Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all 10484 articles
Browse latest View live

Outlook crashing after its latest September update

September 17, 2018, 5:07 am
$
0
0
I need a solution

We are using Office 365 (Monthly channel, 2016). After the recent September updates to Office, Outlook started crashing for some users when trying to sort emails by From, or other columns. If we uninstall Symantec Endpoint Protection, it stops crashing. On some PCs it even shows that Symantec's add-in has beed disabled because it caused a crash, although Outlook still crashes in such case.

We are still using 14.0.1 - (14.0 RU1 MP2) - 14.0.3929.1200 and were only planning to start testing 14.2. I think 14.2 still came before September 5, when new updates for Office came out. But maybe it's a known fixed issue? I have only filed a request with Microsoft so far. They are investigating.

Happens both on Windows 7 and Windows 10.

0
Search

File reputation notification shows vague report

September 17, 2018, 5:10 am
$
0
0
I need a solution

From time to time i see a notification on the home screen of SEPM (14.0 version). If i press on it, it shows a red dot and says there was a detection of download of file with bad reputation. There is nothing clickable in this windows, only the Report button. But this report just returns the full list of clients with information on when they have updated last time. How can i get the real report on what user and what PC had this download?

0

schedule restart client command

September 16, 2018, 1:36 am
$
0
0
I need a solution

see attached

is there a way i can schedule that instead of doing that manually each time?

0

SEP vs. McAfee

September 17, 2018, 7:56 am
$
0
0
I need a solution

Hi!

A client use McAfee but wants to know why SEP would be a better option, someone knows if there is an document or some feature comparsion?

Thanks

0

Aplication and device control is enable?

September 17, 2018, 9:25 am
$
0
0
I need a solution

Hello,

I like to know how many computer in the company have the application and device control feature install, is possible to obtain this information to report or log from SEPM?

Regards

Miguel

0

Block malware whit SHA-256

September 17, 2018, 9:33 am
$
0
0
I need a solution

Dear,

I have 2 SEPM console in version 14.0.3752.1000 with sep clients versions 12.6 and 14, and is possible to block a malware with the sha-256 ? 

For example:

Indicators of Compromise (IoCs):
Related Hashes (SHA-256):

a3f2c60aa5af9d903a31ec3c1d02eeeb895c02fcf3094a049a3bdf3aa3d714c8 — TROJ_KILLMBR.EE
1a09b182c63207aa6988b064ec0ee811c173724c33cf6dfe36437427a5c23446 — TROJ_KILLDISK.IUE

Information from VirusTotal :

52 engines detected this file
SHA-256    a3f2c60aa5af9d903a31ec3c1d02eeeb895c02fcf3094a049a3bdf3aa3d714c8
File name    a3f2c60aa5af9d903a31ec3c1d02eeeb895c02fcf3094a049a3bdf3aa3d714c8.sample
File size    5.16 MB
Last analysis    2018-08-28 00:23:16 UTC

Basic Properties
MD5    9e33143916f648ec338f209eb0bd4789
SHA-1    2aa3803869edee7fa1ab7cf96d992ccfecc89e7b
Authentihash    7f134feb57a6af2d93c5276d25048704fecf1255fc22d873b18c16197f920557
Imphash    897a03097ab87dec1d9be48d739a8168
File Type    Win32 EXE
Magic    PE32 executable for MS Windows (GUI) Intel 80386 32-bit
SSDeep    24576:RFquItQkg9t8RLlwGcGZ7fgOUe9UEnc1ykkkVVqWyvLMekOc:RF3ItQz9pda7f35ncIsbHyIe
TRiD    Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (

0

SEP14 AppCrash on Citrix VDI with Appdisk

September 17, 2018, 10:05 am
$
0
0
I need a solution

Hi. We have appcrash event 1000 when we assign appdisk to our VDI. The appcrash is related to iexplorer control panel but we have, for example, Vmware Viewclient or other apps into appdisk. If we remove the appdisk the crash is not reproduced....anyone with this issue? SEP is version 14.0. VDI is Xendesktop VDA 7.15 with W7x64 Regards

0

need to download SEP setups for both server and clients

September 17, 2018, 1:49 pm
$
0
0
I need a solution

Hi team,

As we’ve got our new license product, I would like to take this opportunity to request from you a link in order to download the setup that goes with  the indicated license as well as the wiping link for our deployment. The needful setups would be for both clients and server deployment. Also, a deployment plan would much appreciated for a safer network environment. Your help in this activity would much appreciated in collaborating with team like yours who have much more technical skills in such subjects. Please, kindly reset my account details on your website since I have forgotten my login and credential infos. Thanks in advance.

