I need a solution
Hi Team,
SEP14 client on Linux, what is recomended for SElinux when we are going to Install SEP14 on that.
0
↧
SEP14 client on Linux
↧
Email Notification When PowerShell is in Use
I need a solution
Good day Good People,
I hope everyone is doing well. I was asked to find an option in Symantec that would genarate an email anytime a user either used or tried to
change any of the following files BAT, CMD, REG, VBS or Ps1 (powershell). I am looking on line to find this option but not finding anything
at this time.
Thank you in advance for your time and help
Keith P.
Network Security Analyst
City of Memphis
0
↧
↧
The client machine installs the wrong time and the time when the symatec scan virus is reported wrongly when the virus was detected
I do not need a solution (just sharing information)
The client machine installs the wrong time and the time when the symatec scan virus is reported wrongly when the virus was detected. It should be symatec end point manager to announce the presence of a virus even if there are no more viruses
The client has set the date to 2020 so if I want to not show the virus notification I will have to wait until 2020
0
↧
SQL Query
I need a solution
Hello ALL,
Im using ElasticSearsh as a SIEM for my SEPMs. Everything is working fine, Inventory, Malware... but im stuck in IPS detections, i need to knwo what is the SQL table in wich those events are stored
im using external SQL database
Thank you all for you help/assiatnce
Kind regards
N.Achraf
0
↧
Autorun.inf are blocked when copying to network drives
I need a solution
I have Application & Device control policy enforced to block autorun.inf.
People in software packaging team package new software to a folder so that can be deployed via SCCM.
But the package folder created also consists a autorun.inf file created as part of packaging.
The autorun.inf file is getting blocked when user tries to copy package folder to network share
I did not make any policy changes to 'block autorun.inf' ADC rules,
As part of their daily operation, a set of users creates packages with autorun.inf file and has to copy/move it from their PC to a network share.
Hence, can someone pls suggest how I can allow a successfull copy of autorun.inf file without ADC policy blocking it, only from a set of laptops, Thanks
0
↧
↧
SEP 14.2 RU1 Scheduled LiveUpdate not running
I need a solution
Environment: SEP 14.2 RU1, UNMANAGED CLIENT, Windows 7 Professional 64-bit
Issue: Scheduled LiveUpdate not running at configured interval of every 1 hour after reboot
We have an unmanaged client running SEP 14.2 RU1. LiveUpdate is configured to automatically run every 1 hour. We can log on to the client, invoke the client's UI and manually run LiveUpdate from the client's Status screen. LiveUpdate completes normally and the clients defs are updated. We can see in the client's System Logs where 1 hour after the manual LiveUpdate is run a message - "Scheduled LiveUpdate switched to configured interval". LiveUpdate runs immediately after this message is issued and at 1 hour intervals after that. If we shut the client down (like for a weekend) and reboot later, the scheduled hourly update doesn't run until we logon to the client and invoke LiveUpdate manually. This is an unmanaged client. It never connects to the SEPM.
Any ideas? Does anyone know if this is a defect in SEP 14.2 RU1? Is there a SEP 14.2 RU1 update out there?
Thanks,
Wally
0
↧
RDP Users Logging in to Terminal Servers - Some Experiencing Long Load Times/Black Screen
I need a solution
All servers in this environment are WS2012R2 running SEP 14.2U1. Previously had Kaspersky Endpoint 10 installed which did not cause this issue.
So, that being said, some users are experiencing VERY long load times upon logging in. After the "Applying Folder Redirection" notice, the blue logon screen goes away, the logon scripts execute, and then it sits at a black screen for upwards of 2-5 minutes before the desktop loads. It doesn't affect everyone, just a handful of accounts. Removing SEP from the terminal server seems to remedy the issue partly (though having it on the DC I think is still causing it to lag a bit).
Anyways, I'm not sure what the hang up is. Event logs don't show anything. Couldn't identify anything in WireShark, though, that may be due to me not filtering properly. Ran VMWare's Logon Monitor, but again, did not see anything specific. Do you think its scanning all of the account files at logon? Its become a real issue and I am considering going back to KEP simply because it is causing some nasty workflow disruptions.
Hope someone can help! And thank you in advance!
