Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all 10484 articles
Browse latest View live

SEP Syslog(or Event log)

May 24, 2019, 7:52 am
$
0
0
I need a solution

Hello All,

I'm using SEP v14.

And I'm trying to forward SEP Syslogs to our SIEM.

But, I can't find Syslog format. To normalize in our SIEM, I have to know about syslog format which is coming in SIEM.

After nomalizing, we can monitor it with this.

Also, I'm trying to get Windows Event ID to monitor AV for us from SEP.

So, My question is..

1. Where can I get syslog format?

2. Where can I get Windows Event ID for AV monitor?

Thank you in advance for any assistance.

0
Search

SEPM 12.1 - Unexpected server error pertaining to Java

May 24, 2019, 10:59 am
$
0
0
I need a solution

Hi! We re are continously having an error in our SEPM. Please see below for the entire Stack Trace. 

Please advise.

java.lang.NumberFormatException: This is not an valid IP address. at com.sygate.scm.util.Utility.getIpLong(Utility.java:530) at com.sygate.scm.server.agentmanager.actions.AgentRegisterHandler.registerComputer(AgentRegisterHandler.java:958) at com.sygate.scm.server.agentmanager.actions.AgentRegisterHandler.agentRegister(AgentRegisterHandler.java:349) at com.sygate.scm.server.agentmanager.actions.AgentRegisterHandler.handleRegistrationRequest(AgentRegisterHandler.java:300) at com.sygate.scm.server.agentmanager.actions.AgentRegisterHandler.handleAction(AgentRegisterHandler.java:204) at com.sygate.scm.server.agentmanager.AgentRequestHandler.handleRequest(AgentRequestHandler.java:90) at com.sygate.scm.server.agentmanager.AgentRequestHandler.handleAction(AgentRequestHandler.java:130) at com.sygate.scm.server.agentmanager.AgentRequestHandler.handleRequest(AgentRequestHandler.java:90) at com.sygate.scm.server.servlet.AgentServlet.doPost(AgentServlet.java:62) at javax.servlet.http.HttpServlet.service(HttpServlet.java:646) at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at com.sygate.scm.pool.HttpResponseFilters.doFilter(HttpResponseFilters.java:82) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) at org.apache.catalina.valves.ErrorReportValve.in
0

CVE-2019-0708

May 24, 2019, 12:40 pm
$
0
0
I need a solution

We are currently running a hybrid environment as we are moving from SEP12 to SEP14, so this question pertains to both versions. 

Has Symantec released any signatures or behavioral/heuristic detection rules for CVE-2019-0708? Thanks.

0
1558729566

Folders exclusion does not seem to work

May 27, 2019, 8:01 am
$
0
0
I need a solution

Hi everyone, I need an hint about folder exclusion.

I'm a software developer, and a customer of my company uses an ERP we provide. It is a standalone app installed on about 100 clients. Every client also has a Symantec Endpoint Protection client installed. Every time we install or update our ERP, SEP deletes (or quarantine) some DLLs, but it is a false positive.

We asked our customer to add an exception in the server configuration to exclude our folders from being scanned, but it seems that is doesn't work. The customer said that, despite the exception, SEP always scans the DLLs everytime they change, and therefore they are quarantined with every update.

Is there a way to solve this problem? We can't submit a false positive for our DLLs due to the very rapid update of our software (we release a new version every 3/4 days), and we don't know how to deal with the problem.

Thanks for the support!

0

[SEP]Install Rollbank, SEP_INST.LOG Display "RunSymEFAQuery: exitCode converted from HRESULT: 13"

May 27, 2019, 8:48 am
$
0
0
I need a solution

Hello Everyone

1# Have any one have the same issue. SEP_INST.LOG Display Return Value 3 is ...

MSI (s) (44:D8) [15:57:43:743]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIC795.tmp, Entrypoint: RunSymEFAQuery
動作開始 15:57:43: RunSymEFAQuery。
RunSymEFAQuery: cmdline: "C:\TEMP\NTPCSEPMSI64\Program Files\Symantec\Name\Version\Bin\EFAInst.exe""Symantec Endpoint Protection 14.2.3332.1000" /query
RunSymEFAQuery: exitCode converted from HRESULT: 13
RunSymEFAQuery: The SymEFA installer query had an unexpected exit code. The current installation will fail and rollback!
CustomAction RunSymEFAQuery returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
MSI (s) (44:94) [15:57:44:292]: Machine policy value 'DisableRollback' is 0
MSI (s) (44:94) [15:57:44:292]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 
動作結束 15:57:44: RunSymEFAQuery。傳回值 3。

I have create CASE, but chine support tell me don't know this error code detail....

