAVA and the problem is still happening. The screenshot is attached. 

Does anyone have any idea?

Thanks,

Thiago

0

I need a excessive browser protection email alert

September 14, 2018, 2:25 pm
$
0
0
I need a solution

I've got a weekly "network and host attack mitigation"  report set up.  I can see what's attacking my machines.  That's useful.  (Why not make that a default report?)

I noticed a machine has A LOT of "browser protection" events this week, hundreds within seconds.  I'm still looking into it.  But I want to know if that happens again WHEN it is actually happening (or right after because the browser protection events happened fast).

How do I set up an alert for that?  I'm looking in SEPM, under monitors, notifications...  I've already got a network attack alert set up (all boxes checked -- compliance, network and host mitiation, packet events, deice control events, traffice, application control).  That existing network attack alert is set just above what appears to be a normal amount of attacks.  I'd prefer zero attacks but there seems to be a usual amount coming in weekly.

I don't see anything for "browser protection" though.  Maybe it's not granular enough?  If I'm getting a "Netowkr and Host Exploit Migation attack report each week... and these are listed as "browser protection" under the type of attack.... What would I set up as an email notification alert?

0

How to manage clients when SEPM is enrolled for Secure Cloud device management?

September 15, 2018, 7:54 am
$
0
0
I need a solution

Hi everyone,

I have a delemma -- How to manage SEP clients when SEPM is enrolled for Secure Cloud device management? In this scenario the traditional items in SEPM that deal with end point clients are all grayed out.

Where does one manage those elements in the Secure Cloud portal? I mean the settings when clients are deleted? For example: delete all clients that have not conected for 90 days. If SEPM is NOT enrolled in secuire cloud all those elemnts are managable at SEPM but with the cloud enrollment they are grayed out in the SEPM console and I can't find equivalent place on the cloud portal where I get to do it.

All that I have on the portal is a simple silder - manage devices ON or OFF? I know I can manually delete clients using the Secure Cloud portal but that is a one-by-one task. Where do I set the other biz, you know -- delete all clients that have not conected for 90 days?

Thank you

0

keep previous logs and Communication settings

September 17, 2018, 2:03 am
$
0
0
I need a solution

Hi All,

I have installed a SEPM14 server and created a package with "keep previous logs and Communication settings" option. After installing the package, SEP clients are upgraded from SEP12 to SEP14 but still reporting to SEPM12 server only. Should I remove this option while creating the package to start communication with new SEPM14 after installation?

0
Viewing all 10484 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>