Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all 10484 articles
Browse latest View live

Upgrading SEPM from 12.x to 14.x

February 11, 2019, 8:06 am
$
0
0
I need a solution

It is my understanding that after upgrading SEPM from 12.x to 14.x that the pre-existing clients will continue to run the old version of 12.x until a new 14.x package is created and pushed out to them. Is this correct or will the pre-existing clients automatically reboot and upgrade to 14.x? 

If the SEPM server still has the same IP and Hostname, all the of clients should automatically begin communicating with it after installation is complete, correct?

0
1549903100
Search

Unable to login via browser but can via SEPM console

February 11, 2019, 11:43 am
$
0
0
I need a solution

User (an admin) is unable to login to SEPM via a browser. Gets "the administrator's user name or password is incorrect....".  But, he can go to the SEPM server and login just fine there. Looking at his account in SEPM he is not locked. His AD account is not locked.

Cleared cached in the browser and restarted it but no joy.  User not having any problems logging into other browser based tools.

Other users not having this issue.

Suggestions?

0

SEP on software development machines

February 11, 2019, 1:46 pm
$
0
0
I need a solution

Hi-

We use the SEP suite throughout our organization (medium sized software dev organization), but we are recieving some feedback from Engineering concerning the performance impacts of SEP.  I'm hoping I can get some guidance on how to configure SEP for minimal impact of our typical development use cases without compromising the safety that we get from SEP.

Our development process relies heavily on git and java.  Java is a bit of a special case so first we can look at git.exe.  On a windows 10 machine it takes a factor of 10 longer to process a git command then it does on the same machine with SEP.  However, we have added git.exe to the whitelist, in addition to whitelisting the folder git is operating on, so I'm unsure what might still be impacting the operation.  When I introspect the git process, I can see "SYSFER.DLL" in the call stack so I know SEP is involved, I just can't quite figure out why.  Any help would be appreciated.

The second process is Java which requires special attention.  Since java can dynamically load and execute malicious code we can't safely whitelist java.exe.  Is there a suggested method for whitelisting a particular specific java.exe or specific java "JAR" files (which as I understand have the executable code in them)?

Finally, what is the best way for me to tell that the processes and files that I have whitelisted are not being scanned or impacted by SEP.  For example when I whitelisted git.exe there was no change in the performance but I can't really tell what SEP is doing.  I just know it is still slow.

0

SEP 15 Bandwidth Utilization Clarification

February 12, 2019, 1:54 am
$
0
0
I need a solution

Hello Everyone, I am very well familiar with SEP 15, its architecture and how it works.

I have one specific question which is concering the bandwidth utilization for SEP 15 clients, specfically when it comes to downloading the content definations and uploading the logs to the Cyber defense manager in the cloud. I am unable to find any TECH note which talks about this aspect of bandwidth utilization.

Does anyone have more info on this?

0

SEP 14 client not able to report into SEP management server

February 12, 2019, 3:03 am
$
0
0
I need a solution

Hi all,

Any advice please.

I have multiple servers connecting fine to our SEP management server but one of them (offsite domain controller) are not able to connect to our SEP management server.

This problem server runs SEP 14 client (Server 2016 and Windows firewall disabled) and it is not able to report into the SEP management server (SEP 14).

On the client the "Server connection status" displays Not connected and error: SSL Connect error.

From the client machine I am able to telnet to the SEP management server on port 80, 443 and 8014.

The client does reach the Apache server. 

From Apache event logs:

10.239.8.11 [12/Feb/2019:11:42:38 +0200] "\x18\x03" 400 226 "-""-" - 0 3392

10.239.8.11 [08/Feb/2019:09:51:57 +0200] "-" 408 - "-""-" - 0 3500

10.239.8.11 [08/Feb/2019:10:44:25 +0200] "GET /secars/secars.dll?hello,secars HTTP/1.1" 200 20 "-""Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E)" - 1997 3500

10.239.8.11 [08/Feb/2019:10:44:25 +0200] "GET /favicon.ico HTTP/1.1" 404 209 "-""Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E)" + 1001 3500

Any ideas what the SSL connect error could cause?

Thank you

0

SEPM SQL Issues

February 12, 2019, 10:37 am
$
0
0
I need a solution

Hi Everyone,

When i try to run replication between SEPM Prod and DR servers, I'm getting below errors.

