Dear,
In the company the computer have version of Sep 12.x and 14.x the update from the sepm is from a LUA server and the IPS def from the version 12.x is not updated . In the LUA server the task form download and distribution is created via version.
All the task running OK daily , its any configuration to check?
All,
We had issues getting system lockdown working and were unable to make progress on the issue for months even when escalating up the support chain to dev. However, we had a breakthrough recently and uncovered that the major problem was due to App/Device control being active and interfering with the fingerprinting process. So, as a good general rule of thumb disable any App/Device Control Policies you have applied to the test machines in question before pulling a fingerprint. Hope this helps others running into similar issues.
Thanks,
Greg
Dear,
In the company at the moment still using SEP 12.x , the SEPM manager using the version 14.0.3752.1000 and the IPS signatures from this version is not update, in the contentinfo.txt show the follow:
{C0FF7368-0AD3-236B-4AD5-75F88948BE6A}: SESC AntiVirus Client Security Fix Win32 - 14.0 RU1 - English
{3A1B6BF3-0AD3-236B-4AD5-75F847D3EECF}: SESC AntiVirus Client Security Fix Win64 - 14.0 RU1 - English
{535CB6A4-441F-4e8a-A897-804CD859100E}: SEPC Virus Definitions Win32 12.1 RU6 - MicroDefsB.CurDefs - SymAllLanguages
{07B590B3-9282-482f-BBAA-6D515D385869}: SEPC Virus Definitions Win64 (x64) 12.1 RU6 - MicroDefsB.CurDefs - SymAllLanguages
{4F6D9685-BCD6-43C4-A109-7399795F5D97}: SEPC Virus R Definitions Win32 12.1 RU6 - MicroDefsB.CurDefs - SymAllLanguages
{38B770CC-A70B-43D0-92AF-24F6CB39114B}: SEPC Virus R Definitions Win64 (x64) 12.1 RU6 - MicroDefsB.CurDefs - SymAllLanguages
{50B092DE-40D5-4724-971B-D3D90E9EE987}: SEPC SRTSP Settings - 12.1 RU5 - SymAllLanguages
{A78E095A-8FED-4937-9D5C-0B6C20EA696C}: SEPC SRTSP Settings - 14.0 RU1 - SymAllLanguages
{5A7367E1-D1F6-43b5-BD94-4AFFA896D724}: SEPC SMR Definitions 14.0 - MicroDefsB.CurDefs - SymAllLanguages
{FDDBF0FB-0A93-1B05-74DA-0710C2E8441D}: SEPC SMR Definitions 14.0 RU1 - MicroDefsB.CurDefs - SymAllLanguages
{1A79EE79-891B-4CB6-9A00-8D07FC6BF1FF}: SEPC Virus Definitions SDS Win32 14.0 RU1 - MicroDefsB.CurDefs - SymAllLanguages
{151387BE-8D1C-467D-8B7A-AC215B16A144}: SEPC Virus Definitions SDS Win64 (x64) 14.0 RU1 - MicroDefsB.CurDefs - SymAllLanguages
{7C177419-4112-42B6-8CEF-094385474554}: SEPC Virus R Definitions SDS Win32 14.0 RU1 - MicroDefsB.CurDefs - SymAllLanguages
{67F66706-F04B-4432-9947-F8354949D2A6}: SEPC Virus R Definitions SDS Win64 (x64) 14.0 RU1 - MicroDefsB.CurDefs - SymAllLanguages
{8EC79BE5-0A4B-0378-008D-E760EE4D9D2F}: SEPC SRTSP Settings - 12.1 RU6 MP8 - SymAllLanguages
{D6AEBC07-D833-485f-9723-6C908D37F806}: SEPC Behavior And Security Heuristics 14.0 RU1 - MicroDefsB.CurDefs - SymAllLanguages
{55DE35DC-862A-44c9-8A2B-3EF451665D0A}: SEPC CIDS Signatures 14.0 - MicroDefsB.CurDefs - SymAllLanguages
{0D03AEA1-B630-43F8-828E-F10E80A68B99}: SEPC CIDS Signatures 14.0 RU1 - MicroDefsB.CurDefs - SymAllLanguages
{1AD331AC-DEF8-4f6f-A7B5-7B259423BBCF}: SEPC HI Policy Contents Windows - 14.0 RU1 - SymAllLanguages
{B6DC6C8F-46FA-40c7-A806-B669BE1D2D19}: SEPC Submission Control Data - 14.0 RU1 - SymAllLanguages
{EDBD3BD0-8395-4d4d-BAC9-19DD32EF4758}: SEPC Iron Whitelist 14.0 RU1 - MicroDefsB.CurDefs - SymAllLanguages
{810D5A61-809F-49c2-BD75-177F0647D2BA}: SEPC Iron Revocation List 14.0 RU1 - MicroDefsB.CurDefs - SymAllLanguages
{263395A0-D3D8-4be4-80B5-202C94EF4AA0}: SEPC Iron Settings 14.0 RU1 - MicroDefsB.CurDefs - SymAllLanguages
{E8827B4A-4F58-4dea-8C93-07B32A63D1C5}: SEPC Extended File Attributes and Signatures 14.0 RU1 - MicroDefsB.CurDefs - SymAllLanguages
