Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all 10484 articles
Browse latest View live

Security Center DC040780 Error

February 26, 2019, 10:45 am
$
0
0
I need a solution

I'm running the latest Windows 10 Pro 1809 with SEP 12.1.6 and noticed that Event ID 17 (Security Center failed to validate caller with error DC040780) appears every 5 minutes in my Windows Application event log.  A quick Internet search seems to indicate it's antivirus related where my Security Center service is running.  Is this error a known issue with SEP 12.1.6 and Win10 Pro 1809?  Doesn't seem to be affecting my workstation's functionality but was wondering if there was a fix to stop this repeating event log entry; aside from upgrading SEP.  Thanks in advance!

0
Search

found virus in symantec directory

February 26, 2019, 6:24 pm
$
0
0
I need a solution

SEP version 14.0.2 found a Trojan.Gen.2 file called "DWHE81F.EXE" in directory c:\programdata\symantec\defwatch.dwh

should I be worried?

0

The Firewall rules are not in work

February 27, 2019, 6:23 am
$
0
0
I need a solution

Hi

I have upgraded the endpoint protection from version 12.1.4013.4013 to version 14.2.1031.0100 and I am using windows server 2008R2 , just after frist restart of the server machine I saw the network based software cant access the timestamp machine and after some investigation around I got know that none of the firewall rules is in work (the list is accessible from view log menu -> network and host mitigation logs -> view logs button)  there was only Block all rule listed for every inbound or outbound access try.

But after making any chang (even anabling or disabling) on any of the rules (accessible from status->Network and Host Exploit Mitigation->Options->Configure Firewall Rules) and applying it by clicking on ok button all of the rules comes into life and every things goes ok.

This botters me too much and I have to do it after each restart of the server machine.

Regurd to any suggestion 

0

Error Updating Password in Management Server Configuration Wizard

February 27, 2019, 7:02 am
$
0
0
I need a solution

In the config wizard updating passwords. At "Step Two: Existing Database Parameters" when I update the Windows user password I get the "Error 11501" error. This user is a service account used just for SEP. AD account is not locked.

If I change this to use MY account it works fine. Finishes up the wizard fine. 

The 11501 error indicates a connectivity issue and talks about enabling TCP on the SQL server, etc but, like I said, if I use my own credentials it works fine. So connectivity is not an issue I don't think.

Nothing has changed regarding permissions on the SQL server or the database. The service account has db_owner permission on the SEP database. I don't even have that but my account works. So....

Could this be an issue with any special characters in the new password? I didn't think that came into play with using Windows authentication rather than SQL.

0
1551280253

Need a way to check the status of "SepMasterService" whether it is running or stopped on all clients

February 27, 2019, 7:32 am
$
0
0
I need a solution

Was wondering if there is a way inside SEPM to maybe check whether "SepMasterService"  is running or stopped on all clients. Or does anyone know of a powershell script that can check for the status of this service on all clients?

0
1551284381

Unsolicited ARP reply detected (False-Positive)

February 27, 2019, 8:13 am
$
0
0
I need a solution

One of my clients is getting a notification roughly every 2 minutes from Symantec Endpoint Protection stating "Unsolicited incoming ARP reply detected, this is a kind of MAC spoofing that may consequently do harm to your computer." When I view the log file it is detecting this attack from both of my domain controllers. On my Symantec endpoint manager firewall policy I've got "Enable Anti-MAC Spoofing" turned off. My client has build 14.0.3897. This issue has just started occuring in the past 3 days.

0

Custom Scan - is it more customizable?

February 21, 2019, 8:51 am
$
0
0
I need a solution

I only see the following folders in the Custom Scan section:

Common_Appdata

Common_DesktopDirectory

Common_Documents

Common_Programs

Common_Startup

Program_Files

Program_Files_Common

System

System_Drive

User_Profile

Windows

Is it possible to be more selective with these custom scan?  What if just want to exclude one of these folders?  Or just scan a single drive letter?

