Hello All,
Good Morning ,
I have some sep clients running with latest sep version and they are not getting the definition from the SEPM console after they upgrade .
We have created the correct the SEP packge for deploment ,But the still steps are not getting uptodate.
we did the all basci troubleshooting steps... I request anyone has same issues in latest version 14 mp1 .
Here's the architecture
Site 1 (Production Site)
SEPM Server
172.17.21.154:8014
Site 2 (DR Site)
SEPM Server
172.22.23.140:8014
Site 1 is replicating to Site 2.
We want the second site to be available to the clients if the first site is not. So how should the server priority list be setup? Should it be setup the opposite on site 2?
Is this correct?
From Site 1 SEPM
Priority 1
172.17.21.154
Priority 2
172.22.23.140
From site 2 SEPM
Priority 1
172.22.23.140
Priority 2
172.17.21.154
Site priority settings don't replicate? If I setup site 2 it won't overwrite to site 1?
As part of reviewing SEP for our use, I've checked the SSL/TLS configuration from the list of URL's that are available on Symantec that need to be accessible and may requrie outbound firewall rules. I was quite surprised that there are 12 URL's that still have SSLv3 and TLSv1.0 enabled, it would also be a good practice to dissable TLSv1.1.
Does anyone know the best way to get this looked at?
| faults.norton.com |
| avs-avpg.crsi.symantec.com |
| bash-avpg.crsi.symantec.com |
| central.b6.crsi.symantec.com |
| central.nrsi.symantec.com |
| central.avsi.symantec.com |
| pki-scep.symauth.com |
| shasta-clt.symantec.com |
| shasta-mr-healthy.symantec.com |
| shasta-mr-clean.symantec.com |
| shasta-nco-stats.symantec.com |
| stnd-ipsg.crsi.symantec.com |
On a server, I get pop-ups indicating that an IP adddress wil be blocked for xxx seconds
1. In SEPM, where can I see a list of all the currently blocked IP addresess
2. How can I remove from the blocked list an IP adddress that is False Positive ?
Thanks,
Steve
Hello
Can you please tell me what are the uninstallation risks when we will remove the Symantec Endpoint Protection from the enterprise.
For example.
Client machines will be restart after uninstallation.
what are more risks can happend.
Second thing I want to know: When we will uninstall the Symantec Endpoint Protection then what should be our planning? First we will uninstall it from the client machine then we will decommision the Symantec Server?
Regards
Hello All,
I am just getting used to the forum so I hope I am in the correct location. I was asked whether or not we can receive all Symantec notifications with the information in the email directly rather than a HTML attachment to the email. I have seen several posts about wanting attachments but we are looking to go the opposite direction and have the who,what,when,where in the email without having to open an attachment to see it.
I know some notifications give the option type for summary report or Event list but is there a global/general setting for all notifications to just send text without attachments?
v/r
Rocky Ramirez
I have several clients that no longer update. They show as connected to SEPM. SEPM shows that all cleints have completed the "Update Content" command. I can see on the client list that they have not updated and verfy it by phyicall checking each machine. When running SymDiag on a failed client the client will update as they should so I do not see any error messages. This also happened last month and I got around it by deleting the clients and pushing the package back out to them. This worked for 3 weeks and now I have the same problem.
Hola buenas
Estoy implementando SEPM en mi empresa y todo perfecto. El problema es que por error deje abierta la politica de excepciones para algunos usuarios. Me gustaría poder saber que excepciones han creado los usuarios y como revertirlas, pero no consigo saber como. Hay alguna manera?
Un saludo y gracias
**
I am implementing SEPM in my company and everything is perfect. The problem is that by mistake leave the policy of exceptions open for some users. I would like to know what exceptions users have created and how to reverse them, but I can not find out how. Is there any way?
Hello
Can you please tell me what are the uninstallation risks when we will remove the Symantec Endpoint Protection from the enterprise.
For example.
Client machines will be restart after uninstallation.
what are more risks can happend.
Second thing I want to know: When we will uninstall the Symantec Endpoint Protection then what should be our planning? First we will uninstall it from the client machine then we will decommision the Symantec Server?
Regards
Hello All,
I am just getting used to the forum so I hope I am in the correct location. I was asked whether or not we can receive all Symantec notifications with the information in the email directly rather than a HTML attachment to the email. I have seen several posts about wanting attachments but we are looking to go the opposite direction and have the who,what,when,where in the email without having to open an attachment to see it.
I know some notifications give the option type for summary report or Event list but is there a global/general setting for all notifications to just send text without attachments?
v/r
Rocky Ramirez
Hello,
My network has multiple groups with several location policies enabled for each.
One of the back-up policies allows clients to connect if they do NOT belong to a certain subnet, but I keep running into groups where clients are using that policy even though their address is in the "blocked" subnet.
Any help in understanding this behavior would be appreciated.
