Unblocking all files within a folder for whitelist

April 4, 2019, 11:01 am

≫ Next: User mode communication settings

≪ Previous: Endpoint Protection username recovery

$

0

0

I need a solution

I have a managed SEP 12.1.4 installed on a Windows 7 computer with a whitelist enabled. One of the applications installed creates a series of temporary executables within the C:\Users\Username\Temp\.... folder. The file fingerprint does not capture these executables because their filename is different each time the application is run. Is there any way to create an exception to unblock the low-level folder within Temp and all of its files?

I found this article: https://support.symantec.com/en_US/article.TECH104326.html 

I tried creating a folder exception in SEPM and applied it to the application and device control policy but it didn't seem to make a difference.

0

---

User mode communication settings

April 5, 2019, 7:36 am

≫ Next: SEP 12.1 on Server 2003

≪ Previous: Unblocking all files within a folder for whitelist

$

0

0

I need a solution

Hi I have installed a new symantec server.Now i want to migrate the old users from old server to new one.For that i have export the the user mode communication settings from new server.If i import the user communication setting in client machine it is comming to computer mode in sepm.I am changing to user mode manually.How to do user mode directly?

0

SEP 12.1 on Server 2003

April 5, 2019, 8:15 am

≫ Next: LiveUpdate Failed

≪ Previous: User mode communication settings

$

0

0

I need a solution

Hi All,

I have some legacy clients running Windows Server 2003 and would like confirmation that the latest version of SEP that can be installed ?

From the Symantec website im not finding it clear if is SEP 12.1 RU6 MP6 or if i can go as high as SEP 12.1 RU6 MP10

I also can not find any information on how long the definitions will be available for download on 12.1 ? Or if SEPM14 console can manage SEP 12.1 clients ?

Any help would be appreciated. 

Thanks. James.

0

1554479156

LiveUpdate Failed

April 5, 2019, 10:25 am

≫ Next: Cannot Upgrade Missing User

≪ Previous: SEP 12.1 on Server 2003

$

0

0

I need a solution

I'm running SEPM 12.1.7369.6900 on Windows 7 Pro 64-bit. My firewall allows SEPM machine to access the internet over FTP only. This machine has been updating virus defs automatically for many years without any problem. Recently I notice it stops updating around the last week of March 2019.

I've looked at Log.LiveUpdate, trying to make some sense out of it but can't figure out where it fails. Did anything change on the (FTP) server side? I can provide the log if necessary.

0

Cannot Upgrade Missing User

April 6, 2019, 3:28 pm

≫ Next: Symevent overlap BSOD

≪ Previous: LiveUpdate Failed

$

0

0

I need a solution

So I am trying to upgrade our current SEPM 12.1.8 to 14.0 MP1 and keep getting an error saying that NT Service\semapisrv does no have the correct right.

Now I have found many articles that say how to add the writes but the issue is when I go do add them the user does not exist.

I will say again and in bold as well as I have seen many state to add the right but

THE USER DOES NOT EXIST.  So how can I add the user to the proper right if the the user DOES NOT EXISTS

Everything I am finding keeps pointing me to this

https://support.symantec.com/en_US/article.TECH228...

Which is fine and all, to add the correct users, but what happens when THE USER DOES NOT EXIST

Sorry for the bold's but I need to make sure the point is across, as a alot of places point to that article

 

0

Symevent overlap BSOD

April 6, 2019, 8:39 am

≫ Next: SEPM is compaitble with Server2019?