Thanks,

Brett

0

Unsolicited ARP reply detected (False-Positive)

February 27, 2019, 8:13 am
$
0
0
I need a solution

One of my clients is getting a notification roughly every 2 minutes from Symantec Endpoint Protection stating "Unsolicited incoming ARP reply detected, this is a kind of MAC spoofing that may consequently do harm to your computer." When I view the log file it is detecting this attack from both of my domain controllers. On my Symantec endpoint manager firewall policy I've got "Enable Anti-MAC Spoofing" turned off. My client has build 14.0.3897. This issue has just started occuring in the past 3 days.

0
Search

Exporting Policies

February 27, 2019, 11:43 am
$
0
0
I need a solution

We've had multiple request for Exclusion policy reviews. However we've not found an "Easy" way to do this. So far I've found the documentation Symantec has release. To export each policy, then convert the .dat to a .zip file and export the main.xml file. Thats all well and good somewhat, but the people who are looking at this information don't understand the schema. With multiple policies it is a nightmare trying to do this and explain it to each individual that asks. Has anyone had any luck getting these into Excel in a "Readable" format?

Ideally we'd like to do this quarterly to audit our exclusions and see what needs to be added and/or removed.

0

SEP firewall policy did not block traffic as configured

February 27, 2019, 1:23 pm
$
0
0
I need a solution

SEP version 14.0 RU1 MP1

I have configured the SEP firewall rule for one specific client to block port 8570 and 8850 from "Any" host and "Any Application". I have tested the rule and can see almost all source IP coming to the client over 8570,8850 TCP got blocked in the traffic log. However, there is one IP that never got blocked (our in-house vulnerability scanner) and also does not show entry in the Traffic Log like others that I have tested. So I can't even see which rule actually allowed the traffic to come in.  I've test on source with Windows and also CentOS both from inside the same subnet and different subnet, everyone of them got blocked but this one.  My Block rule is also at the top most so it should be the first to process. I've ran out of ideas.

0

Preventing User to turn off Features

February 27, 2019, 11:48 pm
$
0
0
I need a solution

Hello together, 

so, i have a SEPM14 running in a Win10 environment and my Admins are able to turn off Features (e.g. Firewall) in the Client Interface. And this is bad and i don't want this. :-)

So i went forward and set the Policy "Client User Interface Control Settings" (What a name) to "Server Control":

Sadly my admins are still able to Change those settings.. And yes, the Police is inherited by the instances below.

It's like the Policy gets overwritten from another policy? Is there another Policy for this somewhere?

Maybe someone has an Idea about this.

Greets,

Florian

0

In SEPM, Whether the removed machine entries can be retrieved..?

February 28, 2019, 4:21 am
$
0
0
I need a solution

Hi All,

Is there any way to find the deleted machines entries history from the SEPM console.

Scenario: All the deleted machines were in offline state also in some of the machines SEP corrupted and Communication is not happening. Now the entire machines are removed. Is ther any other way to get the removed entries to be retrived again. I want the data for the not communicating machines also.

I tried to fetch the audit log, but it shows only the server used to delete those machine.

Kindly suggest on this.

Regards,

Harish

0

Report - 'Client not reporting status'.

February 28, 2019, 8:32 am
$
0
0
I do not need a solution (just sharing information)

Hi,

I was on call with support for 80 mins looking for an options on how to get a mail notification set for the clients with 'client not reporting status' it seems there is no options availabe.

I believe this is very important for admins to know the status so that they can take remiditaion steps at the earliest, as these clients remain in system for long period unless there is manual  report pulled, client not reporting status is pretty crucial for many reason, i know that one can tell that client is decommissioned or not in use, even in that case there should be a report to validate cliam

Any help in this regard will be helpful

Thanks and Regards,

Pushpendra.

0

Computer automatically turns off

February 28, 2019, 11:18 am
$
0
0
I need a solution

I installed Endpoint 14.0.1 64BIT towards Windows 10 64bits. Dell Optiplex 7050. When the system shows restart window, proceed, then, when the system goes up it stops on the start screen, a few minutes pass and the computer automatically turns off. What can happen? Thank you!

0

AD-User-Sync in SEPM14

March 1, 2019, 2:01 am
$
0
0
I need a solution

Hello all,

i wonder if it is possible to Sync Users from an AD-Group to Symantec?

