Hello Team,
as per our check we found 70% servers scanning is stopped in particular day.
I verified few things from my end.
1. Schdule scan is disable ( this is not configured in our env)
2. Defwatch is disable
3. Active scan is running
4. startup scan is disable.
I request your any suggention why these are stuck in the same day.
I currently have 2 SEPM using 1 SQL server, servicing 1800 clients. Everything is currently running Server 12 R2. I was thinking of spinning up another SEPM to help with the load. I was curious if 1) If it's possible to run 3+ SEPMS accessing one database. 2) If possible, do I have to stay with 2012R2 or can I use 2016 for the new SEPM?
I appreciate any guidance.
Hi Guys,
So i have an issue installing the SEPM console in my PC, since a month ago i had to install the console every time i close it (before its was permanently installed even if i close it), so i upgrade java version to check if that was the issue. But it doesnt, now i cant install even once, attach some images.
I tried with Java 80 - 171 - 191 and still happen same issue
After 2 min Java just dissappear and console its not installed.
As i mention before i was able to access with no issues, do you have any idea?
----------------------
My PC.
Windows 7 64 bit
Explorer 11
Currently working with 14.0 but I have noticed this in all previous versions of SEP. When scheduling a scan, I do not see an option to schedule scans on certain days of the week. For example, If I want to run Scan A Monday through Friday and then run Scan B on Saturday and Sunday. I cannot tell Scan A to Run on those 5 days, my only options are Daily, Weekly, or Monthly. The Daily option is every single day. The Weekly option only gives me 1 day to select, and the Monthly option only gives me 1 day to select. Is the only option to configure a scheduled scan for each individual day? This seems very limiting. Does anyone have any thoughts on this?
Thanks,
Hi,
You can tell me how change the status of Disabled Endpoint ? I understand that for that action one user with admin privileges disable the AV from the system tray, is correct? How prevent to do this for all computer?
Hi everyone
I have this weird problem and was wondering if anyone had any ideas where to go next.
In short, when I access network share EXE files get locked. If I try deleting any EXE (from Windows Explorer for example) it dissappears for a couple of seconds (or until Refresh) and then reappears. Cannot move it, cannot rename it. Only when I logoff (and, I guess, network connections get cut off) files are deleted.
If I try deleting these files locally (on the computer hosting network share) I get "File access denied" error. Unlocker/IObit Unlocker both report file(s) not in use, but cannot delete them, only after unlocking with Open File List utility (OFL.exe) file(s) can be deleted locally. Sometimes even OFL cannot unlock them, for example if I try deleting/refreshing few times.
Went through network share permissions/ACLs first, although nothing was changed to trigger this. Tried couple of other things, but only after CleanWipe-ing this particular computer (my admin workstation) things went back to normal. SEP client reinstallation reintroduced the issue. I tried to vary policies, our standard, SEP default, all off, tried unmanaged, tried disabling everything possible and its always the same. After that I went with second CleanWipe with thorough registry clean. Reinstalled the client, nothing is changed.
As far as I tested, none of the other SEP clients/LAN computers are affected. This one has fully updated Windows 7 Pro, 14.2 MP1 client, nothing (related to this) in Windows logs, nothing in SEP logs. I think this started happening with 14.2, but cannot say for sure.
Anyone has any idea? Seen something like this before?
Regards
Hi teams, can you give the exact numbers for CLIENT log settings and SERVER log settings to retain 365 days’ worth of logs for PCI Compliance?
Threre is a huge issue with this right now in our organization because we discovered that we were using the out of the box settings which is entirely not adequate for PCI Compliance and we will fail our compliance testing.
How do I figure out what numbers we shoudl be using? Is threre some sort of tool that I can use to determine what the numbers should be?
Thanks,
Dan
Hello
Guys, in one machine with the definitions delayed if copied the C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Definitions folder its possible from update?
My question is about this KB https://support.symantec.com/en_US/article.TECH237037.html and the folder of SEP client.
Hi,
It's been ages since I last needed to look at this. Microsoft have recommendations for exclusions for DFSR:
<drive>:\system volume information\DFSR\
$db_normal$
FileIDTable_2
SimilarityTable_2
<drive>:\system volume information\DFSR\database_<guid>\
$db_dirty$
Dfsr.db
Fsr.chk
> *.log <
> Fsr*.jrs <
Tmp.edb
<drive>:\system volume information\DFSR\config\
> *.xml <
<drive>:\<replicated folder>\dfsrprivate\staging\*
> *.frx <
These are mostly easy. What about the one inside > < brackets? Also what if the System Volume Information is on different drives between servers?