≪ Previous: Cannot Upgrade Missing User

$

0

0

I need a solution

Norton Security Suite v. 22.15.2.22. BSOD on Symevent overlap of address regions for BHDrvx86 while watching Netflix and PBS News on NorCal Camp Fire Vista loaner system [pls note jeers notably over-stocked]. Assuming Support/Updating Symevent files for Symantec Endpoint Protection 11.x client link found elsewhere here outdated/not applicable. Norton's support trigger spins through quick check Autofix to show Internet Connectivity Host File Cleanup - Success; Installation - Failed (installation of what, unknown). Clicked Open Support website as directed, goes to https://support.norton.com/sp/en/us/norton-securit... Norton Remove and Reinstall Tool. Likely never find my way back so will try later if nothing else comes up here. Sorry if posted to wrong place, first rodeo [duh] with Symantec online support forums via DuckDuckGo. WinDBG Loading Dump File [C:\Windows\Minidump\Mini040219-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\dev\symbols*http://referencesource.microsoft.com/symbols;SRV*c:\dev\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (4 procs) Free x86 compatible Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 6002.24202.x86fre.vistasp2_ldr.170913-0600 Machine Name: Kernel base = 0x83440000 PsLoadedModuleList = 0x83558c70 Debug session time: Tue Apr 2 12:14:21.179 2019 (UTC - 7:00) System Uptime: 0 days 16:08:51.450 Loading Kernel Symbols ............................................................... ................................................................ .............. Loading User Symbols Loading unloaded module list ....... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 29, {3c1a88d1, c000000d, 3c1a88d1, 3c1a88d1} *** WARNING: Unable to verify timestamp for SYMEVENT.SYS *** ERROR: Module load completed but symbols could not be loaded for SYMEVENT.SYS Probably caused by : SYMEVENT.SYS ( SYMEVENT+1b10 ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SECURITY_SYSTEM (29) Arguments: Arg1: 3c1a88d1 Arg2: c000000d Arg3: 3c1a88d1 Arg4: 3c1a88d1 Debugging Details: ------------------ OVERLAPPED_MODULE: Address regions for 'BHDrvx86' and 'BHDrvx86.sys' overlap CUSTOMER_CRASH_COUNT: 2 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0x29 PROCESS_NAME: nortonsecurity. CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from 83658162 to 8350defd STACK_TEXT: b4e5a514 83658162 00000029 3c1a88d1 c000000d nt!KeBugCheckEx+0x1e b4e5a534 83658503 8a1f5518 00000003 00000000 nt!SeDefaultObjectMethod+0x27 b4e5a570 83672667 b4e5a700 00000001 8a1f5518 nt!ObAssignSecurity+0x77 b4e5a6a4 8365980e 8a1f5518 b4e5a7d0 001fffff nt!ObInsertObject+0x54a b4e5a754 83659ec3 8a1f5518 89baf3c8 b4e5a9a0 nt!PspInsertThread+0x269 b4e5a8a0 8365dc52 03e0f910 001fffff 00000000 nt!PspCreateThread+0x282 b4e5acb0 99b3cb10 03e0f910 001fffff 00000000 nt!NtCreateThreadEx+0x133 WARNING: Stack unwind information not available. Following frames may be wrong. b4e5ad30 8348ae86 03e0f910 001fffff 00000000 SYMEVENT+0x1b10 b4e5ad30 00000023 03e0f910 001fffff 00000000 nt!KiSystemServicePostCall 00000000 00000000 00000000 00000000 00000000 0x23 STACK_COMMAND: kb FOLLOWUP_IP: SYMEVENT+1b10 99b3cb10 ?? ??? SYMBOL_STACK_INDEX: 7 SYMBOL_NAME: SYMEVENT+1b10 FOLLOWUP_NAME: MachineOwner MODULE_NAME: SYMEVENT IMAGE_NAME: SYMEVENT.SYS DEBUG_FLR_IMAGE_TIMESTAMP: 5a95cc1d FAILURE_BUCKET_ID: 0x29_SYMEVENT+1b10 BUCKET_ID: 0x29_SYMEVENT+1b10 Followup: MachineOwner --------- 0: kd> lmvm SYMEVENT start end module name 99b3b000 99b53000 SYMEVENT T (no symbols) Loaded symbol image file: SYMEVENT.SYS Image path: \??\C:\Windows\system32\Drivers\SYMEVENT.SYS Image name: SYMEVENT.SYS Timestamp: Tue Feb 27 13:22:37 2018 (5A95CC1D) CheckSum: 0001B071 ImageSize: 00018000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

0

SEPM is compaitble with Server2019?

April 8, 2019, 7:08 am

≫ Next: Uninstalling endpoint protection

≪ Previous: Symevent overlap BSOD

$

0

0

I need a solution

Hi,

i am going to install SEPM 12.1.6 client on the Server 2019.

it gives me error when i click on the setup.

is it possible to install on server 2019 and will it work with SEPM 12.1.6?

OR how to make client package for the server.

0

Uninstalling endpoint protection

April 8, 2019, 7:27 am

≫ Next: SEP 12.1.7454.7000

≪ Previous: SEPM is compaitble with Server2019?

$

0

0

I need a solution

Symantec Endpoint Protection has appeared on my machine without my approval. My computer is not in a domain nor is it managed by anyone other than me. I seem to be unable to remove the software and your CleanWipe doesn't work. How do I get this piece of malware off my computer? 

0

---

SEP 12.1.7454.7000

April 8, 2019, 9:39 am

≫ Next: Low altitude ProcMon

≪ Previous: Uninstalling endpoint protection

$

0

0

I need a solution

According to this article SEP version 12.1.7454.7000 contains bug fixes and it's available. I signed in to https://symantec.flexnetoperations.com/control/sym... but version 12.1.7454.7000 is not available for download.

How do I get version12.1.7454.7000? I can't use version 14 yet.