{03485132-6B4C-4075-8B19-3BE002B2AE80}: SEPC EDR - 14.0 - SymAllLanguages
{88F5AA7A-AD7C-426A-8F25-465D3D43B1F1}: SEPC EDR - 14.0 RU1 - SymAllLanguages
{075551EC-66BD-4487-9E2E-40645AF6F8B0}: SEPC STIC - 14.0 RU1 - SymAllLanguages
{6040605B-DC27-4B91-8A7A-8671C606FF54}: SEPC AdvML (Static) Win32 14.0 RU1 - MicroDefsB.CurDefs - SymAllLanguages
{0717B2A8-65E5-48C8-8E06-4613B170EAA9}: SEPC AdvML (Static) Win64 14.0 RU1 - MicroDefsB.CurDefs - SymAllLanguages
Anyone can tell me how its the name form the IPS ? this is it my setting:
I have SEP 14.2 installed. Is there any way I can configure the manager to send alerts from domain machines that do not have client sep installed?
I just configured deployment of the SEP 14.2 MP1 client. A couple of test groups I set up to distribute immediately (0 days). Others, I configured between 7 and 14 days.
To my surprise, I found that SEPM decided to deploy all of the upgrades immediately ignoring the "distribute upgrades over" setting and it is killing my network.
Hello,
I have installed SEP 14.2.770.0000 x64 on a new Dell Optiplex 3060 LinuxMint x64 (kernel 4.15.0-38-generic). The GUI installs but Auto-Protect is "Malfunctioning". I have gone through TECH132773 to manually compile the AP kernel after installing all suggested libraries, etc., and always get "Build failed". It seems to start to go wrong at this compile line:
/home/immunologysupport/Downloads/sepfiles/src/ap-kernelmodule-14.2.770-0000/symev/symev.c:162:3: warning: ISO C90 forbids mixed declarations and code [-Wdeclaration-after-statement]
pte_t *pte = lookup_address(_addr, &level);
In anycase, in INFO3983 it lists the latest supported Ubuntu kernal as 4.13.0-41-generic (Added for 14.2 MP1), but lots of the Sym articles state that this list is not a complete list. I'd like to know if 4.15.0-38 is just too new for SEP 14.2.770-0000 or if there is something else to try other than what is listed in TECH32773? (See log txt file attached)
Tnx
Greetings All,
The scenario as follows:
OS: RedHat Linux 7.5 (kernel: 3.10.0-862.11.6.el7.x86_64)
SEP: 14 RU2 MP1 (14.2.1023.0100)
SEP Auto-protect fails to auto compile or manually compile.
On kernel [3.10.0-862.14.4.el7.x86_64] and [3.10.0-957.el7.x86_64] auto compile works 100%.
-----------------
make[1]: Entering directory `/usr/src/kernels/3.10.0-862.11.6.el7.x86_64'
arch/x86/Makefile:96: stack-protector enabled but compiler support broken
arch/x86/Makefile:166: *** CONFIG_RETPOLINE=y, but not supported by the compiler. Compiler update recommended.. Stop.
make[1]: Leaving directory `/usr/src/kernels/3.10.0-862.11.6.el7.x86_64'
make: *** [custom] Error 2
----------------
The compiler is not in doubt.
These warnings have been popping up on the task bar for a few days now. I've looked through the local logs but I'm not seeing any useful info on the loacl machine.
Can someone offer some advice on where to look in the logs (or how to configure the logs so I can get more info) so I can sort this out?
The machine is up to date patch wise. I don't know if this is originating on the local network or is external.
Hello All ,
We are planning to do Windows Patching and SEP upgrade on Windows 2008/2012 Servers . What is my questions are
1. If we are doing at the same it make any issue ?
2.Am going to push New verison fo SEP via REMOTE PUSH , So is this make any issue on it ?
Kindly provide me a solution on it :)
Dear,
I have a Issue, with the IPS definitions from sep 12.x clients is not update from 30/11 and looking in the sepm folder, inside the Symantec Endpoint Protection Manager\Inetpub\content\ there is a folder \Inetpub\content\TempCache with the name of the {55DE35DC-862A-44c9-8A2B-3EF451665D0A}: SEPC CIDS Signatures 14.0 - MicroDefsB.CurDefs - SymAllLanguages .
