Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all 10484 articles
Browse latest View live

Endpoint Protection 14.2 on SEPM machine is Offline

November 21, 2018, 7:31 am
$
0
0
I need a solution

We've has upgraded SEP from 14.0 to 14.2, and then export the installer package on 14.2 to upgrade on all clients. All machines has been upgraded and shown online status except Endpoint Protection on Machine which installed Endpoint Protection Manager (SEPM) is shown Offline only one.

What we tried already,

1. Export communication from new SEPM 14.2 and import into one - still Offline

2. Uninstall and install with packgage from new SEPM 14.2 - still Offline

3. Uninstall and install with Full Packgage installer from Symantec and inport the communication - still Offline 

Please let me know, how can i do more. Thank you.

With Best Regards, 

0
Search

How to align the IP version displayed on SEMP?

November 21, 2018, 7:33 am
$
0
0
I need a solution

Good day everyone,

The IP display method is not aligned and show IP V4 and V6, I would like to know how to make it align and show IPv4 info. only? 

Thank you very much!

0

Replication Error - "Unable to fetch changed data from remote site: Invalid Hex String:0x00000000"

November 21, 2018, 12:03 pm
$
0
0
I need a solution

Hello everyone. I could use some help.

Please don't ask me why this was setup with this as I have no answer.

I have a client with two SEPM 14 servers. Each server sees the other as a remote site and each server lists the other one as a Replication Partner.

When replicating from Server02 to 01, it shows being successful. However, when the opposite is done (from 01 to 02), it appears to go through all the process and as normal as I can tell. However towards the end, it fails and shows this message:

"Replication from remote site Site opc-srv-av-02 to local site Site opc-srv-av-01 finished unsuccessfully". "Unable to fetch changed data from remote site: Invalid Hex String:0x00000000"

We are using the embedded database, not SQL.

If you need further details or logs, please let me know. Thank you all.

0

Auto-Protect Error

November 21, 2018, 6:37 pm
$
0
0
I need a solution

Auto-protect is disabled because registration of the virus database failed.

Any fix on this issue? 

thanks.

0
1542856377

File Reputation Lookup Alerts

November 21, 2018, 7:25 pm
$
0
0
I need a solution

It keeps notifying everyday. Can't tell what's wrong, no error description.

will upgrading to version 14 solve the problem?

0

Symatec corrupts attached files with Chinese characters in file name

November 21, 2018, 10:28 pm
$
0
0
I need a solution

Our company has Chinese customers that some times send us attached files. Naturally the file names is in Chinese. We use outlook.

However, symantec corupt these files and their file size become zero (0 bytes) when we try to open them. We can open the file if it is resent with a file with only English characters.

Other has had this problem at least since 2009, probably longer. I cant believe that Symatec has not yet ben able to fix this probelm.

We are suing Symantec End Protection 12.1.6(12.1.RU6 MP8) Build 7266 (12.1.7266.6800).

Example of file names:

  • REACH 高关注物质调查表(中文版) (1).xls
  • REACH_191项清单  (1).xls

I have only been able to find two ways of fixing this problem.

  1. Disable Symatec or
  2. Press forward, and open the attachment from the new email.

My question is, when will this be fixed? Should I expect another 9-10 years before it is fixed?

Thank you in advance.

Best regards

Johannes

0

Windows fails to load smart card reader drivers with SEP installed

November 22, 2018, 7:44 am
$
0
0
I need a solution

Hi,

I wanted to ask about the issue I recently found out in environment.

As far as i can see sometimes Smart Cart reader drivers stop working when SEP is installed on PC.

I found the TECH251500 on https://support.symantec.com/en_US/article.TECH251500.html , but the suggested resolution (create exception of C:\WINDOWS\system32\svchost.exe) looks very weird for me - this is one of the most important executable files in the Windows OS and I'm not sure if it is safe to disable scanning for it.

I wanted to ask if you know any risks connected with it or can suggest how to mitigate the risk of infection after creating this exception?

0

The SEPM 14.x log storage time

November 23, 2018, 12:48 am
$
0
0
I need a solution

How long are client logs stored in the SEPM?For each log storage time is different? Is there any public information on the maximum storage time for each log?

0
Search

Application WhiteListing using SEPM

November 23, 2018, 2:03 am
$
0
0
I need a solution

Hi all,

We have a requirement to configure application whitelisting to allow the applications which has been added in the application whitelisting group and block/warn other application in the client computers. Please let me know whether application whitelisitng is supported in SEPM 14.X. if yes, how can we proceed doing it. 