0
↧
SEP 14.2 RU1 Scheduled LiveUpdate not running
I need a solution
Environment: SEP 14.2 RU1, UNMANAGED CLIENT, Windows 7 Professional 64-bit
Issue: Scheduled LiveUpdate not running at configured interval of every 1 hour after reboot
We have an unmanaged client running SEP 14.2 RU1. LiveUpdate is configured to automatically run every 1 hour. We can log on to the client, invoke the client's UI and manually run LiveUpdate from the client's Status screen. LiveUpdate completes normally and the clients defs are updated. We can see in the client's System Logs where 1 hour after the manual LiveUpdate is run a message - "Scheduled LiveUpdate switched to configured interval". LiveUpdate runs immediately after this message is issued and at 1 hour intervals after that. If we shut the client down (like for a weekend) and reboot later, the scheduled hourly update doesn't run until we logon to the client and invoke LiveUpdate manually. This is an unmanaged client. It never connects to the SEPM.
Any ideas? Does anyone know if this is a defect in SEP 14.2 RU1? Is there a SEP 14.2 RU1 update out there?
Thanks,
Wally
0
↧
After SEP install on linux service can't start
I need a solution
I try to install SEP agent on CentOS7 , After I run install package. I checked install sepap-install.log show error
"symcfgd should not start at this
rtvscand should not start at this time
smcd should not start at this time"
How to resolve the issue?
0
↧
↧
How to disable Policy Memory Exploit ?
I need a solution
I need to disable Policy Memory Exploit. I can't uncheck Policy Memory Exploit.
I don't need SEP agent show error in image below. Do you have solution ?
0
↧
Endpoint Protecton 14 Default Network
I need a solution
Symantec 14.2_RU1(3335) - have a question about Default Network for Symatec.
I have a lot of NICs and some of theam are disabled. When I'm trying to do remote push - Symantec trying to use by default wrong network.
Is it possble to statically configure the network interfaces for SEPM / SEP to use?
Please see screenshots
0
↧
Client Connected But Doesn't Show in SEPM
I need a solution
Greetings,
I have 4 Windows 7 Standard Embeded machines on my network. I have the Symantec 14.2.0.1030.0010 Client installed on them with just A/V function. According to the Troubleshooting window for the server connected it shows "Connected" on port 443.
In the SEPM Console I added the A/D container under clients which shows all 4 computers. Funny part is all 4 show offline.
So what do I believe? The client or the SEPM?
And how do I fix it?
0
↧
Unsolicited incoming ARP reply detected
I need a solution
So here goes.....
SEP 14.2, Windows installation, Within the firewall policy the checkbox for Enable anti-MAC spoofing is turned on. All is good to here.
We have 3 sites, A, B and C. All clients have the same clients on them, they have not been updated since Feb and the SEPM hasn't been touched either.
In the last month we have seen several machine get the usual popup in the botton right of the desktop with - "Unsolicited incoming ARP reply detected, this is a kind of MAC spoofing that may consequently do harm to your computer. Packet data is shown in the right window."
Now, we can see in the logs some activity, like one here and there across the 2 other site `A` and `B`, but for the site `C` we are seeing a lot more, like 60 a day.
We know the ARP requests are coming from two (2) wireless contollers but not every client is alerting, off the 200 clients, only 3 have alerted so far.
First Question:
Is there a limit which is hit for a client which triggers the popup message on the client?
So in trying to get to the bottom of the issue and reading every community MAC/ ARP spoofing thread I have not been able to get any closer.
If I look at the logs in SEP under, monitor> logs> Network and Host exploit mitigation> Attacks and choose a device i have a question on the way it presents the log of a device when viewed in DETAIL view.
Log from the SEPM on the client
-----------------------------------------------
Client Affected
Computer Name
Current: LaptopHostname
When event occurred: LaptopHostname
IP Address
Current: 10.2.xx4.136 **(this is the actual Laptop's IP)
When event occurred: 10.2.xx4.254 **(This is the wireless controller/AP)
Local MAC: 1C4D7072Dxxx **(this is the Laptops MAC address)
User Name: Username
Operating system: Windows 10 Enterprise Edition
Location Name: Default
Domain Name: exampledomain.com
Group Name: My Company\exampledomain\Client Devices\C **(site `C`)
Server Name: xxx-SEPM-01
Site Name: Site:xxx_SEPM
Risk Detected
Event Time: 18/07/2019 18:04:29
Begin Time: 18/07/2019 18:03:25
End Time: 18/07/2019 18:03:25
Number: 6
Event Description: Unsolicited incoming ARP reply detected, this is a kind of MAC spoofing that may consequently do harm to your computer. Packet data is shown in the right window.
