I need a solution
Hello,
What happens if i over deploy Symantec Endpoint Clients? Are the ones over deployed disabled?
Thanks,
LEVD
0
↧
over deployed
↧
SEPM and Database - must be on same subnet?
I need a solution
Hi, I'm looking at setting up SEPM in a High Availability design. We have two datacentres and the plan is to have an SEPM server in each DC, along with a database server in each which replicate between themselves.
The install/admin guide for SEPM warns "To maximize the security posture of remote SQL Server communications, place both servers in the same secure subnet."
How hard a rule is this? We already have a set of SQL servers which we'd like to use for this, however they don't reside on the same subnets as what our SEPM servers will reside on, so the plan would be to just add firewall exceptions to allow these devices to communicate between each other across these subnets. What issues would/could this cause?
Would it be better to just build new database servers on the same subnets that our SEPM servers will reside on?
0
↧
↧
Management Server Configuration Wizard - SQL Password
I do not need a solution (just sharing information)
Apparently V14 does not allow the @ symbol for the SQL password. I had some issues with the console and had to run a repair.. When entering the SQL information, I have always used the windows authentication with a domain serice account that has the @ symbol in the password. This refused to go through and even locked out the service account a few times. I then had to have create a SQL authticated account with a password that didnt contain the @symbol and that had worked and allowed me to continue.
0
↧
Command status shows completed with log started status
I need a solution
Command status shows scan completion status as 100% but scan log shows scan at started with 0 details.
Is there any troubleshooting steps that I can take?
0
↧
Intrusion Prevention being reported as disabled
I need a solution
Since upgrading to our envrioment to 14.2, we are receiving errors in the Security Status that Intrusion Prevention is disabled on Mac OSX Clients. This seems to only affect machines that have the 14.2 Client installed. Checking our policices shows that it is indede enabled, anyone else come across this issue?
0
↧
↧
Upgrade Error 14.2.1031.0100 - After Schema upgrade
I need a solution
I have this error when upgrading to the latest SEPM version (14.2.1031.010).
- I have a GPO with these settings: "logon as a service permission" to these 3 accounts (NT SERVICE\semsrv ,NT SERVICE\semwebsrv, NT SERVICE\semapisrv) and this one in "Replace a process level token" (NT SERVICE\semwebsrv).
I have this log error:
I would appreciate any help.
0
↧
Firewall Logs
I need a solution
Hi All,
I noticed that the SEP firewall blocks some traffic without reporting it back to the SEPM. When I try to ivestigate what has been blocked, I don't find anything in the SEPM monitoring section.
My question is, how do I find out what has been blocked by the firewall.
Can anyone shed somelight on this.
Kind Regards,
Rabee.
0
↧
HELP!!! Failed to Import Server Policy
I need a solution
Hi there,
We have been having issues with scheduled scans on our network PC's. I have been manually pushing them out to over 500 pc's for the last few days as very few of our policies are working since the upgrade to version 14.2.758.
I went into the management console and found that most computers on the network have no policy serial number. I have also checked the system logs and noticed erros failed to import server policy.. (after receiving a new policy with serial number.)
I have moved the pcs into different groups but to no avail.
I cannot manually go to each PC and import a policy..
Please help!!!
Kind Regards,
Dave
0
↧
Netstat.db-wal grows out of control again at 14.0 MP2
I need a solution
We have a same issue like before. The netstat.db-wal very large file and continues to increase in size. We don't know the permanent solution (temporary solution, if stop the smc and after we start again).
I know that, there were some article in this topic (https://support.symantec.com/en_US/article.TECH239793.html), but our case is a little bit differece.
Our SEP is working in the ABB800xa DCS (distributed control system) automation system, and we have not internet connection. We need to use some special policy (approved by ABB),and need to update by manualy.
My question that, how we can update the SEP (how we need to download and install the hotfix )?
There is the version of my SEP:
Thank you for the answer!!
0
↧
↧
SEPM embedded database with broken links - how to fix?
I need a solution
Hi,
Does the fix only can be done by Symantec TSE?
SEPM 12.x and Win server 2008:
THREAD 1 INFO: Link is broken for [1] physical file ids :
THREAD 1 INFO: TargetId:[0AA8B81C1FBF77C62D031F2BF1E499FA] TargetType:[LuDownloadedPackage] ObjectTypeName:[ObjReference] ParentObjectTypeName :[PhysicalFile] Parent's TopLevelObject's GUID:[275AB0416855AFADD6D439994B348776]
0
↧
SEP - Top Devices Blocked Concern
I need a solution
Part of our regular reports is a scheduled report for Top Devices Blocked, wherein it blocks devices such as Bluetooth, CD/DVD, Smart Card Reader, USB, IDE and others. It is curently included on our Symantec policy that such devices should be blocked. Also on the local machine device management, were also blocked.