Thanks in advance.
Our company heavily utilizes Device Control to restrict and grant external storage devices access rights to users and removing those devices that are no longer in use is a massive headache as there is no sorting abilities or 1 click remove function. Will Symantec ever look into providing such functionalities for managing it easier?
Right now I have slowly scroll and comb through to manually delete them one by one which really makes the eyes spin.
I have a number of SEP licenses under different serial number. The licenses are for different entities that we provide the AV service to. The client computers of each entity is put into a group so that they can be managed properly.
I would like to know if there is a way to assign each of the licenses serial number to a particular group.
At present whenever an entity deploy a PC with the SEP client installed, it uses any available license from any group.
For sake of elaboration, for example, I would like to attribute a serial number abc to PCs of entity A in group A so that it uses only the licenses in serial number abc and not from serial number xyz.
Is it feasible?
Thank you
Hello,
I have downloaded the newest installer from Symantec, "14.2MPI x64 - 14.2.1031.0100". Downloaded on 12-17-2018 so this is currently the most recent Windows Server Installer.
We install this on Windows Servers ranging from 2012 to 2019. After the installation completes, on both the client and the management console I get a prompt to reboot. In the logs on the client before it even downloads any definitions, I get the following error: "Please restart your computer to enable Application Control Policy changes."
Also in the Status - Symantec Endpoint Protection it has: "There is one warning. - Symantec Endpoint Protection requires a restart. Please reboot your computer."
This generally causes concern from our customers/clients because they see this and think their server is not being protected by SEP, and most of these servers need to be scheduled for off hours reboots. Is there a work around or does anyone have any advice?
Thanks in advance!
- Chris
Hi,
We have this issue. I think it's quite important for Symantec to be fixed because now there are many people use container for their application.
SEP cannot detect a threat that is created inside the container, whether it is written on the docker ephemeral filesystem, or the persistent volume (mounted using -v flag).
We use Docker version: 18.03 Linux version: 16.04 SEP version: 14.2 MP1
We already contacted support many times about this, and they said there is no timeline to fix this issue.
Could you help to solve this issue?
Thank you.
When will the Windows 10 1903 be supported for SEP?
Hello
we have Linux servers without internet connectivity. we are trying to setup LUA server in DMZ and configuring Apache server in DC zone.
the Apache server should get the update from the local LUA. the linux server will communicate with Apache server to get the update. please find below Apache Http.config file.
# SEPM_APACHE_AS_PROXY_START Preserve this line to maintain configuration across SEPM upgrades
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule cache_module modules/mod_cache.so
LoadModule cache_disk_module modules/mod_cache_disk.so
LoadModule setenvif_module modules/mod_setenvif.so
<IfModule mod_proxy.c>
<IfModule mod_cache.c>
<IfModule mod_cache_disk.c>
<IfModule mod_setenvif.c>
SetEnvIf Request_URI "/luproxy/" dolog
SetEnvIf Request_URI "/luproxy/.*_livetri.zip" no-cache
CustomLog "|| bin/rotatelogs.exe logs/access-%Z.log 25M" common env=dolog
</IfModule>
ProxyPass /luproxy/ http://172.30.40.21:7070/clu-prod retry=0 smax=0 ttl=60
CacheRoot "cache-root"
# CacheRoot is a path defined relative to [SEPM_Install]/apache/
CacheEnable disk /luproxy/
CacheDirLevels 1
CacheDirLength 5
# directives to override any caching prohibitions in LiveUpdate content headers
# see TECH230862
CacheStoreNoStore On
CacheIgnoreCacheControl On
CacheStoreExpired On
CacheIgnoreHeaders Cache-Control Pragma
#allow downloads up to 1 GB
CacheMaxFileSize 1000000000
</IfModule>
</IfModule>
</IfModule>
# SEPM_APACHE_AS_PROXY_END Preserve this line to maintain configuration across SEPM upgradesWe have an application that is collecting security information from our supported devices.
We want to extract from SEPM a list of managed clients and their status.
Ideally, running this from command line and having it write to disk (or screen) would be optimal. Failing that, a scheduled report that would write it's results to disk where our application could pick it up. Or an existing log file we could scan.
Hi All,
Issue:
Our prev. SEP: 14.2
New version: 14.2 MP1
We did upgrade on Win10 clients with SCCM.
Now we see in SEPM a big number of machines with out-dated IPS and SONAR Definitions.
We did a check under logs and we found error that definitions failed to load ( but without any specific error number )
SymDiag on affected machine is showing something like this.
Any advise ?
Thank you in advance.
I have a bit of an issue. The previous IT person installed Endpoint Protection but didn't leave me the username. I know I can change the password, and see that but it doesn't do me any good if I don't know the username. I have tried admin and administrator. Is there a way to recover or change the username for access?
thank you,
Brandon