I need a solution
Hi all,
I'm working with sep 14 mp1 .2 build 1023 ( 14.2.1023 ) hybrid mode.
The sepm are freeze with I tried to change policy or add a hardware device.
I checked in WEB and Java.
Any ideas?
0
↧
sep manager freeze
↧
windows appdiagnostics folder
I need a solution
Symantec repeatedly detecting the same threat (Trojan Horse Hacktool Backdoor.Equation) in AppDiagnostics folder
Action taken by symantec are Quarantined ,Cleaned by deletion and Deleted.
No Source detected in risk report.
can we delete all files from AppDiagnostics folder.
0
↧
↧
Event detail: Integrity checksum changed for: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\eventlog\Application\Symantec WSS Traffic Redirection'
I need a solution
We recently got this event detail on 2 production servers.. what would cause this? Client Version 14.2.x
Event detail: Integrity checksum changed for: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\eventlog\Application\Symantec WSS Traffic Redirection'
0
↧
How to move SEPM from one server to another
I need a solution
Hello Everyone
I need a bit of guidance please.
I'm in the process of moving our Symantec Endpoint Protection Management installation from one server to another.
I have done a backup and saved the recovery file.
I need to know how to proceed with the installation of the new server etc.
- Do I choose to do a new/First Site Install with the previosuly saved Recovery Configuration file along with choosing same site name as the one on the old system and enter the Admin and DBA password to be the same as the old system and then when the installation is finished do a restore from backup.
But then how do I make sure the Clients only talk to the new server ... Change server priorities?
Or
- Do I do an Additional Site install, with the previosuly saved Recovery Configuration file, along with choosing a different site name than the old one( it wont let me choose the same site name), enter the replication server details (of the old system) along with Admin and DBA passwords the same and when finished do a restore from back up and then change the Priority of the old and new server so that the new server takes over control of the clients?
This last option seems best but I got an error during the installation (database creation and initialization) where it said that it could not finish aggregating data for replication.
Can anyone please advise?
Thanks
J
0
↧
SEP 12.1 Will Reach End of Standard Support Life on 3 April 2019
I do not need a solution (just sharing information)
Just raising awareness:
End of Support Life for Endpoint Protection 12.x
https://www.symantec.com/connect/blogs/end-support-life-endpoint-protect...
Definitions will continue for two additional years, but after the 3rd of April SEP 12.1 will not be receiving any bug fixes, enhancements or improvements. All of those new features and technologies will be included in more recent product releases. So: it's time to think about a calm and well-managed migration to SEP 14, in case the process has not already begun!
0
↧
↧
port scan
I need a solution
Symantec endpoint protection port scan attack is logged the client will block traffic from ip address()
i cant find the loges on SEPM its happed last month and our retention 3 months.
0
↧
Iexplorer.Exe, Outlook.exe,winword.exe, Excel.exe are blocking by symantec
I need a solution
Symantec is blocking the important exe's like, Iexplorer.exe, Outlook.exe, Excel.exe,winword.exe please help me how to resolve the issue.
we tried adding exeption in MEM polocy But its not working .
for referance please find the screenshot and below logs.