I am available in case you need more details.

Yours sincerely.

Maxime MAPAGA

0
Search

Host Intrusion Prevention System (HIPS) - Availability on SEPM 14.0

September 18, 2018, 1:02 am
$
0
0
I need a solution

Hi Friends,

Want to know whether Host Intrusion Prevention System (HIPS) is included in SEPM 14.0. I can see under Intusion prevention Network Intrusion and Browser Intrusion option but not HIPS. Please let me know if it is availbale and if not how to proceed.

Regards,

Anishk

0

Modify hardening policy in SEP client

September 18, 2018, 4:19 am
$
0
0
I need a solution

Hello all, 

this is the situation:

someone have installed a SEP 14 client with application hardening module enabled. 

I tried to install DCS agent after that and it says that I cannot install it because the prevention is enabled and I have to disable it in order to install the DCS agent. If I have understood correctly, the application hardening configuration is being done from the cloud portal, and cannot be done from the SEPM. The SEP environment hasn't been registered in the cloud portal (they even don't have access to the Internet).

So, I have modified the SEP client installation, removing the application hardening feature, and restarted the machine. The services doesn't appear anymore, and the client logs doesn't show an area for application hardening logs either. 

However, if I tried to install the DCS agent again, I find the same error message. I have been looking around to see how to disable the prevention outside of the cloud console, and haven't found anything. 

Does anyone know how to disable the prevention for the application hardenning outside of the cloud portal? Is this even possible?

Kind regards, 

Juan

0

SEPM 14 - Windows Definitions

September 17, 2018, 2:56 pm
$
0
0
I need a solution

Hi,

I have an issue on the console for the past 2 weeks. As you can see in the image, the error reads "information is currently unavailable" next to the latest from symantec. I thought it is one of those things that would just fix itsel.

I have followed the solution in https://support.symantec.com/en_US/article.TECH96448.html and i confirm everything is working fine, i have no errors with any of these steps. It has been working fine for many years, nothing has changed in our environment.

Help will be much appreciated

Thanks

0

Symantec Endpoint Protection Blocking functionality of Outlook, IE and Skype for Business

September 18, 2018, 7:29 am
$
0
0
I need a solution

Hello Everyone.  I've been dealing with a problem with SEP since the start of the year.  I've called Symantec support several times about this issue and have not been able to get a resolution.  My issue is that Symantec is clearly blocking certain functionality of Outlook, IE and Skype for Business.  It allows each one to open, but Outlook will not connect to Exchange Server, IE will not load any web pages and Skype for Business will not display any contacts.  Disabling Symantec and restarting these applications immediately resolves the problems with all.  SEP can then be re-enabled and will work fine, for a period of time until this happens again. 

This is an intermittent problem affecting only a small amount of our computers at any given time. I've uninstalled SEP and installed the latest version 14.2.758.0000 and for awhile this version ran without causing this problem.  But within the last week or 2, even this version seems to be blocking.  This problem has existed for me since earlier this year when the Spectre and Meltdown vulnerabilities became a concern.  It affects both Windows 10 Pro and Windows 7 Pro systems.  I've been unable to find any similarities between affected machines to draw any conclusions.  I only know that all 3 of those programs are affected and not always at the same time. And only on a small number of computers at any given time. 

The affected users are getting frustrated disabling Symantec Endpoint Protection, closing and reopening the apps and then re-enabling SEP to continue protection.  But every time I've called Symantec on this they have not been able to adequately find a cause of the problem.  And often when they do help, after an uninstallation/reinstallation, the problem goes away for a long period of time which implies it has been fixed.  But it keeps coming back. 

Most of my computers are running either 12.2.758.0000 or 14.0.3929.1200.  I've looked through the client logs and cannot see any indication these applications are being blocked, I only know it is Symantec because when I disable or uninstall, the problem goes away.  All clients update daily from either my servers or the internet.  This affects 3 different offices each with their own SEPM, all running the same 12.2.758.0000 version.  I have created an Exception policy and included outlook.exe, iexplore.exe and lync.exe on it as log only.  Yet this problem still happens on those computers so I don't think Symantec is blocking it intentionally.  I think this is a result of some bug. 

