Hello all,
i've created an limited Administrator and set all rights i could find to read-only. Anyways, i found that if i go to administrators, the Admin can change its Authentification-Method from Directory-Authentification to SEPM-Authentification.
Is there any way that i can prevent this?
thanks for helping out,
Florian
hi,
my adcb bank website online cheque scanning and deposit facility is not working after SEP installation. I tried to allow java and then crated a firewall policy allowing all aplication. still issue there.then i uninstalled the SEP and now the website functions normal.
Hello,
Im getting emails from sepm server about founded risks, in some cases file /entry field is empty, so i cannot found virus location, can you help me with this?
Thanks in advance
Hi All,
In client machine, symantec is blocking one application,we submitted that application to symantec to analze the execution file whether it is threat or not. Since it is legitimate file, Symantec whitelisted the application and confirmed us. But in the client machine it is not getting reflected, this issue is lasting since last week. We tried updating the latest definition and rebooting the machine too. Dono why still the issue persist.-- Still in blocked state.
Kindly suggest on this.
Regards,
Harish.
dear all I am facing a problem in the management of my compagny SEP manager server most of my clients are showing out-of-date or offine and security Status is also Attention Needed, so I need your Help if someone has a srcipt to showing up the clients on the right server.
Hello,
I have been working on a powershell script to export the Symantec rules that our System Admins have created on our servers. I am able to use the smc.exe with "-exportadvrule" on most of the servers remotely except for ones that I have not logged into. I have verified that it works across Server 2008, 2008r2, 2012, and 2016 and across Symantec versions of 12 through 14. I can get it to work on all servers that I have previously logged onto. It will fail if I have not logged on. As soon as I do manually log on I can then run the script remotely and pull the rules. Anyone have any ideas on why this is happening? I would really prefer to not have to logon to 300 some servers manually.
Customer wants to implement some new security policies, one of which is disabling anyone from using Live Update. I'd like to keep that functionality but perhaps limit it to domain admins and help desk personnel. Many times a client will not update because of communcation issue to the GUP or SEPM and a help desk person remoting into the workstation and running LU will fix things.
Is there any way to create a policy that will allow certain users to run LU? I'm not seeing any way to do that, as policies are bound to clients and not users as far as I know.
We recently upgraded to SEP 14.2.1031 (MP1) and cleanwipe.exe is missing from the tools folder on the server. The .dll and .db are there but the .exe is not. I've search and can not find anywhere to download it. Any help would be appreciated.
Hi,
I know you will said too common of a topic but bare me and read carefully through my steps as i follow almost all guidelines.
New domain, with Win 2012 R2 SEPM 14.2.1031.0100, and clients Windows 10 Ent 14.2.1031.0100. (140 clients ~)
Windows 10 clients are deployed from PXE and from win 2016 deployment server with the antivirus installed.
On the SEPM the entries:
scm.duplicatedhwkey.fix.enabled=true
scm.duplicatedhwkey.fix.client.csnreset.count=3
scm.duplicatedhwkey.fix.client.csnreset.time.range=43200000 (=12hours)
are present and working. Have triple-checked the database for dublicate hardware IDs or ComputerIDs, none is present. All clients Windows 10 are getting definitions and changes in policies immidiately after applied to the server. All clients have green dot and they show online with the correct Group on them.
On the SEPM we use OU sync that shows the correct domain and correct OUs. On the OUs "Domain Controllers" or "Servers" the clients show as online on SEPM, on the "Workstations" OU where the Windows 10 are they show offline. Maybe one or two are online but 99% shows offline. On edit properties of the client you get the info:
Tried to repair database, rebuild index, disable firewall, restart, use symlink to reattach the .xml on the client. Nothing has any effect.
Gratefull for any help here.
Thank you.
Kind Regards,
Vassilis
Hi, We are facing issues with multiple systems wherein we are not getting scan logs on SEPM Server however its showing on client machine locally. ?
Does anybody has any idea what is the issue. ?
Users of Symantec Endpoint Protection version 14client (SEP-client) can't create User-defined exceptions locally from the user-interface
I try many solutions from other user and expert of Symantec but none of them works for me
I checked all box for exception for user in policies and full permission for client in client user interface control setting
and I can’t find anything about this problem in version 14 in forum I think the technicians and expert of Symantec forget they have release VERSION 14
Installation SEP 14.2. MP1 deaktiviert den Windows Defender Firewall nicht ?
Windows server 2019 werden in der SEP Managment Console als Windows Server 2016 angezeigt
Hello,
I write you because I need advise on my case
I have an Exchange Server 2013 installed on Windows Server 2008 R2 with SEP 12.1.7369.6900
I opened 443 port on my Fortinet router to this Exchange Server
Since few week I have Symantec popup that told me there are blocked attacks
When I check log I see two attacks in same times several times a day each times from different IP (Check Screen in attachment)
First one is GPON attack and second is Remonte Injection
Could you tell me what can I do to stop this ?