Thanks
Can SEP / SEPM be configured in such a way as to be able to report on when USB devices get plugged on so that administrators get an e-mail?
We are having major issues with data exfiltration and need to monitor USB storage usage.
Hello Team,
as per our check we found 70% servers scanning is stopped in particular day.
I verified few things from my end.
1. Schdule scan is disable ( this is not configured in our env)
2. Defwatch is disable
3. Active scan is running
4. startup scan is disable.
I request your any suggention why these are stuck in the same day.
I currently have 2 SEPM using 1 SQL server, servicing 1800 clients. Everything is currently running Server 12 R2. I was thinking of spinning up another SEPM to help with the load. I was curious if 1) If it's possible to run 3+ SEPMS accessing one database. 2) If possible, do I have to stay with 2012R2 or can I use 2016 for the new SEPM?
I appreciate any guidance.
Hi Guys,
So i have an issue installing the SEPM console in my PC, since a month ago i had to install the console every time i close it (before its was permanently installed even if i close it), so i upgrade java version to check if that was the issue. But it doesnt, now i cant install even once, attach some images.
I tried with Java 80 - 171 - 191 and still happen same issue
After 2 min Java just dissappear and console its not installed.
As i mention before i was able to access with no issues, do you have any idea?
----------------------
My PC.
Windows 7 64 bit
Explorer 11
Currently working with 14.0 but I have noticed this in all previous versions of SEP. When scheduling a scan, I do not see an option to schedule scans on certain days of the week. For example, If I want to run Scan A Monday through Friday and then run Scan B on Saturday and Sunday. I cannot tell Scan A to Run on those 5 days, my only options are Daily, Weekly, or Monthly. The Daily option is every single day. The Weekly option only gives me 1 day to select, and the Monthly option only gives me 1 day to select. Is the only option to configure a scheduled scan for each individual day? This seems very limiting. Does anyone have any thoughts on this?
Thanks,
Hi,
You can tell me how change the status of Disabled Endpoint ? I understand that for that action one user with admin privileges disable the AV from the system tray, is correct? How prevent to do this for all computer?
we see too much arp traffic when we watch a particular port of the switch.
There is no popup on any client but we still have the enabled anti mac spoofing feature.
Unwanted ARP traffic continues to outgoing.
I'm adding a screenshot shared by the network team.
Is there any recomendation?
Thank you.
Hello,
I have setup the Content Distribution Monitor tool in order to check what information it gives for the GUPs that we currently have in the environment but to be honest I don't find it very useful because of the following reasons:
1) It doesn't give any information if particular GUP server is working properly - for example if it creates deltas successfully, if machines are downloading delta or FUll zip from particular GUP etc.
2) It shows a table called Virus/Spyware contect downlaods today from SEPM(s) but it only shows total numbers for Full and Delta (attached screenshot) but nothing specific as mentioned in 1)
3) It gives only information for the status of the SEP client of the GUP server (status online or offline) which will tell me only if the SEP client is currently working as a client or not (but again it will not tell me what I mentioned in 1) above)
Is anyone using it and do you really think it helps you to monitor the GUP as a GUP and not just normal SEP client which I can check from the standard reports?
Running LU on a server. Shows 13 files to be downloaded. Only two show as "finished". Then just sits there. Not sure what's going on. Suggestions?
I'm trying to install SEP on a Windows 7 Embedded SP1, 64 bits, and the installation fail during the process.
