Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all 10484 articles
Browse latest View live

SEPM Filebeat Module

November 15, 2018, 3:51 am
$
0
0
I need a solution

Hi all,

First post here - please be gentle!

I have installed Filebeat on my (Windows 2016) SEPM server, which is working well (pulling from .tmp files in data/dump). My next job is to put together a SEPM-specific Filebeat module to detect/filter/identify fields within the log files so that we can do more useful indexing in Elasticsearch (and reporting in Kibana).

Before I do, though, I thought I'd ask whether anyone has already put one together? It would save me a lot of thinking time if so. If not, I'll see what I can do and could probably share it here if anyone else would find it useful.

Thanks.

0
Search

Push Out Intelligent Updater via SCCM?

November 15, 2018, 7:15 am
$
0
0
I need a solution

Can you use SCCM to push out an Intelligent Updater file?  I've got 130+ servers that for some reason are not getting virus def updates. This happened last month and I logged on to each and every one and ran LiveUpdate. They got updates fine for a few weeks but now are not.

I thought perhaps if I gave our server team an Intelligent Updater file they might could deploy it and run it from SCCM. I'm not at all familiar with SCCM so maybe that's not even possible?

I have no idea why these servers failed to update. They show as communicating with SEPM. I can't update from the clinet using the Fix button. I tried updating from SEPM but no joy. However, I can update from the client using LiveUpdate.

I ran SymDiag and am not seeing any issues (other than we're a couple of minor versions behind).

Thanks.

0

SEP double hwids

November 15, 2018, 7:19 am
$
0
0
I need a solution

Hi,

We have some issues that SEP stops working on a client pc.
I think this problem occurs because some images we use for cloning are not prepared correctly, not ran clone prep so having the same hwid.

Is it possible that when we image 10 machines with this images, and more then 1 comes online, machines with the same hwid are disabled?

Thx,

LEVD

0

プロキシ設定について

November 15, 2018, 7:54 am
$
0
0
I need a solution

Symantec EndPoint Protection Cloud 版を利用しているが、プロキシの設定について、

Symantec EndPoint Protection同様にIEのプロキシの設定を利用する設定がほしい。

顧客先に常駐している場合など、顧客に割り与えられたプロキシユーザを利用しているため

個人ごとにポリシーを管理する必要があるため管理が複雑になる。

また同一の利用者が、顧客先常駐用の端末と社内用の端末を利用する場合、

ポリシーを変更しなければいけないためユーザを複数作成する必要がでてきている。

ご対応の検討のほどよろしくお願いいたします。

0

whitelist

November 15, 2018, 12:11 pm
$
0
0
I need a solution

recently our SEP began blocking file in a directory that wa whitelisted.  The files were seen as a threat and the hueristic scanner blocked them (sometimes deleted).  If the directory is whitelisted then shouldn't the SEP ignore anything in it?

0

Exception policy content comparison

November 15, 2018, 12:39 pm
$
0
0
I need a solution

Hello, 

Does anyone have a good method of comparing the contents of multiple exceptions policies? We currently have over 90 exceptions policies that are in place and used in our environment. We'd like to compare all of them to see if there are any we can consolidate and get rid of if there's only slight differences between them. Does anyone have a quick way to compare these?

0

Clients haven't updated for 3 weeks

November 16, 2018, 3:12 am
$
0
0
I need a solution

Good morning,

I am running SEPM 14.2.760

My SEP clients have not updated for over 3 weeks now.  If I run Live Update manually on a client then it pulls down the latest definitions no problem.

I have checked in SEPM -> Policies -> LiveUpdate (which is the default policy created at install, and is applied to all my Client groups) and to me, the setting look good. Looks like Client should check for updates every 4 hours, and they can pull down from either the SEPM or from LiveServer directly.

I have attached images of these settings.

Anyone know what's happening please?

