Every time I start CCleaner I get a warning 'Ccleaner has changed since the last time you used it. Do you want to allow it to access the network?' and two options Yes and No. There's no option 'remember the answer and don't ask again'.
I added the app rule manually and still get these pop-ups.
How do I get rid of them without disabling the whole program monitoring feature?
Hi teams, can you give the exact numbers for CLIENT log settings and SERVER log settings to retain 365 days’ worth of logs for PCI Compliance?
Threre is a huge issue with this right now in our organization because we discovered that we were using the out of the box settings which is entirely not adequate for PCI Compliance and we will fail our compliance testing.
How do I figure out what numbers we shoudl be using? Is threre some sort of tool that I can use to determine what the numbers should be?
Thanks,
Dan
Hello
Guys, in one machine with the definitions delayed if copied the C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Definitions folder its possible from update?
My question is about this KB https://support.symantec.com/en_US/article.TECH237037.html and the folder of SEP client.
Hi,
It's been ages since I last needed to look at this. Microsoft have recommendations for exclusions for DFSR:
<drive>:\system volume information\DFSR\
$db_normal$
FileIDTable_2
SimilarityTable_2
<drive>:\system volume information\DFSR\database_<guid>\
$db_dirty$
Dfsr.db
Fsr.chk
> *.log <
> Fsr*.jrs <
Tmp.edb
<drive>:\system volume information\DFSR\config\
> *.xml <
<drive>:\<replicated folder>\dfsrprivate\staging\*
> *.frx <
These are mostly easy. What about the one inside > < brackets? Also what if the System Volume Information is on different drives between servers?
Thanks
Can SEP / SEPM be configured in such a way as to be able to report on when USB devices get plugged on so that administrators get an e-mail?
We are having major issues with data exfiltration and need to monitor USB storage usage.
I am growing tired of constantly responding to alerts from SEP whenever a program I have tries to connect to the internet. MS Office Click-to-Run is the biggest offender (but not the only one.) Every time I fire up my pc I get an alert that this program has changed since the last time I used it, and should I allow it to connect? There are other programs too that do this regularly - MS Office Telemetry Agent, my automatic back up program, and a couple of others. How can I stop this annoyance?
I looked at how to add exceptions to SEP but for some reason I am having trouble accessing the program to add it to the list. When I go to Change Settings - Exceptions - Add - Application Exception, it takes me to a list of what is on my desktop, and I'm not sure how to add a program from there. I found my way to the C drive, and was able to try to add the MS Office folder, but got a message saying "Only files can be selected using this option."
Maybe I'm doing something wrong here? Does anybody have a suggestion?
Another option would be to delete MS Office Click-to-Run, which is a program that keeps MS Office up to date, but I don't think I should have to do that. SEP should provide us with the ability to pretty easily add exceptions. Thanks!
I've had this issue for quite some time and surprised no one else has noticed this bug.
After about a day of running SEP, when I look in Regedit under HKEY_USERS I'll see everyone's hive who has previously logged into the Windows Server 2016/XenApp 1808 VM's. If these users attempted to return to the affected VM, they would be denied logging in until their hive was dismounted. The bug is able to suvive a reboot.
This issue seems to manifest when the Symantec registry key LaunchSMCGui is set to zero.
I used to temporarily mitigate the problem by running SMC -Stop and SMC -Start but this no longer works in 14.2 MP1. SEP 14.2 would cause my XenApp VM's to BSOD a lot.
Hello,
I've been having a fairly strange issue with 14.2 MP1 SEPM on Server 2012. When I go to push my agent to a user computer (IE Stan-Dell) the computer resolves to a completely different name which is in the domain (IE Tom-Dell) when using the Search Network tab. It will then succeed or fail on the push randomly, however the proper host never appears under my managed client list. I have verified on the workstation that hostname is in fact Stan-Dell with the IP I have on file. I have also confirmed that the DNS record for Stan-Dell is the same as the IP I have on file. Nslookup resolves properly, and even putting the FQDN (Stan-dell.domain.lan) still resolves to just Tom-Dell. I tried looking for the pushdeploymentwizard however it was not available in \Symantec\Symantec Endpoint Protection Manager\Tools. Lastly, nbtstat -a "ip address" resolves the proper hostname.
Does anyone have any idea of what could be causing this issue? Is this a known problem with 14.2 MP1?
Hello friends from Symantec! Hope everything goes just fine!
A few weeks ago I received some alerts from Microsoft and a couple of accounts were blocked because some kind of suspicious software was triying to send emails in a massive way. When I run the full scan in the infected computers all of them had the same cookie advise like this one: pixel-us-east.rubiconproject.com/exchange/
I want to know if someone have seen something like that before or if its dangerous.