I got the following error in SEP_INST.log
*****************************************************************************************************************
MSI (s) (9C:B4) [12:36:53:090]: Executing op: ProgressTotal(Total=1,Type=1,ByteEquivalent=1300000)
MSI (s) (9C:B4) [12:36:53:090]: Executing op: ServiceControl(,Name=SepMasterService,Action=1,Wait=1,)
MSI (s) (9C:B4) [12:36:54:387]: Executing op: ActionStart(Name=FixDriverVolatileKey_RB,,)
MSI (s) (9C:B4) [12:36:54:390]: Executing op: CustomActionSchedule(Action=FixDriverVolatileKey_RB,ActionType=3329,Source=BinaryData,Target=FixDriverVolatileKey_RB,CustomActionData=SYMTDI;SymIRON;ccSettings_{49637904-45A4-4055-89A1-2511D4C15A1D};SRTSPX;SymELAM;SISIPSService;SISIDSService;SYMTDIV;SYMNETS;BHDrvx64;BHDrvx64;SRTSP;IDSxpa64;IDSVia64;RasMan;heCAF;SISIPSUtil;SISIPSDriver;eeCtrl;SysPlant;SNAC;SNAC;)
MSI (s) (9C:B4) [12:36:54:402]: Executing op: ActionStart(Name=ShowServiceProgress_RB,Description=Executing rollback script via service,Template=[1])
MSI (s) (9C:B4) [12:36:54:405]: Executing op: CustomActionSchedule(Action=ShowServiceProgress_RB,ActionType=3329,Source=BinaryData,Target=ShowServiceProgress_RB,CustomActionData={49637904-45A4-4055-89A1-2511D4C15A1D};SOFTWARE\Symantec\Symantec Endpoint Protection;Executing rollback script via service;)
MSI (s) (9C:B4) [12:36:54:414]: Executing op: ActionStart(Name=ShowServiceProgress,Description=Executing install script via service,Template=[1])
MSI (s) (9C:B4) [12:36:54:416]: Executing op: CustomActionSchedule(Action=ShowServiceProgress,ActionType=3073,Source=BinaryData,Target=ShowServiceProgress,CustomActionData={49637904-45A4-4055-89A1-2511D4C15A1D};SOFTWARE\Symantec\Symantec Endpoint Protection;Executing install script via service;)
MSI (s) (9C:14) [12:36:54:421]: Invoking remote custom action. DLL: C:\windows\Installer\MSI20A3.tmp, Entrypoint: ShowServiceProgress
ScriptGen: ShowServiceProgress() MSIRUNMODE_SCHEDULED
ScriptGen: ShowServiceProgress() calling WaitForSingleObject(scriptStarted) ...
ScriptGen: ShowServiceProgress() WaitForSingleObject(scriptStarted) returned WAIT_OBJECT_0
ScriptGen: ShowServiceProgress() script execution failed.
ScriptGen: ShowServiceProgress() reset script failure event.
ScriptGen: ShowServiceProgress() is returning an error (so close to the end!)
CustomAction ShowServiceProgress returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
MSI (s) (9C:B4) [12:37:15:692]: User policy value 'DisableRollback' is 0
MSI (s) (9C:B4) [12:37:15:692]: Machine policy value 'DisableRollback' is 0
Action ended 12:37:15: InstallFinalize. Return value 3.
*****************************************************************************************************************
and the following error in SIS_INST.log
*****************************************************************************************************************
2018-10-24T16:37:15.659Z ERROR I SIS File C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.770.0000.105\SAEP\IDS\bin\IDSLWInit.exe is not trusted. Verification result: 20
2018-10-24T16:37:15.659Z ERROR I SIS
2018-10-24T16:37:15.659Z ERROR I SIS Dumping action parameters from the script:
2018-10-24T16:37:15.659Z ERROR I SIS FilePath=["C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.770.0000.105\SAEP\IDS\bin\IDSLWInit.exe"]
2018-10-24T16:37:15.659Z ERROR I SIS Parameters=[-i -p "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.770.0000.105\SAEP" -l "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.770.0000.105\SAEP\sdcsslog\SISIPSService.log"]
2018-10-24T16:37:15.659Z ERROR I SIS EnableCCTrace=[true]
2018-10-24T16:37:15.659Z ERROR I SIS OnError0=[PASS]
2018-10-24T16:37:15.659Z ERROR I SIS OnError1=[PASS]
2018-10-24T16:37:15.659Z ERROR I SIS OnError3010=[PASS_REBOOT_REQUIRED]
2018-10-24T16:37:15.659Z ERROR I SIS OnError3017=[FAIL_REBOOT_AND_ROLLBACK]
2018-10-24T16:37:15.659Z ERROR I SIS OnError606=[CATASTROPHIC_FAIL]
2018-10-24T16:37:15.659Z ERROR I SIS OnDefaultError=[FAIL]
*****************************************************************************************************************
Event viewers gives event ID 34,35,36 and 37.
According to SymDiag, everything is green, no error for SEP.
Any ideas?
Thanks!
Hello Guys!
You can help me with this:
Download Protection Content
Out-of-date
24/9/18 r2
The Download Protection Content update from symantec directly , this content are not download manually, is correct?
You can tell me how is the url from update this content?
Miguel Angel