Hi all,
Just planning out a upgrade from 12.x to the latest 14.x version.
The site is very small and I am looking at reclaming a MS SQL license.
Is it possible to update the old version to 14.x then replicate across to the new 14.x version on the internal DB.
The 12.x upgraded version will be using MS-SQL.
Thanks
Hi,
We are getting LU error "Failed to connet to the Liveupdate error". In LU policy, we have selected only SEPM server and Symantec Iiveupdate server. SEP Client and SEPM server both are in same office but in different subnets but SEP Client is not downloading the latest virus definitions
SEP Version : 14.2 RU1 both Client and SEPM
Any suggestion please.
Regards
Sharma
Hi,
Just wondering if there is a template/ruleset for Application Control for Office hardening?
Bonjour ,
Sur le parc disposant d'une version Windows 10 - Version 1803 - Système d'exploitation 17134.619 , il m'est impossible de déployer le client SEP (14.2.760) depuis le serveur.
Y a t'il un lien entre cette version de Windows et le déploiement du client .
I have isolated network, does SEP support client/server communication via proxy? does the Policies - External Communication Settings, Is the correct setting to change with?
Please note, this is NOT about the proxy to connect to LiveUpdate. Thanks!
When attempting to install clients, I select "browse networks" and expand my domain and it only populates with one specific OU. Any suggsetions? I can see the clients from the "client" section.
We have run a massive rollout in our environment (14.2.1021.0100) pushed the agent via third party, devices get updated after reboot but are shown offline in SEPM.
SEP client is checked and the status is OK
If SEP services are restarted on the PC, is reported as online again in SEPM. Why???
As it says in the title, I have an installer that is being flagged by Symantec Ws.Reputation.1. I'm trying to submit it as a False Positive, but the file is 180 MB in size and I can't use the false positive page at https://submit.symantec.com/false_positive/standard/.
Thanks in advance for any help you can give.
Hello,
I need a simple SQL query that can be run on SEPM DB to see the hostname, IP address and the group name of the client. I have the following query but it is more than what I need:
SELECT DISTINCT
"SEM_CLIENT"."COMPUTER_NAME""Computer Name"
, "SEM_AGENT"."AGENT_VERSION""SEP Version"
, "SEM_COMPUTER"."OPERATION_SYSTEM""Operation System"
, "PATTERN"."VERSION""AV Revision"
, dateadd(s,convert(bigint,"SEM_AGENT"."CREATION_TIME")/1000,'01-01-1970 00:00:00') CREATION_DTTM
, dateadd(s,convert(bigint,"SEM_AGENT"."LAST_UPDATE_TIME")/1000,'01-01-1970 00:00:00') "Last Update Time"
, dateadd(s, convert(bigint,LAST_SCAN_TIME)/1000, '01-01-1970 00:00:00')"Last Scan Time"
, "SEM_CLIENT"."USER_NAME""User Name"
, "IP_ADDR1_TEXT""IP Address"
, "IDENTITY_MAP"."NAME""Group Name"
, "SEM_AGENT"."DELETED""Marked for deletion"
FROM (((("SEM_AGENT""SEM_AGENT" INNER JOIN "SEM_CLIENT""SEM_CLIENT"
ON (("SEM_AGENT"."COMPUTER_ID"="SEM_CLIENT"."COMPUTER_ID")
AND ("SEM_AGENT"."DOMAIN_ID"="SEM_CLIENT"."DOMAIN_ID"))
AND ("SEM_AGENT"."GROUP_ID"="SEM_CLIENT"."GROUP_ID")) INNER JOIN "SEM_COMPUTER""SEM_COMPUTER"
ON (("SEM_AGENT"."COMPUTER_ID"="SEM_COMPUTER"."COMPUTER_ID")
AND ("SEM_AGENT"."DOMAIN_ID"="SEM_COMPUTER"."DOMAIN_ID"))
AND ("SEM_AGENT"."DELETED"="SEM_COMPUTER"."DELETED")) INNER JOIN "PATTERN""PATTERN"
ON "SEM_AGENT"."PATTERN_IDX"="PATTERN"."PATTERN_IDX") INNER JOIN "IDENTITY_MAP""IDENTITY_MAP"
ON "SEM_CLIENT"."GROUP_ID"="IDENTITY_MAP"."ID") INNER JOIN "V_SEM_COMPUTER""V_SEM_COMPUTER"
ON "SEM_COMPUTER"."COMPUTER_ID"="V_SEM_COMPUTER"."COMPUTER_ID"
AND "SEM_AGENT"."DELETED"=0
ORDER BY "Computer Name"Users are not able to login to eunlbarche511 when they use VPN working remotely when they are using office network they are able to access this server.