Thank you so much!!
I have an SEPM implemented and for security reasons I need to know specifically which ports of entry and exit need to be known both in the clients and in the administrative console.
Hi,
Is there a way to prompt a password to disable SEP client. before we used version 12 it was working but i notice if a disable the sep client by right click on the taskbar it will not ask for any more password that by i suspect some use are able to use this to disable the sep client.
i already try all possible setting to adjust by still it not work on version 14. is it a bug ?
i need my user client always on protect from any malicious threat.
hope you can help me on this..
thank you guys
Hi,
I've created a Linux Installation Package and specify the client group to My Company\LINUX
but when I installed the package to the client, all clients then were placed in My Company not My Company\LINUX.
here is a snippet of the generated sylink.xml inside the installer package:
<AgentCommunicationSetting AlwaysConnect="1" CommunicationMode="PUSH" DisableDownloadProfile="0" Kcs="E2A621D5FE015CC9587B78B103806FB6" PushHeartbeatSeconds="300" UploadCmdStateHeartbeatSeconds="300" UploadLearnedApp="0" UploadLogHeartbeatSeconds="300" UploadOpStateHeartbeatSeconds="300"/>
<LogSetting MaxLogRecords="100" SendingLogAllowed="1" UploadProcessLog="1" UploadRawLog="1" UploadSecurityLog="1" UploadSystemLog="1" UploadTrafficLog="1"/>
<RegisterClient PreferredGroup="My Company\LINUX" PreferredMode="0"/>
<ServerList FreezeSmsList="0" Name="Default Management Server List for My Site">
<ServerPriorityBlock Name="List0">
<Server Address="192.168.27.79" HttpsPort="443" Protocol="HTTPS" VerifySignatures="1"/>
<Server Address="SEE" HttpsPort="443" Protocol="HTTPS" VerifySignatures="1"/>
<Server Address="SEE.lab212.com" HttpsPort="443" Protocol="HTTPS" VerifySignatures="1"/>
</ServerPriorityBlock>
</ServerList>
A SEP 14.2 client has quarantined a file on my computer after a recent definition update and a full scan. Scans with pevious definition updates had not flagged the file. I am now having issues with getting this file out of quarantine for analysis. I have restored the file from the SEP UI, but I am still not seeing the file in its original location. I understand that the default config of SEP is to delete files that have been in quarantine for more than 30 days, but this file has only been in quarantine for a few days. Can someone please give me some tips on getting this file from quarantine? Thank you.
Hi Team,
I will be grateful if someone can update me where can I find information about SEPM Hybrid Environment (on-premises and cloud)? How the security features are sharing between the platforms? enrollment process? know issues in the Hybrid model?
Adi
Hi,
I need some assistance with an issue to make sure I'm not doing something stupid before logging it with support
We have upgraded a load of our Windows 2016 servers to 14.2.1015 however one is not communicating with our management servers. We have imported the sylink from the group onto the machine and under Management we can see the Group, Policy Serial Number etc however it shows as Offline.
We've run a SymDiag and it believes that it is communicating fine with our management servers however it cycles through them without making a successful connection under Connection Status. We have also tried a CleanWipe and reinstall of both 14.2.1015 and 14.2.770 (which was the previously working one) and neither connect.
Has anyone experienced the same or similar issues?
Hi All, Have any of you observed a relation between the number of FW rules on Symantec Endpoint Protection FW component and a latency on the browsing and downloading files? In other language, If you blocked 100 IP on the FW on client A and 1000 IP on client B... Is there will be any difference in using the network from the two clients?
I'm in a single domain environment and looking to set up a new SEPM 14 server since I can't do an in-place upgrade of my SEPM 12 server running on Windows 2003 Server. Planning on loading SQL 2016 Standard on the SEPM server running Windows 2016 Standard. Where the SQL install is concerned, can anyone tell me the pros/cons of going with Windows Authentication Mode vs Mixed Mode?
Also, what other SQL components will I require for an on-box install of SQL 2016? I can find step-by-step instructions on installing SEPM 14 but have yet to come across docs on loading SQL 2016 itself for use by the SEPM server. Naturally don't want to load everything and yet want to install enough to run/manage SQL going forward.
Hello,
I like to know where store the policy.xml in the sep clients ,I need to verify if the change in one policy is taken by the computers.
And where is the logs from schedulle scan for windows 2003/ 7 / 10 in sep 12.x and sep 14.x
Regards
Miguel Angel
Hello, I want to upgrade my LUA server. Do i need to do a clean install ?
Dear,
How check the connectivity within 2 DC in DMZ with the SEPM Console? the definitions are out date and the config of communication are using the port 80.
Miguel Angel