Event Type: MAC Spoofing
Hack Type: 0
Severity: Minor and above
Application Name: N\A
Network Protocol: Other
Traffic Direction: Inbound
Remote IP: 10.2.xx4.136**(this is the Laptops IP address)
Remote MAC: B40C25E08010**(this is the wireless controller/AP MAC address)
Remote Host Name: N/A
Alert: 1
Local Port: 0
Remote Port: 0
So I am confused with why the SEPM log has picked up the wireless IP address as its IP address (also actual client IP address and MAC) under - When Event Occured (under IP address section)? This then inturn looks like it then analysing the remote IP (which is the laptops actual IP address) and the Remote MAC of the wireless device, so all confused and now alerting.
Question 2
Am i reading the above log correctly?
Any help would be appreciated.
Thanks
0
↧
↧
Targeted Ransomware: Proliferating Menace Threatens Organizations
I do not need a solution (just sharing information)
Just raising awareness of this new (free!) blog post and white paper from Symantec Security Response:
Targeted Ransomware: Proliferating Menace Threatens Organizations
https://www.symantec.com/blogs/threat-intelligence/targeted-ransomware-threat
These attacks are launched every day. Take measures now to remain safe!
0
↧
Symantec Endpoint Protection Security Virtual Appliance
I need a solution
Hi,
where can i find Virtual Appliance for my Symantec Endpoint Protecion? When i login in my accont in mysymantec in download i can't anything. Maybe i should login to https://support.symantec.com/us/en/security-analyt...? My username and password from from mysymantec don't work.
0
↧
How to use SEPM to update definition for Linux client
I need a solution
Hi Guys,
We are testing Symantec endpoint protection 14.2 in our new project, which contains both windows OS and Linux OS.
My questions are as below:
1. I am not able to find Linux install package in trail version SEPM 14.2. However, I can see there is Linux install package in our licensed SEPM 14.0. why there is no Linux package in 14.2?
2. I managed to install SEP 14.0 Linux package to my Linux server and imported client-server communication file also. Now I am able to see the Linux client in SEPM 14.2. Since our SEPM server is an offline server due to security concern, My question is how to update this Linux client definition from SEPM14.2 by offline actiton? Will it be updated by importing latest jdb file to SEPM like windows? We got a lot of Linux servers so I don't think Intelligent Updater definitions is a good choice to us.
Thanks in advance if anyone can give any idea.
Regards,
Feng
0
↧
SEP 14.2 RU1(3335): service "SepMasterService" crashes randomly on Windows 10
I need a solution
Hello guys,
It happens sometimes, like one time per several days on latest Win 10 x64 1903 Enterprise
Event log says "The Symantec Endpoint Protection service terminated unexpectedly. It has done this 3 time(s).". Error: 7034
When I start service manually after that failure it works properly but it can't be recovered aromatically because there is no recovery option after third failure.
I was trying to add it but I have no access even during command prompt.
Please see screenshots.
I would like to fix that crashes and if it's possible add additional recovery restart service option to 3rd or later failures.
I also have SEP clients on Windows 8.1 and they have no problem, no one crash was noticed.
Any suggestion would be highly appreciated.
0
↧
↧
Alert [SID:31043] Audit:PUA.BaisvikPCOpt Activity detected
I need a solution
Hi
I have a laptop windows 7 with Symantec endpoint
When I open chrome I receive an alert message
[SID:31043] Audit:PUA.BaisvikPCOpt Activity detected
What is the cause and how to fix it ?
Thanks in advance for your help.
0
↧
Live update - content is 12GB
I need a solution
Hi,
Not sure if this is the right place to post this, but since I didn't find a forum related to "live update administrator" I am posting here.
To the point...
First thing to know, I am new to everything Symantec. so, I am doing a lot of guessing and probably using wrong terminology so apologies in advance.
I installed a fresh new "live update administrator" server and configured it. I chose to download only "SEP manager"\managed clients updates, since all our clients are managed and there is no need to download updates for unmanaged clients.
I decided to split the updates into two separate distribution centers, one strictly for content updates, the second strictly for client updates. after running for the first time a download schedule and distribute schedule (total of 4 schedule, download and distribute for content, the same for client), I immediately checked the distribution centers I configured, and here is where I am puzzled:
content distribution is 12 GB.
client distribution is 85m MB.
I am assuming content is virus definitions etc. why is it so big?
0
↧
How to remove symantec popups
I need a solution
Hello,
Please tell me how can I STOP the Symantec popups. I get those popups a hundred times a day and they need to stop popping up. Please see attached screenshot. Bottom right corner. Nothing i can even do with the pop ups anyway, I cannot click nor right-click them, nothing. They are just annoying and make me look every time, when I can't even take any action.
ALL I need to know are the steps to make them stop. PLEASE.
Thank you.
0
↧