Its possible to move the content of the tempcahe folder to the originnal folder?
Machine appearing offline console
The machines are online but on the console they appear to be.
1) What can cause this problem?
2) What logs could we analyze to identify the problem?
3) Any known case?
Hi,
This is to inform SEP 14, any URL blocking under Firewall rule does not work if system proxy is enabled. After couple of esclation with support team, they have conculed rule works only if system proxy is disabled.
Well there are other ways to block URL but it would be great if system level URL blocking functional work along proxy in place.
Hi
In our environment few systems are not getting virus definition updates from SEPM server even server connection status showing Connected.
If I updates the definitions manually it's working .
Thanks
Hello,
? HELP PLEASE ?
I have upgraded my SEPM and my clients too at version 14.
I attempted to create a policy to limit access to a server with a specific protocol. But, i still can access to this server....
Someone have an idea please ?
We're working on an SOP which can be shared amongst admins and I was recently asked if I had a list of daily "things to do and check" regarding SEP 14. I never really thought about everything we do in a to do list configuration, so I figured I would see if anyone had anything similar which they operate from. We have most of the basics but I'm sure we're missing something. I asked our Symantec SE but he wasn't helpful...just pointed us to the admin guide. Thus the reason I'm asking the forum. Hopefully someone has something a little better than the AG.
Thanks in advance for any input.
I need inforation for SEPM 14.2.
In my client environment we have a request to use PKI certificates for SSL communication.
I need to know the requirement which i need to share with the certificate Administrator. I need the Key usage and Enhanced key usage information like the one below for SEPM certificates.
Key Usage
Digital Signature, Non-Repudiation, Key Encipherment, Data Encipherment (f0)
Enhanced Key Usage
Server Authentication (1.3.6.1.5.5.7.3.1)
Apart from this do i need to provide any other information.
And after getting the Certificate how do i update the certificate in to SEPM.
Thanks in advance.
Hi,
I am trying to see the results of a Symantec AV manual scan with results printed out for each file scanned. My goal is to ultimately parse this output for file name and the associated threat that's identified, if any. Other scanners have made this fairly easy with a verbose output toggle or alternate command line function.
Examples:
Windows Defender
Scan starting...
Scan finished.
Scanning C:\Users\user\files found 1 threats.
<===========================LIST OF DETECTED THREATS==========================>
----------------------------- Threat information ------------------------------
Threat : Virus:DOS/EICAR_Test_File
Resources : 3 total
file : C:\Users\user\files\eicar3.com
file : C:\Users\user\files\eicar2.com
file : C:\Users\user\files\eicar.com
-------------------------------------------------------------------------------Sophos
SAVScan virus detection utility Version 5.47.0 [Linux/AMD64] Virus data version 5.50, April 2018 Includes detection for 19304857 viruses, Trojans and worms Copyright (c) 1989-2018 Sophos Limited. All rights reserved. System time 11:31:12 AM, System date 14 November 2018 Quick Scanning >>> Virus 'EICAR-AV-Test' found in file files/eicar2.com >>> Virus 'EICAR-AV-Test' found in file files/eicar3.com >>> Virus 'EICAR-AV-Test' found in file files/eicar.com 8 files scanned in 8 seconds. 3 viruses were discovered. 3 files out of 8 were infected. If you need further advice regarding any detections please visit our Threat Center at: http://www.sophos.com/en-us/threat-center.aspx End of Scan.
Back to Symantec
Is there any function for Symantec (either on Linux or Windows) that emulates the above? So far I have had no success. The closest thing is enabling vpdebug and checking the log file, but this is quite clunky and doesn't really contain the output I need (see attached). Seems like a simple task that a virus scanner should offer, but if it does then it certainly isn't easy to find.
Hello,
I'm receiving the attached error while configuring the SecureID Authentication, we are using SEPM 14.2. The other servers are configured successfully in the same environment but few servers are having this issue.
"Error: You must be connected to the specific server to configure a RSA ACE Client"
I logged in to the same server while configuring the SecureID Auth.
Any help would be appreciated.
Thank you.
Hi Team,
SEP client went offline after SEP12 to SEP14.2. is there any know issue reported on this version
Hello
I am running a few tests on a monitoring device which consumes various Syslogs (Symantec Endpoint Protection Data being one of them). Does anyone in here have any sample Symantec Syslog files I can use for my tests? or can you point me to a link / site for generating dummy syslogs?
Kind Regards
Ayem