3/20/2019 3:33:01 PM 1 Block Production System Lockdown - Target MD5=00000000000000000000000000000000 Load Dll LockDown 00.00.00.00 8368 C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE SCSI\Disk&Ven_TOSHIBA&Prod_MQ01ACF050\4&36910a06&0&000000 C:\Windows\SysWOW64\DriverStore\FileRepository\ki127171.inf_amd64_368f8c7337214025\igdumdim32.dll 0 Bytes Default
3/20/2019 3:33:01 PM 1 Block Production System Lockdown - Target MD5=00000000000000000000000000000000 Load Dll LockDown 00.00.00.00 8368 C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE SCSI\Disk&Ven_TOSHIBA&Prod_MQ01ACF050\4&36910a06&0&000000 C:\Windows\SysWOW64\DriverStore\FileRepository\ki127171.inf_amd64_368f8c7337214025\igd10iumd32.dll 0 Bytes Default
3/20/2019 2:28:33 PM 1 Block Production System Lockdown - Target MD5=00000000000000000000000000000000 Load Dll LockDown 00.00.00.00 8368 C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE SCSI\Disk&Ven_TOSHIBA&Prod_MQ01ACF050\4&36910a06&0&000000 C:\Windows\SysWOW64\DriverStore\FileRepository\ki127171.inf_amd64_368f8c7337214025\igdumdim32.dll 0 Bytes Default
3/20/2019 2:28:33 PM 1 Block Production System Lockdown - Target MD5=00000000000000000000000000000000 Load Dll LockDown 00.00.00.00 8368 C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE SCSI\Disk&Ven_TOSHIBA&Prod_MQ01ACF050\4&36910a06&0&000000 C:\Windows\SysWOW64\DriverStore\FileRepository\ki127171.inf_amd64_368f8c7337214025\igd10iumd32.dll 0 Bytes Default
3/20/2019 2:28:04 PM 1 Block Production System Lockdown - Target MD5=00000000000000000000000000000000 Load Dll LockDown 00.00.00.00 11872 C:\Program Files (x86)\Microsoft Office\Office16\OUTLOOK.EXE SCSI\Disk&Ven_TOSHIBA&Prod_MQ01ACF050\4&36910a06&0&000000 C:\Windows\SysWOW64\DriverStore\FileRepository\ki127171.inf_amd64_368f8c7337214025\igdumdim32.dll 0 Bytes Default
3/20/2019 2:28:04 PM 1 Block Production System Lockdown - Target MD5=00000000000000000000000000000000 Load Dll LockDown 00.00.00.00 11872 C:\Program Files (x86)\Microsoft Office\Office16\OUTLOOK.EXE SCSI\Disk&Ven_TOSHIBA&Prod_MQ01ACF050\4&36910a06&0&000000 C:\Windows\SysWOW64\DriverStore\FileRepository\ki127171.inf_amd64_368f8c7337214025\igd10iumd32.dll 0 Bytes Default
3/20/2019 2:15:11 PM 1 Block Production System Lockdown - Target MD5=00000000000000000000000000000000 Load Dll LockDown 00.00.00.00 5908 C:\Program Files (x86)\TightVNC\tvnserver.exe SCSI\Disk&Ven_TOSHIBA&Prod_MQ01ACF050\4&36910a06&0&000000 C:\Windows\SysWOW64\DriverStore\FileRepository\ki127171.inf_amd64_368f8c7337214025\igdumdim32.dll 0 Bytes SYSTEM Default
0
↧
SEPM - Block all HID devices using GUID unsuccessful for keyboard
I need a solution
Attempting to block all HID (Human Interface Devices; keyboard, mice, etc) via GUID.
In SEPM we blocked using the baked in GUID called "Human Interface Devices". It successfully blocked the mouse.
However the keyboard, a Dell CN-0N6R8G-PRC00-83U-00CZ-A03, still worked.
Went to device manager and verified the GUID Class ID for the keyboard was the same as the baked in HID we blocked in SEPM:
{745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Any ideas why it worked to block the mouse, but not the keyboard?
Any ideas to remedy and block the keyboard too? We want to block all keyboards, not just this specific one. We want to block them all to create a whitelist of approved devices.
Thanks
0
↧
Cannot install SEP 14.2 Java console
I need a solution
There's a problem installing SEP 14.2.1031.0100 Java console.
Error is: Unable to launch the application.When clicking details button we see more information: Error. JAR resources in JNLP file are not signed by same certificate.
I followed solution provided on https://support.symantec.com/en_US/article.TECH185943.html but unfortunately no use.
Also clearing Java cache directory didnt help.
Could anybody give advice regarding this issue?
0
↧
↧
help upgrade to Windows 10 from Win7 Endpoint protection
I need a solution
I have upgraded one Windows 7 to Windows 7 which was running Endpoint 12.3 client. It has a problem and unable to update. Could someone please tell me how do I go about making it work on Windows 10. I will appreciate a detailed and quick response. Thank you in advance.
0
↧
Deploying SAV/ SEP on Linux using Bigfix ? (SEMPFL)
I need a solution
It is possible to deploy SAV/ SEP on Linux using Bigfix? (SEMPFL)
I want to deploy Symantec Endpoint protection in mover 100 Linux systems using Bigfix. is this possible?
thanks,
0
↧
Start button Freezes after SEP 14.2 installation
I need a solution
Hi,
We have deployed the SEP 14.2 on windows 10. After successful upgrade, start button freezes on windows 10 machines.