Regards,

Anishk

0

Client not updating though client install package applied

November 23, 2018, 5:02 am
$
0
0
I need a solution

Hi,

I have recently upgraded my SEPM to 14.2 MP1 (14.2.1015.0100). I have then assigned the client install package since 19/11, but until now the clients have not been upgraded automatically. Clients are on 14.0.3897.1101; some have upgrade but some not upgraded. When I check the client on SEPM Deployment status is stuck on The client is ready to accept the upgrade package. How can I troubleshoot this? Anyway I can force it?

Thanks to help!

0

how to prepare Symantec Endpoint Protection Manager (SEPM) for disaster recovery, or recover your SEPM environment in the event of a disaster.

November 25, 2018, 4:31 am
$
0
0
I need a solution

Hi,

how to prepare Symantec Endpoint Protection Manager (SEPM) for disaster recovery, or recover your SEPM environment in the event of a disaster.

0
1543149469

Set Notifications for IPS Events but not Port Scans

November 24, 2018, 2:56 am
$
0
0
I need a solution

Hi,

I currently have the Symantec Endpoint Protection Manager notifications set to send me an email notification when there is a Network and Host Exploit Mitigation Event.

I get a lot of port scan events in my environment. I do not need an email each time a port scan occurs, but I would like to be notified of all other IPS events.

Is there some sort of work around for that lack of notification conditions? Is there a way to log a port scan without being notified about it?

0

IPS Signatures not updating on multiple systems

November 26, 2018, 8:37 am
$
0
0
I need a solution

Endpoints: 14.2.1023.0100, 14.0.3897.1101

OS: Windows 10 1803, Windows 7 SP1

SEPM: 14.2.1023.0100

LUA: 2.3.7

I have multiple systems stuck on October IPS signatures, usually 10/10 R61 or 10/12 R61. All other systems are on 11/23 R61. When manually running the LiveUpdate on impacted systems, the LUE log on the impacted endpoints does not show an attempt to pull IPS updates.

LUA and SEPM both have the latest version of the IPS signatures, 11/23. The LUA servers are pulling the 14.0 base definitions, 14 RU1 defitions, 14.2 base definitions, and the 14.2 MP1 defintions. Multiple systems on the same SEP versions as the impacted systems are receiving the updates. They are on the same subnets.

Is there a way to trigger an IPS definitions update that is different than the normal update job, update content in SEPM, or LiveUpdate on the endpoint?