0

1554748518

Low altitude ProcMon

April 9, 2019, 1:07 am

≫ Next: Firewall Rule To block server access from Client system

≪ Previous: SEP 12.1.7454.7000

$

0

0

I need a solution

Hello,

I was asked by Symantec to run low altitude ProMoc because we are currently having some issues with "Memory Exploit Mitigation" policy and they provided this article below:

https://support.symantec.com/en_US/article.TECH247178.html

So when I go to this section Generate a low-altitude Process Monitor trace and click on ProcMonLowAlt.zip it redirects me to Symantec Box and nothing there.

Did anyone use this before and did it work from the article?

0

Firewall Rule To block server access from Client system

April 10, 2019, 1:18 am

≫ Next: SEP Replication Partner Failover?

≪ Previous: Low altitude ProcMon

$

0

0

I need a solution

Unable to block server access from the client Even creating Firewall Policy on sepm.

0

SEP Replication Partner Failover?

April 10, 2019, 2:05 am

≫ Next: SEP 15: April 10 2019 : status?

≪ Previous: Firewall Rule To block server access from Client system

$

0

0

I need a solution

Hi,

Is it possible ot configure autofailover between replication partners?

At the moment i I have a central base with multiple sites using a single replicaiton partners communicate with this central base.

How its currently configured means I have a single point of failure on each site, if the replcation server on any remote was to fail then communicateion would be lost until its restored.

I have 2 SEPMs on each site, the first SEPM was instralled and configred as a replication partner and the second one was confiugured as a site partner.

Can i configure replcation failover between both SEPMs on these remote sites?

Thanks,

Jamie

0

SEP 15: April 10 2019 : status?

April 10, 2019, 4:05 am

≫ Next: SEPM 14 status as 'Quarantined' and 'Remediation in progress' for same file same time

≪ Previous: SEP Replication Partner Failover?

$

0

0

I need a solution

Hi all, 

I'm a Symantec partner and I don't have a straight answer as to whether SEP 15 is available yet.  How sad is that?  I have accounts with distributors.  Searching their product databases, I don't see SEP 15.  Rently I attended a webinar from Symantec that said SEP 15 will be GA in Apri/May.  

And yet, for clients that have existing SEP maintenance (and running SEP 14), it seems 15 IS available via Fileconnect.  I haven't followed the link through yet to see where it leads.  

But the bottom line:  if it's 'partially' available, don't do that.  Make it fully available, or not at all.  And be more clear about yoru marketing on teh website - this has been a real problem for Symatnec for a long time - they just cannot find a way to put out a consistent message.  I'm a long-time loyal Symanec partner, and customer, but this type of stuff is really challenging to put up with.  

0

SEPM 14 status as 'Quarantined' and 'Remediation in progress' for same file same time

April 9, 2019, 9:52 pm

≫ Next: Windows Server 2007 Protection

≪ Previous: SEP 15: April 10 2019 : status?

$

0

0

I need a solution

Hi Team, I have observed SEPM 14 status for one of file 'p4w.exe' as initially this file has been 'quarantined ' then this file action is 'Remediation in Progress' (PFA). Does this means now SEP has completed its action ( as file is quarantined) and no further manual scan required to remove this file without any further investigation or still we need to run full scan to remove file manually.??

Take An Action	Time	Virus found
(Remediation in progress)	04/09/2019 02:00:08	Trojan.Gen.2
(Quarantined)	04/09/2019 02:00:08	Trojan.Gen.2

0

• SEPM.PNG

Windows Server 2007 Protection

April 10, 2019, 6:53 am

≫ Next: Moving SEPM SQL from 2012 to 2016

≪ Previous: SEPM 14 status as 'Quarantined' and 'Remediation in progress' for same file same time

$

0

0

I need a solution

We have a Windows Server 2007 computer that has Endpoint Protection version 11.0 which has an expired license. I would like to reactivate the license and get my system protected. I am told that Server 2007 is no longer supported and that I would have to upgrade to at least Server 2008. Can anyone shed some "light" on this? Can I upgrade to Endpoint version 12.0 which I have been told by others that it should work with my Server O.S.

After chatting serveral times with Symantec , I'm getting the feeling they are just wanting to sell the newer 14.0 version. Maybe there is something else available?

Thanks for any help on this matter..

0

---

Moving SEPM SQL from 2012 to 2016

April 10, 2019, 7:55 am

≫ Next: SEP 14.2 breaking file vault encrypted macs post install.

≪ Previous: Windows Server 2007 Protection

$

0

0

I need a solution

I've followed and shared the migration instructions with our DBA per article https://support.symantec.com/en_US/article.TECH174821.html

I have a few questions...

• Do we really need to delete the existing SEM5 and reporter accounts from the DB after it has been migrated, or can we copy them over to the new DB?  Our DB didn't delete them, he copied the accounts, so I am wondering what problems this could cause.
• The SQL 2012 Client is installed on the SEPM server.  When I run the Server Configuration Wizard and try to point to the new SQL 2016 instance on another server, it complains that it can't connect.  I had the DBA change the SEM5 password to something I decided and it just won't connect - the wizards wants the location of the correct version of the Client tools on the SEPM server - but this step isn't mentioned in the tech article.  Though it does make sense that it would need updated tools to connect to SQL 2016.