There is the same firewall rule in place for both office and vpn network.
So this issue not seems to be SEPM issue. how to solve this issue.
Its looking in the sepm console for a some computer with the status "Client Version Unavailable" and I like to take a report for all this computer, Its is possible?
The issue is because some computer stay connect to the network and the sep client its not installing via push mode.
Regards
Miguel Angel
Hello,
we have a Windows fileserver with SEP 14RU1MP2 installed on it. The fileserver has 6 partitions with different sizes. On 5 partitions SEP works great. But on the biggest partition it does not detect EICAR files which is really strange. The partition is 11 TB large.
I already repaired SEP together with the Symantec support and after that SEP works again good for a few days. The exeptions are also ok. But now we have that issue again.
Does anyone have an idea how to solve that issue?
Thank you!
Hi,
Folder errmgmt\queue\incoming is 388GB. Can I delete the files in the folder?
Thanks to help!
Hello,
I'm trying to figure out the significance of multiple GUP vs single GUP settings.
Every group I've looked at in my environment has the "single GUP" option selected with no max for tries to connect to GUP also selected. But when I look at syslogs for certain clients I see them attempting to connect to both single and multiple GUPs and sometimes successfully downloading updates from GUPs that are not specified for the group they're in.
This runs counter to my understanding of how those settings should work, so I would appreciate any information or a pointer to some documentation.
Thanks in advance
Hi,
I have a query, we have SEP client running in application servers. So whenever Symantec starts performing scan the application in the server is going down, so we added that particular application file/folder in exclusion list from scanning. After adding the folder in exclusion, Symantec scan and application performance was fine. But after rebooting the server we are facing the same application slowness issue even after adding the application files/folder in exclusion list.
Please suggest me to fix this issue. And also I am not able to check the scan logs for exclusion folders to check whether the folder has been excluded or not.
Thank in advance.
After upgrading from 14 RU1 MP2 to 14.2 MP1 I kept getting unexpected error in the notification pannel in Admin tab and from couple of days the replication is failing with partner site with below error:
March 8, 2019 2:24:05 PM GMT: Replication from remote site WXWD1PSEM0002 to local site London_WXLN2PSEM0001 finished unsuccessfully [Site: London_WXLN2PSEM0001] [Server: WXLN2PSEM0001]
March 8, 2019 2:24:05 PM GMT: Unable to reach remote Site [WXWD1PSEM0002]: Failed to connect to the server.
Make sure that the server is running and your session has not timed out.
If you can reach the server but cannot log on, make sure that you provided the correct parameters.
If you are experiencing network issues, contact your system administrator. ErrorCode: 0x80020000 [Site: London_WXLN2PSEM0001] [Server: WXLN2PSEM0001]
I have check the Network connection between local site and remote site, connection seems to be fine, the servers are able to ping each other and they are able to telnet each other on port 443.
both sites have dedicated SQL 2012 database.
Please advice.
Hello,
Could you please guide me to locate ARP Cache Poison, Port scan, ICMP Ping Flood and TCP SYN Flood built-in IPS signatures in IPS policy of SEPM.
SEPM Version : 14.2.1031.0100
I'm unable to find these signatures as suggested in this article.
https://support.symantec.com/en_US/article.TECH246...
Thanks!
I have received this message several times. Even though I know that this topic has been discussed before, in my case the log indicates that the Symantec is blocking access to an online printer from my organization:
3/8/2019 5:46:26 AM Blocked 3 Incoming TCP msisxerox.mgnt.stevens-tech.edu [155.246.119.27] 00-11-22-33-44-55 39334 155.246.152.178 00-05-9A-3C-7A-00 5357 C:\WINDOWS\system32\NTOSKRNL.EXE gcrea gcrea Default 6 3/8/2019 5:43:51 AM 3/8/2019 5:45:24 AM Block Web Service requests part A
What can I do about this?
How can I get SEP14 clients that were managed by an old server, be managed by a new server, preferably without reinstalling the client software?
Guys,
I need some knowledge about this.
Could I configure 1 sep client communicate to 2 SEPM server?
Any one can enlightment me?