****************************************************************************************************
Symantec LiveUpdate Engine 2.6.0.15   (Release)
OS: Windows 7 Enterprise 64-bit, VerInfo: 6.1, ServicePack: 1.0
LanguageID: 00000409
WinHttp.dll Version: 6.1.7601.24000
----------------------------------------------------------------------------------------------------
Session started at: 2018/11/26 10:34:16.658    (UTC -06:00)
ProcessId: 2556, ThreadId: 10040, SessionId: 202, Machine ID: 31C75F22-AD6B-CA77-C5CD-99867EC9D354, Agent Field: LiveUpdateEngine-2.6.0.15
----------------------------------------------------------------------------------------------------
  Component: Moniker: {51C81AF7-5A45-4BEF-9CA4-38AF3C891F46}, P: SEPC SRTSP Settings, V: 14.0 RU1, L: SymAllLanguages.
  Component: Moniker: {C1D5327B-2BA6-43FA-AFE7-8E6C8360EE2D}, P: SEPC CIDS Signatures 14.0 RU1, V: MicroDefsB.CurDefs, L: SymAllLanguages.
  Component: Moniker: {57201BD7-52EE-4841-8368-05C54B1F44DC}, P: SESC AntiVirus Client Win64, V: 14.0, L: English.
  Component: Moniker: {486F9890-6E2A-4D5E-AA21-33E0AFC847A5}, P: SEPC STIC, V: 14.0 RU1, L: SymAllLanguages.
  Component: Moniker: {60D697A2-0A4B-0378-40BB-F90BB4FF6FB7}, P: SESC AntiVirus Client Security Fix Win64, V: 14.0 RU1 MP1, L: English.
  Component: Moniker: {03485132-6B4C-4075-8B19-3BE002B2AE80}, P: SEPC EDR, V: 14.0 RU1, L: SymAllLanguages.
  Component: Moniker: {0717B2A8-65E5-48C8-8E06-4613B170EAA9}, P: SEPC AdvML (Static) Win64 14.0 RU1, V: MicroDefsB.CurDefs, L: SymAllLanguages.
  Component: Moniker: {0F3370CC-CB7C-4976-9315-22E436B26137}, P: SEPC Iron Whitelist 14.0 RU1, V: MicroDefsB.CurDefs, L: SymAllLanguages.
  Component: Moniker: {6A585666-3EAE-44c3-8821-711CCE3F2873}, P: SEPC Error Submission Control Data, V: 1.0, L: SymAllLanguages.
  Component: Moniker: {7ADF5254-6017-4769-89B1-9F9CD03FA8C5}, P: SEPC Iron Settings 14.0 RU1, V: MicroDefsB.CurDefs, L: SymAllLanguages.
  Component: Moniker: {FDDBF0FB-0A93-1B05-74DA-0710C2E8441D}, P: SEPC SMR Definitions 14.0 RU1, V: MicroDefsB.CurDefs, L: SymAllLanguages.
  Component: Moniker: {74BC74C3-493B-46DA-B3B6-6C9C86F29B89}, P: SEPC Submission Control Data, V: 14.0 RU1, L: SymAllLanguages.
  Component: Moniker: {8020CBD2-0BA5-4FFD-BB3E-57CB42C6513C}, P: SEPC Extended File Attributes and Signatures 14.0 RU1, V: MicroDefsB.CurDefs, L: SymAllLanguages.
  Component: Moniker: {67F66706-F04B-4432-9947-F8354949D2A6}, P: SEPC Virus R Definitions SDS Win64 (x64) 14.0 RU1, V: MicroDefsB.CurDefs, L: SymAllLanguages.
  Component: Moniker: {FE0C7385-92CD-4877-B26F-EE9FFB3C34E0}, P: SEPC Iron Revocation List 14.0 RU1, V: MicroDefsB.CurDefs, L: SymAllLanguages.
  Component: Moniker: {0580D57D-0AD3-2299-2F3A-6A29762D60F1}, P: SEPC WTR, V: 14.0 RU1 MP1, L: SymAllLanguages.
  Component: Moniker: {BA569190-E525-4101-A87A-775EF73FDD26}, P: SEPC Behavior And Security Heuristics 14.0 RU1, V: MicroDefsB.CurDefs, L: SymAllLanguages.
  OnNotify() method for callback {2F090208-20DC-42f0-BBD8-B68B472F7215} returned 0x0
  OnNotify() method for callback {EDBD3BD0-BEEF-4d4d-BAC9-19DD32EF4758} returned 0x0
  OnNotify() method for callback {FC3A4F52-7087-45DC-9DB3-C5B20B720627} returned 0x0
  OnNotify() method for callback {03485132-6B4C-4075-8B19-3BE002B2AE80} returned 0x0
  OnNotify() method for callback {E11A4D73-EE42-4073-8AE1-211B9EF0B9E0} returned 0x0
  OnNotify() method for callback {263395A0-BEEF-4be4-80B5-202C94EF4AA0} returned 0x0
  OnNotify() method for callback {41E7872E-BEEF-4C2E-A1BA-F5394C2D9BCD} returned 0x0
  OnNotify() method for callback {810D5A61-BEEF-49c2-BD75-177F0647D2BA} returned 0x0
  OnNotify() method for callback {B6DC6C8F-BEEF-40c7-A806-B669BE1D2D19} returned 0x0
  OnNotify() method for callback {511C2222-DEFD-22EE-B154-4A6A546B9793} returned 0x0
  OnNotify() method for callback {0580D57D-0AD3-2299-2F3A-6A29762D60F1} returned 0x0
  OnNotify() method for callback {57CD7B31-861B-46be-8EBD-AED7EDF28F76} returned 0x0
  OnNotify() method for callback {F845E8D8-25D9-4cbb-A20F-1350B8120133} returned 0x0
  Server selection complete. Server is [SERVERNAME] on port 7070.
  Connected using proxy: (PROXYINFO).
  OnNotify() method for callback {2F090208-20DC-42f0-BBD8-B68B472F7215} returned 0x0
  OnNotify() method for callback {EDBD3BD0-BEEF-4d4d-BAC9-19DD32EF4758} returned 0x0
  OnNotify() method for callback {FC3A4F52-7087-45DC-9DB3-C5B20B720627} returned 0x0
  OnNotify() method for callback {03485132-6B4C-4075-8B19-3BE002B2AE80} returned 0x0
  OnNotify() method for callback {E11A4D73-EE42-4073-8AE1-211B9EF0B9E0} returned 0x0
  OnNotify() method for callback {263395A0-BEEF-4be4-80B5-202C94EF4AA0} returned 0x0
  OnNotify() method for callback {41E7872E-BEEF-4C2E-A1BA-F5394C2D9BCD} returned 0x0
  OnNotify() method for callback {810D5A61-BEEF-49c2-BD75-177F0647D2BA} returned 0x0
  OnNotify() method for callback {B6DC6C8F-BEEF-40c7-A806-B669BE1D2D19} returned 0x0
  OnNotify() method for callback {511C2222-DEFD-22EE-B154-4A6A546B9793} returned 0x0
  OnNotify() method for callback {0580D57D-0AD3-2299-2F3A-6A29762D60F1} returned 0x0
  OnNotify() method for callback {C33C0A9C-A163-4566-A684-8BA733E4D9A6} returned 0x0
  OnNotify() method for callback {57CD7B31-861B-46be-8EBD-AED7EDF28F76} returned 0x0
  OnNotify() method for callback {F845E8D8-25D9-4cbb-A20F-1350B8120133} returned 0x0
  ***** Session Results *****
  Total Updates Available: 0
  Total Updates Succeeded: 0
  Total Updates Succeeded - Reboot Req: 0
  Total Updates Skipped: 0
  Total Updates Failed: 0
  Session result code: 0x00000000
----------------------------------------------------------------------------------------------------
Session ended at: 2018/11/26 10:34:20.110    (UTC -06:00)
****************************************************************************************************