Thanks

0

Info:Content download to the server failed. Symantec Endpoint Protection Manager could not update Symantec Endpoint Protection Manager Content Catalog 14.0 RU1.

May 28, 2019, 12:00 am
$
0
0
I need a solution

Im having problem with liveupdate it says below

Info:Content download to the server failed.
Symantec Endpoint Protection Manager could not update Symantec Endpoint Protection Manager Content Catalog 14.0 RU1.

Product:Symantec Endpoint Protection Manager Content Catalog 14.0 RU1
Version:
Language:
Monikers:,{FEFE68E7-0A93-1A98-2647-DB8261242A06}
Sequence:
PublishDate:
Revision:0
Source:Public LiveUpdate Server (Symantec LiveUpdate Server)
Size(in bytes):-1

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

-<System>

  <Provider Name="SEPM" />

  <EventID Qualifiers="0">7201</EventID>

  <Level>3</Level>

  <Task>2</Task>

  <Keywords>0x80000000000000</Keywords>

  <TimeCreated SystemTime="2019-05-28T06:33:47.000000000Z" />

  <EventRecordID>59620</EventRecordID>

  <Channel>Symantec Endpoint Protection Manager</Channel>

  <Computer>SMARTSEPSVR01.smart.LOCAL</Computer>

  <Security />

  </System>

-<EventData>

  <Data>Info:Content download to the server failed. Symantec Endpoint Protection Manager could not update Symantec Endpoint Protection Manager Content Catalog 14.0 RU1. Product:Symantec Endpoint Protection Manager Content Catalog 14.0 RU1 Version: Language: Monikers:,{FEFE68E7-0A93-1A98-2647-DB8261242A06} Sequence: PublishDate: Revision:0 Source:Public LiveUpdate Server (Symantec LiveUpdate Server) Size(in bytes):-1</Data>

  </EventData>

  </Event>

Below screenshot shows the Symantec Endpoint Protection Manager Content Catalog 11.0

Here's what i already do but still the content catalog 11 is still there. We are running in version 14 now

Deleted files in here C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager and run liveupdate. 

reinstall liveupdate . Update Lucatalog

0

Roaming Clients and SEPM/Cloud

May 28, 2019, 12:39 am
$
0
0
I need a solution

Hello Mates,

A question on the cloud option in SEP14.2 where we can have an extension of SEP in the cloud for the romaing endpoints that do not have access to the SEPM.

Is it mandatory for the endpoint after the client install, to at least connect to the SEPM once?
The point I am asking here is, can we export the client install package from the SEPM for a specific Group in SEPM and then deploy it on a roaming computer which can never connect to the SEPM and then manage the endpoint from the cloud console permanently ?

Regards
Fawaz M

0

What does "Clean Security risk" status mean in the 'view log' menu?

May 28, 2019, 8:59 am
$
0
0
I need a solution

Hello!

Found out that one of my PCs was infected, what does the status in the title mean?

Thanks!

0
Search

Moving to new SEPM server, new IP, new name and new domain...

May 28, 2019, 12:23 pm
$
0
0
I need a solution

Our MS 2008 server SEPM 14 RU1 MP2 server is coming to its end, we will be moving to a new 2016 server with a new IP, new name and new domain.  We are in a large Gov't enterprise, hence being dictated to move to the new domain for the new server.  Obviously there will be much pain in the firewall rules, trusts, etc.  I have been down that road before, it's ugly but can and will be done.  My question is this, which method would be best to migrate over,  setting up the new server as a Replication Partner, or new Site Partner?  The database is already on a newer server, so that will remain as it is.  We will also have to migrate our DMZ server, but that will be a separate nightmare of firewall rules and etc. to deal with.  Any advise or thoughts on the best method for the SEPM move is appreciated.

0

Need suggestion, Want to Install SEPM 14.2 alongside WSUS

May 29, 2019, 12:17 am
$
0
0
I need a solution

I have WSUS Server in Windows Server 2012. Can I install SEPM 14.2 alongside WSUS Server? Will it be problem with them? Can their client's still receive updates perfectly?

0

Symantec Endpoint Protection keeps stopping

May 29, 2019, 5:17 am
$
0
0
I need a solution

When I try to open the GUI I get the message "symantec endpoint protection cannot open because some symantec services are stopped. restart the symantec services and then open the symantec endpoint protection". 

I ran the SymDiag, attached the diagnostic file.