For Example, in the AD i have a Group "SymantecAdmins", so everytime a new person is added to the Group, he automatically is able to login into the SEPM (After Sync obviously).

Right now i only find the possibility to manually add a User to SEPM and set up a AD-Auth.

My Goal is it, that nobody needs to set-up Users on the Symantec.

I've spend quite a lot of time searching, so i have low hopes, but if somebody knows a bit than this is great.

Thanks,

Florian

0
Search

Symantec Protection Cannot open because some Symantec services are stopped.

March 1, 2019, 6:25 am
$
0
0
I need a solution

This seems very much like the issue from last January...  This happens on (possibly more than just) Windows 10 clients but, it is happening on dozens of them - both clean Windows 10/SEP installs and when pushing the updated client via SEPM.

"Symantec Protection Cannot open because some Symantec services are stopped.  Restart the Symantec services, and then open Symantec Endpoing Protection."

We are running SEP(M) 14.2.1031.0100.  This happened ocassionally on 14.2.770.0000 but is happening far more with the newer version of the client.  It started happening a couple days ago on my own laptop (only have the client installed, no remote SEPM management tools or the console), but all the Symantec services are started when I check them. 

SymDiag has been run and while there are some warnings, like Symantec firewall and the Outlook scanner are not enabled, that is by our design.  It is also complaining about TCP ports 139 and 445 being open with a restricted scope.  We have restricted the scope to the server running SEPM, so that should not be a problem either.

A restart does not fix the issue.  A repair usually does not either - we typically have to reinstall but this is getting really old.  There are only two Symantec services not running on my computer when I get this error (screen capture attached).

I will open a case as the next step but cases spend so much of my time and frequently go nowhere and provide no answers, so I'm hoping someone here has experienced this and has figured it out.

0

HTTP error 500

March 1, 2019, 8:58 am
$
0
0
I need a solution

Have an odd issue going on.  We are rolling out all new Windows 10 laptops at our company.  I've tried remotely pushing the installation package from SEPM and it goes through and says it successful, but it never installs on the client machine.  If I go through the wizard and create an install package and attempt to manually install it on the Windows 10 box it tells me its not a compatible version (I'm installing version 14.0.2349.0100).  So I went out and grabbed the latest 14.2.1031.0100 package and it then allows me to manually install it just fine.  However, I want these to be managed installs, so I exported my comm settings from SEPM and import them on my SEP client.  Now when I go to server connection status in the client it says Not connected:  HTTP error 500.  Does anyone know why this is happening?  All of our Windows 7 and 8 machines are just fine.  Its only on our Windows 10 machines.  Domain firewalls are off, proper ports are allowed, etc.  SEPM and clients are on the same network and subnet as well so they aren't leaving the building.

0

Hacktool

March 1, 2019, 10:25 am
$
0
0
I need a solution

hello

I've received a high potential threat alert security from Symantec but I don't understand the procedure to get rid of it. Can someone help me ?

Hereunder you can find the log

Détails de l’incident
Service_KMS.exe (Hacktool) detected by Virus scanner
Nom de la menace
Hacktool
Type de menace
Virus
Nom du fichier
C:\Program Files\KMSpico\Service_KMS.exe
Action requise
La résolution de ce risque de sécurité nécessite un redémarrage
0

SEP clients flooded with Virus Alerts - from SRTSP\Quarantine folder

March 3, 2019, 12:35 am
$
0
0
I need a solution

I have PC's giving me continious alerts , which is views from Monitors tab. The Quarantine Policy setting for all the groups have been set to "DO Nothing". Still we have detections showing *.htm

Source: Auto-protect

Risk Name: JS.Redirector!gen5

please guide, what has to be done

0

Symantec ATP integration with SEP

March 3, 2019, 7:51 pm
$
0
0
I need a solution

Hi,

We have 50 servers in our environment(Single location). we are planning to implement SEP and ATP.

Please suggest for below queries,

1. Minimum how many servers required for ATP implementation and what is the minimum hardware requirement for managing 50 server?

2. Can we deploy both SEPM and ATP manager on same server?

Thanks.

0
Viewing all 10484 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>