0

No special characters allowed in AD password for SQL DB on 14.2 MP1

November 16, 2018, 7:59 am
$
0
0
I need a solution

Hi,

We recently deployed the MP1 patch to our 14.2 environment (taking it from 14.2.770 to 14.2.1015). During the DB upgrade part, I noticed I could not re-apply the Active Directory credentials for our SQL based AD user as the password contained a special character (! and @). The wizard just didn't allow us to type those specific characters anymore. Also copy/pasting the password failed, and even the ASCI code didn't add the characters. We ended up having to reset the pass to something else in order to continue..

The same password (with ! and @) could still be used when we first went to 14.2 so I'm fairly sure it's something with the MP1 patch. We've found the same issue for both of our (separate) environments. Anyone else have this? Any workaround (or known issue KB article) available?

The screen I am referring to is the one where I select "Windows Authentication" and where you need to provide the Database username and Database password for our AD user.

Thanks

0
Search

SEPM 14 Install Recommendations?

November 16, 2018, 11:03 am
$
0
0
I need a solution

I'm currently only running SEPM 12 but am unable to do an in-place upgrade since the OS is too old.  What I'm planning to do is bring up a Windows 2016 server as my new SEPM 14 server and eventually decommission my SEPM 12 server.  In this scenario, do you guys have any SEPM 14 install recommendations that might make it easier for me to redirect existing SEP 12 clients to this new SEPM?  Automating the client redirect would be nice although not sure if this is even possible without resorting to tools outside of SEPM.

0

Liveupdate cannot connect to server

November 16, 2018, 1:34 pm
$
0
0
I need a solution

Hi all,

Recently deployed SEP 14.0 RU1 MP2) to all Macs in my office.  At first the update process didnt work at all until "additional resources" SEP.mpkg and SEPSku.mpkg were installed which "fixes" the update problem.  However, after reboot Live update continues to fail with the error message stated in the title.  Any thoughts would be much appreciated

0

Migrar Symantec Endpoint Protection de Windows Server 2008R2 a WIndows Server 2012 R2

November 16, 2018, 5:11 pm
$
0
0
I need a solution

Buenas amigos del foro!

Quiero migrar mi servidor de SEPM que tengo instalado en un Windows Server 2008 R2 con la versión de consola 14.0.3929.1200 a uno nuevo con Windows Server 2012 R2 y la nueva versión 14.2.0. He leído ciertos procedimientos que están documentados desde la página de Symantec. Sin embargo, no he logrado los objetivos de la instalación. El nuevo servidor tiene una ip diferente y un nombre diferente.

Hasta el momento he intentado cargar las bases de datos del server viejo al nuevo y me funciona por un momento y luego todo el antivirus me deja de funcionar.

He seguido estos pasos

https://support.symantec.com/es_ES/article.TECH171...

https://support.symantec.com/en_US/article.TECH160...

Y no he conseguido nada.

Si alguno ha realizado este proceso con anterioridad y puede ayudarme, se lo agradeceré!

De antemano, muchas gracias por leer el post!

Saludos,

0

Installing SEP on non domain computer

November 17, 2018, 11:19 am
$
0
0
I need a solution

Hello, i want to install SEP at non domain laptop, but i want my laptop to have communication with management server, when i'm exporting installation package from management server and install it on my workstations there is no communication with server. Can someone tell me how should i correctly export installation package and what should i do.

0

SEP Rest API - scan endpoint, send suspicious file and retrieve file

November 18, 2018, 9:07 am
$
0
0
I need a solution

Hello,

I would like to implement the following Rest API queries:

1. https://apidocs.symantec.com/home/saep#_run_a_scan_on_symantec_endpoint_protection_endpoints

2. https://apidocs.symantec.com/home/saep#_send_a_suspicious_file_to_symantec_endpoint_protection_manager

3. https://apidocs.symantec.com/home/saep#_retrieve_a_file_from_symantec_endpoint_protection_manager

Could you please give an example of the URL and the body of the requests for each?

Also, is there a query to retrieve the scan results?

Thanks!

0

Exporting data to a Syslog server

November 19, 2018, 5:27 am
$
0
0
I need a solution

Hi,

how to send logs to sepm to syslog server?