May I ask that why it were appearing on the report eventhough it was blocked at the first place. It was also confirmed that the said devices were blocked both on the Local machine and SEP Client.
0
↧
Different numbers license usage showing in subscription tab and All Computer
I need a solution
Hi,
We have 85 licenses of Symantec Endpoint protection small Business edition(Cloud). In Home page Subscription Widget is showing "Endpoint Protection 85 licenses (84 in use)" But in Computers tab is shwoing All computer = 86, All services = 86 .
Can you please help why license number is shwoing different and which one is correect. please find the attachments of snaps.
Thanks and Regards,
Rocky Mondal
0
↧
Strange DDOS attack
I do not need a solution (just sharing information)
We are experiencing a strange DDOS\Botnet DDOS attack from inside our network.
Tries to login with a NULL SID attack (as ancient as that is) with about 15 or so attempts in a second. Then it pulls another user and machine from AD and runs the same attack over again. Of ourse, the attack fails from a login perspective but does keep the server busy for a bit. Appears to be an APT but uses the stupid Null SID attack to try to login. Again this is like an internal botnet with one machine after another trying the Null Sid resulting in a 4625 being logged in my Windows server Security auditing failed events log.
Its as though our whole network is executing this attack against this one server one worstation at a time. Whatever this is it was not caught by SEP in any way. Same thing with Malware Bytes
Thanks for any ideas!
0
↧
↧
RSAT Active Directory Administrative Center blocked by SEP 14.2
I need a solution
SEP 14.2 Build 1031 running on Windows 10 Pro is causing RSAT Active Directory Administrative Center to launch as a backfround process. I have uninstalled SEP, ADAC loads as it should. I have added exceptons for C:\Windows\System32\dsac.exe, no change.
0
↧
Clients and Server not communicating
I do not need a solution (just sharing information)
I have installed Symantec Endpoint Protection Manager 14.2 on Server 2016. I have created a client install for Windows 10 which installs without any issues, however the client never connects to the manger unless I configure the client IP to a static IP rather DHCP any suggestions on how to fix this would be much appreciated
0
↧
LUA cannot download Updates when no Windows User logged in
I need a solution
Hello Forum,
We've recently installed LUA v2.3.7 on a Server 2016 Machine to get and distributed updates automatically for SEP via SEPM. Internet connection is via Proxy Server.
Scheduled and manual Download is only possible when a Windows user is logged in.
When no Windows User is logged in and scheduled Download is executed, we can see in the Event Log following informational entry:
"No new updates found during execution of schedule Download latest Antivirus Definition".
We're wondering if there is a specific Windows Service to be configured to get scheduled Downloads also without any Windows User logged in.
Can you help us?
0
↧
sep.securitycloud.symantec.com down?
I do not need a solution (just sharing information)
I've not been able to login this morning at all. I get a mixture of timeouts, 401, and 504 errors after authenticating.
Anyone else seeing this?
0
↧
↧
Win 10 Updates Fail with SEP 14.2 installed
I need a solution
We have seen a problem since October where a desktop running WIN 10 and SEP 14.2 fails to complete the windows update. The system will download and install the updates sometimes getting to 100% and then during the reboot, just come up to the spinning dots page and stay there. We have left a machine in this condition for weeks with no change. What we end up having to do is reboot the computer into safe mode, remove SEP with the removal tool, and then when we restart the system completes the update and starts normally. We have tried re installing SEP only to have it fail the same way during the next Windows update. NOTE, this seems to only be happening on desktop machines, we have not seen it on any laptops. About 40% of our desktops are experiencing this problem. Has anyone else seen a problem like this? We have upgraded SEP to 14.7 Build 770 and Windows 10 1803 or 1809.
0
↧
Linux mail server and SAV
I need a solution
Hello!
I'm a bit lost in Symantec products, so I hope this is right place to ask.
The task is to set up Symantec Antivirus on our mail server.
OS: Ubuntu 16.04.5 LTS
Mail Server: IceWarp
Mail Server software allows to check e-mails with external antivirus program by using command line, but Symantec is not oficially supported, so would be good to test before purchase.
Only command line antivirus is necessary. No real time protection, so kernel should not be recompiled. Updating with command line and crontab would be ok.
After browsing Symantec page I assume Symantec Antivirus for Linux (SAVL) is right product for this task, but I'm not sure. So questions are:
1) Is SVAL right product to use?
2) Is there trial version available, so we would be able to test if it's even possible to use it with IceWarp?
3) Is there any price comparison tables for Symantec products/versions (was not able to find, but maybe missed)?
4) How ofthen antivirus signatures are being updated?
5) Are there any other alternatives beside SAVL to use on mail servers?
Thanks for help in advance!
0
↧
Exclude Administrator from Web link emails - SEPM
I need a solution
Dear,
I need to deploy a SEP packages and I like to send a Web link from sepm but if send the email to the user , the same email was recipiend to all administrator , its possible to exclude them from this mails?
0
↧