Sep Build 14.2 MP1

Windows Build 1809

Can you help me? Thanks.

0

Symantec email proxy - temp directory

May 29, 2019, 12:35 am
$
0
0
I need a solution

hi 

I use SEP 14.1 on Win 7.

When i try to send  many email i have error (cannot access the temporary folder) (screen in attach).

How i can fix this blocking?

0

JAVA JRE not usable after upgrade to SEP 14.x

May 29, 2019, 2:13 am
$
0
0
I need a solution

Hello,

We have several servers with application that are using JAVA JRE 1.8.0.31 - 1.8.0.151.

After upgrade to SEP 14.x the application could not use the installed JRE environment anymore.

After poiting the environment variable for this application to <JDK install dir>\jre they worked again.

Is there someone having similar experiences after upgrade to 14.x

Thanks

Jim Bon

0

Single 2008R2 SEP v14 upgrade to 2016 SEP 14.2

May 29, 2019, 2:49 am
$
0
0
I need a solution

Hi,

We have a single Endpoint Protection Server version 14.0.1904 running on Windows 2008R2 Server. I am looking to upgrade the version of SEP to 14.2 and install on to a new Windows 2016 Server. 

The SEP database is on the SEP Server.

There is documentation around performing an in place upgrade on the same server but I've not seen anything about upgrading and migrating to a new server.

Is there documentation that discusses this approach or is there a recommended approach to take for this?

There is the option to Export Server Properties. Would this enable a full server export and then import to a version 14.2 server or would it only work on a server running the same version? There is also the Server Private Key Backup. What would the approach be around this?

Many thanks

Ben

0

Definitions

May 29, 2019, 5:55 am
$
0
0
I need a solution

Need TECH articles for the below

1)  How many times Symantec releases definitions?

2)  How to configure clients to contact the GUP only once per day?

3)  How to configure the clients to download CERTIFIED DAILY LIVEUPDATE definitions?

0
Search

how to disable cancellation notice- SBE 2013

May 29, 2019, 9:33 am
$
0
0
I need a solution

I transitioned to SEP C from SBE. My endusers recieved the notification below, how do I disable? 

Dear-

X reseller no longer manages your account. As a result, your Symantec Endpoint Protection Small Business Edition subscriptions provided by your managed service provider have been cancelled. This means that your account is in a suspended state:

• Your ELS keys are expired
• Your deployed Endpoint Protection agents no longer receive updates

Your action is required to restore Endpoint Protection services to your organization. For 60 days, your Endpoint Protection agents function without updates. You can:

• Renew your services through the Symantec e-store
• Renew your services through another managed service provider

If you feel you have received this email in error, either:

1. Contact your reseller or managed service provider for more information.
2. Contact Customer Support.

0

SEPM DBA password change

May 30, 2019, 4:02 am
$
0
0
I need a solution

(Symantec Endpoint Protection Manager 14.2)

I was trying to change the DBA password for the symantec SEPM according to link below using the "Management Server Configuration Wizard" but only to fail with following exibit. I need to know why this is hapenning. Please do reply if you have any thoughts about this.

https://support.symantec.com/en_US/article.HOWTO81184.html

(SEPM database is configured to use Sybase & this particular instance is the AWS marketplace image.)

0

Scheduling Clients for definitions

May 30, 2019, 6:02 am
$
0
0
I need a solution

Is it possible to schedule the clients to contact the GUP for definitions only once per day?  If Yes or No, need a supportive document for the same.

I am unable to find a document that, SEP Client cannot be scheduled to fetch definitions from GUP.  Request your expertise on the same.

0

Outlook Popup Issue

May 30, 2019, 7:49 am
$
0
0
I need a solution

Hi All,

In one of the region were frequently getting the out look pop up issue in most of the machines, the pop up we get is  "A program is trying to access the email information stored in outlook. If this is unexpeted,click Deny and verify your antivirus software is up to date".

Even though the AV is updated, we are getting this pop up  frequently.

Note: Machine is updated with latest virus definition- every thing looks green.

Kindly assist me in this case.

Regards,

Harish

 

0

Default Group / log from OU Syncronized - SEPM

May 30, 2019, 11:30 am
$
0
0
I need a solution

Dear,

You can help me with this two questions:

1_In the SEPM console, the computers in the Default Group can by move manually to another OU? the option "Sync Now" in the default group appears but its not possible to do, its correct? By default all the new computer store in this group? 

2_Its possible to know how are the OU syncronized from my Active directory an how is the OU created in SEPM console? there is any log file to check?

Regards

Miguel Angel

0
Viewing all 10484 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>