Regards

Deo Mani

0

SEPM Client 'not reporting status'

November 19, 2018, 5:38 am
$
0
0
I need a solution

Hi,

Most of our clients are doing this, and some are doing ok but reporting well out-of-date definitions when it's not true.

Checking a client that is not reporting status, we get this on the 'Server Connection Status' tab:

Status: Not connected
Error: HTTP error 500
Last attempted connection: 19/11/2018 13:27:35 | SERVERNAME | PORTNUMBER

The FQDN of SERVERNAME is XYZ.corp.domain.com, but we use CNAME records in DNS for our own external zone (so just domain.com). When we setup this server we created a new Management Server List that has the CNAME record of av.domain.com on HTTPS port 8444. However if we revert to the default Management Server List which is FQDN on HTTP port 8014 we get the same results.

The diagnostic tool didn't highlight any communication errors. What else can I try.

This server also has WSUS running on port 443 (which is why we use 8444), even though the WSUS site is setup with a proper host header. Is SEPM not host header aware for us to use the default 443 for multiple sites. That's what host headers are for.

Thanks

0
Search

Local AV Logs vs. SEPM Logs

November 19, 2018, 11:31 am
$
0
0
I need a solution

Upon investigating a recent risk event, I noticed that the local system AV log located in \ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Logs\AV contained entries for "Internet browser temporary file cache" and "Browser Cache Remediation Delete Internet browser temporary file cache". However, when viewing the risk log (Monitors->Logs->Log type Risk) for the same system in the SEP Manager, this information was not presented. Any reason why these particular details would not be displayed when viewing the risk log information in the SEP Manager? The risk name in question is WS.Reputartion.1 and the action taken was 'Deleted'.        

0

Content Install Failed On the Client

November 19, 2018, 1:07 pm
$
0
0
I need a solution

Trying to figiure out why only some of our managed clients are not installing the LiveUpdate virus definitions. Has become a problem since switching to SEP 14.2 MP1 last week. Below is the error in Event Viewer for when it tries to install the definitions. Does anyone have any ideas?

Content install failed on the client

Product: SEPC CIDS Signatures 14.2
Version: MicroDefsB.CurDefs
Language: SymAllLanguages
Moniker: {0D03AEA1-B630-43F8-828E-F10E80A68B99}
Sequence: 181116061
Publish Date: Friday, November 16, 2018
Revision: 061

0

SQL Query to get list of up-todate endpoints

November 19, 2018, 2:59 pm
$
0
0
I need a solution

hi all,

I am trying to understand the database structure and write a query to pull some stat. On the home page, we can see the total number of end-points, as well as up-to-date and out-of-date endpoints. can anybody help me with the WHERE clause for the query to get these two numbers? 

Thanks 

0

SEP Modules

November 20, 2018, 7:04 am
$
0
0
I do not need a solution (just sharing information)

Hello all,

Im new to SEP and trying to understand some reports I have been given in terms of modules not working and malfunctioning and how they could undermine or prevent SEP client 14 from working even if its AV definitions are fully up to date.

The modules im interested in are 

Download Insight  

Sonar  

Memory Exploit Mitigation  

Auto Protect on 

Tamper Protection on

Intrusion Prevention 

Network and Host Exploit Mitigation 

Deployment Status 

Even if anyone can point me in the direction of any documentation which confirms in more details each of these modules or a quick run down on each and if they have any depency on the AV engine or vice versa ?

Thankyou all

0

How client will receive Symantec endpoint patch if i Configure Group Update Provider

November 20, 2018, 11:19 pm
$
0
0
I need a solution

Dear

i am using Endpoint protection 14 

i need to use GUP for reduce the load on management server,

if  i configure GUP, then how client machine will receive Latest patch on machine.

and what setting i need to do.

In Live Update setting as there are some option like

1.Use default management server

2.Use default Live update server

a.use default update server

b

c. use specific internal update server.

2.Use Group Update provider.

0
Viewing all 10484 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>