Has anyone else experienced this problem?  Any ideas I can try?  I will probably have to call Symantec again, but I don't think they will be able to identify the problem and fix it.  And any reinstall will surely fix it without addressing it so the problem will continue to pop up.  Any help would be appreciated. 

0

Update SEPM

September 18, 2018, 8:44 am
$
0
0
I need a solution

Hello,

I have Symantec Endpoint Protection Manager installed on windows server 2012 and windows server 2012 r2. SEPM current version is 14.0.1904.0000.

i'd like to know how to update SEPM to the latest version, please help me.

0

SEP is blocking websites from working on W2k3 servers.

September 18, 2018, 9:49 am
$
0
0
I need a solution

We are seeing issues with SEP 12.6 on Win2k3 webservers where the websites become unavailable. If we disable Network Threat Protection, the sites become available once again. We can re-enable it and the websites will contrinue to work for some period of time until it happens again. How do we acertain what is causing this and how do we prevent it from causing the website unavailabilty?

Thanks,

DeShark

0

keep SEP just monitor and stop clean or delete files

September 18, 2018, 12:23 pm
$
0
0
I need a solution

hi 

I have a big problem with SEP when I install it on any client either windows domain server or some other application server it stops everything and also quarantines some application files, kindly I need your help as soon as possible to deal with this issue I need to make a client package with just log only and not take action like quarantine or clean or delete just to monitor and log.

0
Search

SEP Client deployment through Intune

September 19, 2018, 1:04 am
$
0
0
I need a solution

Hi all,

Has anyone deployed SEP to clients through Microsoft Intune? How did you do it?

The options for exporting a SEP client package from SEPM are either a single .exe or the .msi option. EXE files are not supported by Intune, and the .msi export creates an .msi but with 26 other support files, required for the .msi to run. However, it’s not possible to add all these to Microsoft Intune.

So, I require a single .msi that contains all these 26 support files. Is there anyway this can be done?

I tried to create a support case but I didn’t get very far.

Many thanks,
Sam

0

SEPM and Embedded database server changing IP address

September 19, 2018, 3:34 am
$
0
0
I need a solution

I would like to change the IP address / Subnet of my SEPM server ( primary & secondary). I have 700+ clients( 2 SEPM with Embedded DB) so I wanted standard procedure before making the change.

Is there any impact  of changing Subnet of SEPM servers for Client communication ?

Can you tell me if moving the SEPM servers to different subnets would cause any issues or requires significant effort?

And kindly Tell me the Steps for changing IP address.

0

How to create a Exceptions , by file name or by appication?

September 19, 2018, 12:57 pm
$
0
0
I need a solution

Hello,

I like your support with the exceptions in sepm 14 , for example for DLP Symantec indicate the following:

https://support.symantec.com/en_US/article.TECH220...

Windows

Endpoint Agent Installation LocationC:\Program Files\Manufacturer\Endpoint Agent
Endpoint Agent Temp Folder LocationC:\Program Files\Manufacturer\Endpoint Agent\temp
Processes

edpa.exe
wdp.exe
cui.exe
kvoop.exe
brkrprcs.exe
brkrprcs64.exe

Driversvfsmfd.sys
vrtam.sys
vnwcd.sys
FilesC:\Program Files\Manufacturer\Endpoint Agent\*.ead

How is the better way to do a exception? from process and drives and if exclude all the folder instalation I need exclude one to one .exe files?

This the way how I create a Rule, is correct?

 

0

MOVING ENDPOINTS TO OTHER GROUPS USING HOST INTEGRITY

September 20, 2018, 1:16 am
$
0
0
I need a solution

Hello All,

I would request to share an idea or suggest if anyone have tried to move SEP clients from One group to another using a Script / Host Integrity policy. It would be much appreciated if you can share any other ideas which worked well. 

As of now we allow users to have USB access for 6 months as default duration. And we would like to achieve, once after the 6 months lease period is over. The clients should move back to No USB access group by itself. 

Thanking you in advance.. 

0

scan logs not reflecting in Command Status tab

September 20, 2018, 1:51 am
$
0
0
I need a solution

Full scan command was given to a mashine but it is neither reflecting in the command status tab nor in the scan logs. I am not able to get the scan progress status. This system is online and reporting to SEPM as well.

0
Viewing all 10484 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>