Thank for you help
Regard,
Hi,
We have a client we are manaing SEP 12.1 enviorment to protect the computer. This client have around 70000+ computers and have 2500+ remote locations and around 600 of these locations have 50 computers or less and low network bandwidth connectivity. Now, they are planning to upgrade the AV. Currently they have finanlized the SEP14 and MS SCEP. Current SEP enviorment have around 600 GUP servers and 2 SEPM servers and cost of running 400 GUP on servers is much high when they are comparing this MS SCEP. MS SCEP is going to use exsiting SCCM to deploy the AV and content distribution will be done by SCCM.
Symantec recommends to put a GUP server for each remote office having slow WAN Connection?
Is there any solution, we can reduced the number of GUPs and can compete with MS SCEP for this?
Second, now a days SCCM uses DC and nomad software technolgoy to reduce number of distribution center. Earlier SCCM also have around 600 DC's servers and now they have reduced the count to 40 by using Nomad software and earlier we are using SCCM DC's server to server as a GUP also.
Looking for alternate solution on this.
Per my knowledge, GUP is just a http server and it does download the content from SEPM and share it with Client and doesn't require any additional license. But cost running the GUP on a server is high as it require hardware, power supply, space, continous monitoring which makes Symantec more costly to implement now a days.
Regards
Sharma
Just raising awareness: this is an essential tool for staying informed on what threats are in circulation.
2019 Internet Security Threat Report: Take a deep dive into the latest cyber security trends.
Hi Guys,
Recently, there was a couple of IPS signatures triggered as shown below:
Memory Exploit Attack: Memory Heap Spray detected for legit MS file : C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Attack: Structured Exception Handler Overwrite for file ccSvcHst.exe under path C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.3929.1200.105\Bin\ccSvcHst.exe.
We also have symantec ATP Endpoint solution through which we receive incidents for these signatures. Upon checking, both files are legit and did not experience any applicaiton crash or anything.
We are wondering how to handle memory exploit attacks in terms of handling, mitigation and action. Can any expert guide me with links and process for handling this. Was there any FP alerts reported for legit files before?
Thanks,
Background
I am a novice with SEPM. However upto now I successfully installed and updated the system with no issues.
The group of clients and SEPM are on a totally offline domain of ~30 computers.
SEPM manager is a seperate PC from domain controller & server.
SEPM computer is running Windows 7 x64 SP1 ' out of the box '
SEPM was 12.1.5, just updated to 12.1.6 MU10.
Clients are either XP or Windows 7 SEP running client 12.1.5 ( 12.1.5337.5000 ) basic antivirus only installed by remote push.
Problem
New client with Windows 10 ver 1803 x64 installed. This client, like all others, has been given a unique name.
Could not install SEP by remote push then read that SEPM upgrade to 12.1.6 MU10 required. Temporarily client made standalone with virus definitions installed locally.
SEPM now upgraded to 12.1.6 MU10. Existing clients seen in manager groups after upgrade and virus definitions distributed as with SEPM 12.1.5
Uninstalled SEP from new Windows 10 client and tried to install SEP 12.1.7445.7000 by remote push. At ' Computer Selection Screen ' client seen. Login credentials entered but ' Testing Connection ' failed ' The client cound not be installed on the remote computer '. Firewall on client is turned off.
Package created and installed on client. Client can see SEPM, has green dot and virus definitions update. However client not seen in SEPM group. Communication package ( Sylink file ) created in SEPM and installed on client but issue remains.
SEPM knows client exists as licence taken. Also if in SEPM from the group ' Add computer account ' selected and the popup box filled in SEPM states ' There is already a computer with same name and domain in the group ' .
Any advice to resolve this will be appreciated.
We have found the following:
When installing SEPFL on servers with bonded NIC configuations, their respective Network information (IP address, MAC address) is left blank.
When viewed under Clients > (Group) , the IP Address column is filled in with 0.0.0.0.
The IP address column remains the same on any of the 'Views'.
When exporting data from Monitors>Logs using 'Computer Status' the [IP address1] column is filled in with 0.0.0.0. The other Network information related columns is blank, MAC address included.
My SEPM server is running on a Windows Server 2012 R2 box. I'm trying to do a push install to some new Windows 10 laptops that I have. I go through the wizard, it finds the laptop on the network, I put in the credentials and it shows the push completed and was successful. However, when I go to that machine symantec is not installed on that machine at all, doesn't show up in add/remove programs, doesn't show up in C:\Program Files (x86)\Symantec, etc. Domain firewall is disabled, etc. I've tried building a package with comm settings in SEPM and manually installing it on the client. When I do that the client installs, but under Troubleshooting > Server connection status it says:
Status: Not connected
Error: Http error 500
It does show that it attempted to connect to the SEPM server so it clearly knows who the SEPM server is, but shows it was never successful. Any ideas at all? SEPM server is running 14.1 and trying to push out install pack 14.1. Again, this only happens on Windows 10 machines. All other Win 7 and 8 boxes work just fine.
Thanks in advance
Any issue with having our SEP database on an SQL server that has other databases?