I have reinstall the SEP client again but same issue. After uninstall its work fine.
But when we start the SEP client again, its freezes again.
Any suggestion appricated.
Regards
Sharma
0
↧
AV Exclusions
I do not need a solution (just sharing information)
Hi,
I have just been reviewing the exclusions policy that we have for some of our servers and in particular the automatically created exclusions for certain products as mentioned in the Admin guide and HOWTO80947.
Reading the article the SEP agent is able to scan for third party products installed and build exclusions based on the scan results.
Is there a definitive list of applications that SEP supports?
Can this scan be manually initiated?
I have noticed that the agents detect some products but not others listed in the HOWTO guide.
Its not an issue to manually define the exclusions, but the automatic method appears to reduce the need for wildcard exclusions or file extension exclusions.
What are other peoples experiences?
Many thanks
0
↧
↧
Can't access web based applications
I need a solution
Hello, after installing SEP on the laptop, I can't access my Spiceworks application on our internal servers. I access Spiceworks using http://servername:port. I am able to reach the login screen of spiceworks. However, when i put my credentials i get a error stating incompatible browser. However, my browser is correct version
When i disable Symantec, it works fine?
Any assistance??
0
↧
AutoUpgrade Clients to SEP 14.2 and Maintain Existing Features
I need a solution
We are looking for a way to AutoUpgrade our SEP clients to version 14.2 MP1 and truly maintain all of the existing client features.
We have been "AutoUpgrading" SEP clients since version 11. We have always used the "Maintain Existing Client Features When Updating" option during the AutoUpgrade. This has never been a problem for us before now.
Recenlty we upgraded our SEP Managers to SEP 14.2 and used the "AutoUpgrade" function with "Maintain Existing Features" and found that all the clients had a new feature installed called Application Hardening. This was totally unexpected. This change was not documented in the Release Notes
It seems that Symantec Endpoint Protection Hardening was introduced between the 14.0 and the 14.2 releases and as a result, you could not upgrade 14.0.x clients with SEP Hardening automatically.
NOTE that Application Hardening requires a separate license to use and then, it can only be enabled and managed via the Cloud management portal. We are not using the Cloud-based features and currently do not have any plans to.
So, in 14.2, when you upgrade all of your clients with AutoUpgrade and use the "Maintain Existing client features when updating" option, your clients will have the Application Hardening feature installed.
We do not want to have a component installed on our clients that we are not going to use and that we won't be purchasing a licnese for.
Does anybody know of a way for us to AutoUpgrade our clients and still Maintain the existing client features during the upgrade?
Was everybody even aware that this happens?
0
↧
How to Find unauthorized Local administrator with SEP HI policy ?
I need a solution
Hi,
i am looking a way to Find unauthorized Local administrator with SEP HI policy ?
0
↧
EDR defination and WTR definations definations not available
I need a solution
Hi,
We are using Symantec Endpoint Protection Manager Version 14.2.1031.0100. In the manager console its found that some ot the client computer missing EDR defination and WTR definations definations not available. Please advise.
0
↧
↧
Client Updation Step
I do not need a solution (just sharing information)
Flow from SEPM to Client PC
0
↧
SEP shows Browser and Network Intrusion Prevention problems
I need a solution
Hi everyone,
A lot of our clients (Windows 7/10; SEP 14.0.3752.1000.105) show recently the problem that the Network Intrusion Prevention and Browser Intrusion Prevention is turned off. Then automatically it turns on again and sometime later it is off again.
The problem is that I cannot really find the issue. I also tried to deactivate the warning in the Client User Interface Settings but it has no effect. Can anybody give me a hint where I should look? Unfortunately, our installation is not in English, so it can be a bit hard to find the correct translation in the menu ;)
Thanks
Stephan
0
↧
Symantec Endpoint Protection Status -- Disabled Endpoints
I need a solution
Hello All,
On the SEPM Home screen Dashboard, under Endpoint Protection I see Disabled count continues to grow. I would like to know why these clients are getting disabled and how can I force them back to enabled. [SEPM 14.2]
Thank you.
0
↧