February 11, 2019 11:20:24 AM PST:  Replication from remote site XXXX. - DR to local site XXX. finished unsuccessfully  [Site: XXXX.]  [Server: ]
February 11, 2019 11:20:23 AM PST:  Unable to fetch changed data from remote site [XXX - DR]: Failed to load data. If packet size is not too large, please modify it by scm.bcp.packet.size. Detailed message
: SQLState = 08001, NativeError = 21
Error = [Microsoft][ODBC Driver 11 for SQL Server]Encryption not supported on the client.
SQLState = 08001, NativeError = 21
Error = [Microsoft][ODBC Driver 11 for SQL Server]Client unable to establish connection
SQLState = 08001, NativeError = -2146893007
Error = [Microsoft][ODBC Driver 11 for SQL Server]SSL Provider: The client and server cannot communicate, because they do not possess a common algorithm.
SQLState = 08001, NativeError = -2146893007
Error = [Microsoft][ODBC Driver 11 for SQL Server]A network-related or instance-specific error has occurred while establishing a connection to SQL Server. Server is not found or not accessible. Check if instance name is correct and if SQL Server is configured to allow remote connections. For more information see SQL Server Books Online.
  [Site: PayPal Inc.]  [Server: XXXX]
February 11, 2019 11:20:19 AM PST:  Client activity logs have been swept.  [Site: XXX.]  [Server: XXXX]
February 11, 2019 11:20:15 AM PST:  Replication data from remote site XXX. - DR is received by local site XXX  [Site: XXX.]  [Server: XXXX]

Please let me know how i can resolve it. I have checked the ODBC connections and its working fine.

Thanks,

Sundeep

0

Upgrade Clients: Remote push to machine(s) w/ tamper protection enabled?

February 12, 2019, 2:01 pm
$
0
0
I need a solution

Hey all,

I have just run into a situation that has really perplexed me. We're in the process of moving clients from one server to another, and at certain times also performing upgrades of the clients. When performing a remote push for the communications file, this prompts us for a password to disable the service so that the change can take effect.

Unfortunately when attempting to remote push an actual upgrade package, there is no such setting present. Our installations continually fail and I strongly believe that the tamper protection setting is the problem. Sure, I could temporarily disable this setting if I want to however I would prefer to not have to do it this way. Nor do I want to have to move computers to different groups with different policies just to handle this.

Is there a way to remote push a software upgrade to specific computers (that have tamper protection enabled), and more specifically a way to enter that password so that the client can do what it has to do?

Thanks!

0

Firewall is not functioning correctly. your protection definitions may be damaged or your product installation may be corrupt.

February 12, 2019, 9:03 pm
Search

GUP configuration with replication partners

February 7, 2019, 9:11 am
$
0
0
I need a solution

Can i configure the liveupdate policy to assign all clients to update from a GUP generated from another replication partner?

0

Firewall is not functioning correctly. your protection definitions may be damaged or your product installation may be corrupt.

February 12, 2019, 9:03 pm

Some clients showing offiline in SEPM console

February 13, 2019, 1:19 am
$
0
0
I need a solution

Hi,

Few systems in our organization are showing offline in SEPM console but when I checked it by taking RDP there it's online and up to date with latest content updates.

SEPM version is 14.2 MP1

Please tell me the fix for this.

Thanks

0

PowerShell Script to Remotely Install SEP14 from text file

February 13, 2019, 2:51 am
$
0
0
I need a solution

Hello,

I need help. I would like to install SEP14 on a number of clients remotely. I have used the built in client install but not so happy with the success rate. I have checked all pre-requisites and all is fine (remote registry, firewall, etc). I use a domain admin account. A thorough search has given me a generic sample below but i have limited scripting knowlegde. Any guide?

Get-Service remoteregistry -ComputerName $computer | start-service Copy-item "\\$server\share\Office 2010" -conatiner -recurse \\$computer\c$\windows\temp\ $InstallString = '"C:\windows\temp\Office 2010\setup.exe" /adminfile Updates/OfficeSetup.MSP /config ProPlus.WW/config.xml"' ([WMICLASS]"\\$computer\ROOT\CIMV2:Win32_Process").Create($InstallString)

0

Send a popup message to all sep client users

February 12, 2019, 7:21 pm
$
0
0
I need a solution

Hii,

    We required to send a awareness message to all SEP Clients usind=g the host integirity.

    Kindly give steps to configure send a popup message to all sep clients

Thanks & Regards,

Arunkumar

Mob : 7904140810

0

Endpoint v14.2. 1023.0100 for mac Firewall block VPN Connect

February 12, 2019, 11:13 pm
$
0
0
I need a solution

hi, 

I facing problem version Endpoint v14.2.1023.0100 for mac after upgrade is block Fortigate VPN Connection and Bluehost Email config using Microsoft Outlook 2019.

How I can solve it?

thanks.

0

SEPM Log (ersecreg.log & exsecars.log) does not have year

February 13, 2019, 2:15 am
$
0
0
I need a solution

Hello Guys,

We are implementing a log management system that will forward the log from multiple source (E.g. SEPM, Active Directory, DLP, Proxy) and we found that SEPM Log (ersecreg.log & exsecars.log) only keep the month and the day (E.g. 01/05) but not the year. 

This make log correlation challenging for certain log management device. The vendor advice that they have to hardcode the year for the log to correlate. 