0

What is the different of Client / Deployment target / Running Version?

November 26, 2018, 5:29 pm
$
0
0
I need a solution

Good Day.

We found a client showed its version has been updated to 14.2.1015 (See attachment).

When I right click the client and select > Edit Prosperities (See attachment), it showed the deployment target and running version is 12.1.5337.

Anyone know what is the difference of it, is it normal?

The deployment target and running version of the client in this Group are not aligned. 

Actually, all of the group are inherited the policy from the default group, should I re-assigned all of the LiveUpdate policy to it?

Thank you very much.

0

Uninstall Client Using Manager

November 26, 2018, 12:51 pm
$
0
0
I need a solution

I have been thrown into fixing Symantec on our network - We currently are using an out dated version 12.1.5337.5000 - It is basically broken and stopping us from being able to do many things on our network. I am trying to see if there is a way to use the manager console to remove SEP from the client computers. So far, I am coming up empty handed. It seems the only way to remove SEP from clients is to physically log into each client and remove it. We have roughly 400 computers on our network, so this will be extremely time consuming. If anyone knows a way to uninstall clients through manager on this version PLEASE HELP

0
Search

Nessus Professional 8.0 - nessus.exe quarantined

November 26, 2018, 1:05 pm
$
0
0
I do not need a solution (just sharing information)

We updated our Nessus scanner to 8.x on 11/21.  The 11/22 overnight scan flagged and quarantined the nessus.exe file. 

Please pass on to signature writers. 

We added a local system exclusion.  

0

Symantec Endpoint Protection Manager Service - High Memory Usage

November 27, 2018, 1:19 pm
$
0
0
I need a solution

Hello,

I am running  Windows 2012 R2 server with 32 GB and noticed the following with Symantec Endpoint Ver. 14

SQL Anywhere Network Server -> Symantec Embebbeded Database memory useage is at 5GB

Symantec Install Component -> Symantec Endpoint Protection Manager memory useage is 8GB

Symantec Install Component -> Symantec Endpoint Protection Manager API service memory useage is 2.5GB

Why is the Service Symantec Endpoint protection manager memory useage is at 8GB? And, how do i reduce it?

Thanks

0

Required Software GAMP(Good Automated Manufactruing Practices) Cateogary declaration and 21 CFR Part 11 (US FDA) relevant Document

November 27, 2018, 9:13 pm
$
0
0
I need a solution

Hi,

Required Software GAMP(Good Automated Manufactruing Practices) Cateogary declaration and 21 CFR Part 11 (US FDA) relevant Document

thanks,

Jaydeep singh

0

Running Psexec command in CMD

November 28, 2018, 3:13 am
$
0
0
I need a solution

Hi All,

I tried to update the sep client from the jump server where the SEPM is configured. I tried it via command prompt --PSEXEC method.

(where psexec is placed)D:\psexec.exe \servername(SEP Client) -u Domainusername -p password -e -i -n 6 c:\IntelligentUpdator.exe

I have used the above command to load the virus definition from Jump(Where SEPM configured ) to another server(where SEP client installed). But it is throwing some error as "The requested operation requires elevation".

Is this related to admin rights requirement. Or is there any issue in the command which i have used. Kindly help me in this case.

with Regards,

Harish

0

Symantec's Security Predictions: 2019 and Beyond

November 28, 2018, 3:22 am
$
0
0
I do not need a solution (just sharing information)

Just spreading the word about this upcoming (free!) webinar from Symantec's CTO, Dr. Hugh Thompson and APAC CTO Nick Savvides, on 12 December.  If you are interested in keeping up-to-date with the threat landscape, please do attend in person or watch the recording later. 
 

Symantec's Security Predictions: 2019 and Beyond

https://www.brighttalk.com/webcast/13389/342382 

0
Viewing all 10484 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>