Just wondering if anyone has input on the two items above?  Our DBA said he got a bunch of errors trying to update the SQL client on the SEPM server, but of course didn't tell me what they were - just that they were realted to hotfixes and such.  I'm trying to get more info on that part now...

Moving from SQL 2008 to SQL 2012 went smoothly last year... 

0

SEP 14.2 breaking file vault encrypted macs post install.

April 10, 2019, 9:25 am

≫ Next: Upgrade from 14.0.3876.1100 to 14.2.0.1 (14.2 MP1) 14.2.1031.0100

≪ Previous: Moving SEPM SQL from 2012 to 2016

$

0

0

I need a solution

We are experiencing an issue where after SEP is installed on a encrypted mac and rebooted the mac does not make it past the login screen. There is a progress bar that sits at around 75% but does not progress further essentially "bricking" the device.

Is this a known issue? Has anyone experienced something similar?

0

Upgrade from 14.0.3876.1100 to 14.2.0.1 (14.2 MP1) 14.2.1031.0100

April 10, 2019, 11:13 pm

≫ Next: symantec Apache server with local LUA

≪ Previous: SEP 14.2 breaking file vault encrypted macs post install.

$

0

0

I need a solution

Hi Team,

Can i directely upgarde my symantec endpoint protection from 14.0.3876.1100 to 14.2.0.1 (14.2 MP1)    14.2.1031.0100?

Will this upgrade remove any existing non shared policies?

Currentely my management server is running on 14.0.3876.1100 and would like to upgarde to latest version, if 14.2.0.1 (14.2 MP1)    14.2.1031.0100 not applicable then which version would be good to install?

Regards
Dev

0

symantec Apache server with local LUA

April 4, 2019, 2:32 am

≫ Next: Upgrade from 14.0.3876.1100 to 14.2.0.1 (14.2 MP1) 14.2.1031.0100

≪ Previous: Upgrade from 14.0.3876.1100 to 14.2.0.1 (14.2 MP1) 14.2.1031.0100

$

0

0

I need a solution

Hello

we have Linux servers without internet connectivity. we are trying to setup LUA server in DMZ and configuring Apache server in DC zone.  
the Apache server should get the update from the local LUA. the linux server will communicate with Apache server to get the update. please find below Apache Http.config file. 

# SEPM_APACHE_AS_PROXY_START Preserve this line to maintain configuration across SEPM upgrades
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule cache_module modules/mod_cache.so
LoadModule cache_disk_module modules/mod_cache_disk.so
LoadModule setenvif_module modules/mod_setenvif.so
     
<IfModule mod_proxy.c>
  <IfModule mod_cache.c>
    <IfModule mod_cache_disk.c>
      <IfModule mod_setenvif.c>
        SetEnvIf Request_URI "/luproxy/" dolog
        SetEnvIf Request_URI "/luproxy/.*_livetri.zip" no-cache
        CustomLog "|| bin/rotatelogs.exe logs/access-%Z.log 25M" common env=dolog
      </IfModule>
      ProxyPass /luproxy/ http://172.30.40.21:7070/clu-prod retry=0 smax=0 ttl=60
      CacheRoot "cache-root"
      # CacheRoot is a path defined relative to [SEPM_Install]/apache/

 CacheEnable disk /luproxy/
      CacheDirLevels 1
      CacheDirLength 5

      # directives to override any caching prohibitions in LiveUpdate content headers
      # see TECH230862
      CacheStoreNoStore On
      CacheIgnoreCacheControl On
      CacheStoreExpired On
      CacheIgnoreHeaders Cache-Control Pragma

      #allow downloads up to 1 GB
      CacheMaxFileSize 1000000000
    </IfModule>
  </IfModule> 
</IfModule>
# SEPM_APACHE_AS_PROXY_END Preserve this line to maintain configuration across SEPM upgrades

0

Upgrade from 14.0.3876.1100 to 14.2.0.1 (14.2 MP1) 14.2.1031.0100

April 10, 2019, 11:13 pm

≫ Next: SEPM enrolled on cloud portal- client question

≪ Previous: symantec Apache server with local LUA

$

0

0

I need a solution

Hi Team,

Can i directely upgarde my symantec endpoint protection from 14.0.3876.1100 to 14.2.0.1 (14.2 MP1)    14.2.1031.0100?

Will this upgrade remove any existing non shared policies?

Currentely my management server is running on 14.0.3876.1100 and would like to upgarde to latest version, if 14.2.0.1 (14.2 MP1)    14.2.1031.0100 not applicable then which version would be good to install?

Regards
Dev

0