01/05 12:22:36 [6772:12916] 10.152.3.75<AgentInfo DomainID="0AA1222B3C4567890123DEF4567G890G" AgentType="105" UserDomain="COUNTRY.DOMAIN.NAME.COM" LoginUser="username" ComputerDomain="COUNTRY.DOMAIN.NAME.COM" ComputerName="12345" PreferredGroup="My%20Company%5cWORKSTATION" PreferredMode="1" KnownClientID="9DB118760A981A4000025B1005D0CFC8" HardwareKey="01234567890ABCDEFGHIGKLMN1234567" IsNPVDIClient="0" SiteDomainName=""/> AgentID=01234567890ABCDEFGHIJKLMN1234567 AgentType=105 ComputerID=01234567890ABCDEFGHIJKLMN1234567 Hash Key=2FB5E1923FE9EBC964D3492BDE854E99

Does anyone know what is the main rational of not including the year in the SEPM log format?

Appreciate anyone that have a good perspective on this~

0
Search

14.0 Clients started turning off SEP so Upgraded to 14.2 same issue

February 13, 2019, 8:39 am
$
0
0
I need a solution

This issue started happening a few weeks ago. Ran the symantec Diagnostic tool said wasn't at the latest. Upgraded server and clients to 14.2. Now some clients antivirus turned off randomly. Same issue but not as frequent. On my local workstation it is random. Happened this morning just turned off when opened a webpage. Checked the Event viewer no log of crash or shutdown. Restarted the symanted endpont service and ran the diagnostic tool.

Diagnostic too results:

IPS service Network Filter driver not configured. Servrice start mode demand start should be system start.

Caf not properly configured. "service not installed"  But it is..... I see it under services and starts.

Not sure where to start with this. Had symantec endpoint for years and have never experienced this. Happens on win7 clients also.

I never see a service crash in windows logs. Any Ideas?  Thanks ahead of time.

George

0

SEP 14 & VMWare Workstation 15 Player

February 13, 2019, 11:05 am
$
0
0
I need a solution

I am using SEP 14.2 build 1031 on Windows 10 Pro 1809 build 17763.292 and VM Workstation 15 Player.

I have found that if I install the Network Intrusion Prevention / Firewall components of SEP that it inherently blocks incoming network access to any virtual machines.  I could see this if I used NAT configuration for the VM but I am using Bridged, which means that as far as the network and host machine are concerned this should behave like it's own entity.

I have Googled the problem and the closest solution I have found is essentially put an allow all rule in the Symantec firewall, which seems to defeat the purpose entirely.  How do I configure SEP allow traffic into and out of a VM without haivng to effectively turn off the firewall on host machine?

0

Firewall Policy to allow communication between domain and Media Server

February 13, 2019, 11:33 am
$
0
0
I need a solution

We have Media Computers to display streaming content on Display Screens. We allow remote access to the media computers only through the Media Management Server. We should not allow any other PC or Servers to access the Media server.

We have SEPM to manage the Servers and SEPM to manage the workstation.

We hve recently installed Symantec EP client on Media PC. 

1. we need to access the Media PC only from Management Server ( say IP: 10.10.10.1) and Media PC ( 10. 20.10.1)

what Firewall policy should we create to allow the communication between the Media Server and Media PC?

2. Should we create Firewall policy from Server -side SEPM or Client-side SEPM?

Please guide

0

Docker still not 100% working with SEP14.0 installed even adding the exceptions policy

February 13, 2019, 10:30 pm
$
0
0
I need a solution

Dear Community,

We are running a Dynamics 365 Business Central docker environment on a windows2016 VM.

Our company recently upgraded our safety software to SEP14.0 (14.0.3897.1101) on that VM.

Then the docker container of that VM stops working(we are no longer to run the container or creating new container).

So our support team followed the Symantec's official instruction created the windows file exceptions to the

exceptions policy.

https://support.symantec.com/en_US/article.TECH246...

Now, the docker environment is partially working, we can create new container images, but it still throwing error and

warning messages.

For example: 

  1. DNS resolution not working from within the container
  2. Unable to initialization of the container due to the “Cannot Start Service MicrosoftDynamicsNavServer"

Just ask if any ideas about resolve this kind of issue. As our company policy requires the docker environment works with SEP.

Thank you.

Regards

Harry

  1.  
0

license issue with coexistance of 2 sepm

February 14, 2019, 3:14 am
$
0
0
I need a solution

Hello all

I need to migrate my 12.1.2 sepm to a new installation of sepm 14.2

As far i know i have to recreate the license file

The question is , can i leave the 12.1.2 manager protecting a few 2003 clients , with its current license? (is it legal ?)

The old sepm will still be able to download updates for these clients?

The total number of clients will be the same

Thanks in advance.

0
1550148464
Viewing all 10484 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>