I need a solution
Server team has deployed new servers running only the server core version of Windows. No more control panel so how would I run a repair on the SEP client if needed? Thanks.
0
↧
How to repair SEP client on server core?
↧
SEP 14.0 Remote Uninstall on Devices with Password
I need a solution
Hi All,
I'm an SCCM SME and have inherited a job to remove SEP from the estate. We have no SEP admins and i've not really used SEP before. I'm looking to uninstall SEP 14.0 from approximatly 3,000 endpoints via SCCM. We 3 different scenarios;
Users on Corporate LAN / WIFI
Remote Users connected via VPN
Remote users who rarely / if ever connect to VPN (they work mostly using O365 and local applications)
Using SCCM's cloud gateway, I can easily hit all these scenarios to issue any required commands / uninstalls (the only requirement for Cloud Gateway is that the device has an internet connection). So the use cases shouldn't be an issue, however I am running into the following issues;
SEP Environment - There appears to be two main SEP Servers, one server has 1200 clients listed. The other server is failing, the SEP Related services are unable to start. I can only assume this means that 1800 devices are currently unmanaged.
Password Protected Clients -(i have the password)
There appears to be no mechanism to parse a password into the unisntall string.
The documentation I've found mentions removing the password requirement to perform a standard uninstall
a. The new policy will not reach 1800 clients
b. The new policy will not reach clients who are not connected via VPN
CleanWipe
The other alternative mentioned is to use CLEANWIPE. This appears to be a manual process, i'm unable to find any silent command parameters. This is not suitable for a bulk uninstall.
RegKeys
I found mention of a certain regkey, that when deleted, removes the password requirement from the uninstall. This would be a suitable approach as it requires no interaction with the SEP central server. However, I'm not sure if this applies to SEP 14, as the regkeys mentioned, don't exist on 14.
Import Client Policy - I found allusions online to the ability to import a new client policy (IE: no password requirement) to a SEP client, however i haven't been able to find a command line for this, or if it applies to SEP 14 and above.
So i guess I'd like to know from your community, what is the best way to remove this product in a remote manner, under the above conditions. The ideal scenario would involve no interaction with the SEP central server.
Any tips or statemenmts that i've made that are incorrect.
Thank you in Advance.
0
↧
↧
Unable to verify the directory account(Account authentication failed)
I need a solution
Hi,
We have changed self-signed certificate to trusted certificate and all working fine but users are not able to login to SEPM console.
ERROR: Uable to verify the directory account. verify that the directory server and account name entered are correct. Enter usere principal name and try again.
We tried as suggested in ERROR but still users are unable to login to SEPM console.
Please help me to fix it.
Thanks in advance
0
↧
Java needed for Symantec Endpoint Protection client or SEPM?
I need a solution
Oracle says it's $300 per pair of server cores for Java on a server. That's steep.
Where is Java actually used in SEP client or SEPM? Is it only used on the SEPM webpage? Instead of logging into the server and SEPM manager, it's just that remote management webpage? We never use that, so it's not a concern at all. If we uninstall Java on the server with SEPM (or a client machine), will that impact Symantec in any way except not being able to use that remote management webpage?
0
↧
Remote management page httpS?
I need a solution
https not http? I rarely if ever use the remote management webpage option for SEPM. The last I remember I think I noticed it was http though, not htttps. Is that true? The webpage is only http?
0
↧
↧
SEPM 14 Client Logs
I need a solution
SEPM v14.2.770.0000
Since Upgrading to SEP 14 i have noticed that if a Client machine is reporting to the console, but offline temporarily, You are unable to read any of the logs.
For example, if a user uses his machine all day and shuts down at night, you are unable to read the logs off that machine for the day. Do you think it’s a configuration issue?
trying to generate the logs by clicking monitors tab in console, selecting any of the logs available such as application and device control, selecting view log and it shows up with nothing.
0
↧
Install Symantec on a server
I need a solution
Hello
May i install the SEP on a server even if i install the SEPM?
0
↧
SEPM endpoint status suddenly increasing and decreasing offline counts
I need a solution
Hi Team,
Our SEPM endpoint status suddenly increasing and decreasing offline counts and keeps changes every 10-20 minutes from last 4 hours, our SEPM is online and not restarting os or services.
0
↧
Report Generating Question
I need a solution
Hi all,
I'm fairly new to SEP and have mostly been using the console for access and generating report. I was wondering if there was a way to extract a report of empty sites/groups in SEPM either through the console or other means.
Any ideas or suggestions are appreciated, thanks!
0
↧
↧
Client Connected But Doesn't Show in SEPM
I need a solution
Greetings,
I have 4 Windows 7 Standard Embeded machines on my network. I have the Symantec 14.2.0.1030.0010 Client installed on them with just A/V function. According to the Troubleshooting window for the server connected it shows "Connected" on port 443.
In the SEPM Console I added the A/D container under clients which shows all 4 computers. Funny part is all 4 show offline.
So what do I believe? The client or the SEPM?
And how do I fix it?
0
↧
Unsolicited incoming ARP reply detected
I need a solution
So here goes.....
SEP 14.2, Windows installation, Within the firewall policy the checkbox for Enable anti-MAC spoofing is turned on. All is good to here.
We have 3 sites, A, B and C. All clients have the same clients on them, they have not been updated since Feb and the SEPM hasn't been touched either.
In the last month we have seen several machine get the usual popup in the botton right of the desktop with - "Unsolicited incoming ARP reply detected, this is a kind of MAC spoofing that may consequently do harm to your computer. Packet data is shown in the right window."
Now, we can see in the logs some activity, like one here and there across the 2 other site `A` and `B`, but for the site `C` we are seeing a lot more, like 60 a day.
We know the ARP requests are coming from two (2) wireless contollers but not every client is alerting, off the 200 clients, only 3 have alerted so far.
First Question:
Is there a limit which is hit for a client which triggers the popup message on the client?
So in trying to get to the bottom of the issue and reading every community MAC/ ARP spoofing thread I have not been able to get any closer.
If I look at the logs in SEP under, monitor> logs> Network and Host exploit mitigation> Attacks and choose a device i have a question on the way it presents the log of a device when viewed in DETAIL view.
Log from the SEPM on the client
-----------------------------------------------
Client Affected
Computer Name
Current: LaptopHostname
When event occurred: LaptopHostname
IP Address
Current: 10.2.xx4.136 **(this is the actual Laptop's IP)
When event occurred: 10.2.xx4.254 **(This is the wireless controller/AP)
Local MAC: 1C4D7072Dxxx **(this is the Laptops MAC address)
User Name: Username
Operating system: Windows 10 Enterprise Edition
Location Name: Default
Domain Name: exampledomain.com
Group Name: My Company\exampledomain\Client Devices\C **(site `C`)
Server Name: xxx-SEPM-01
Site Name: Site:xxx_SEPM
Risk Detected
Event Time: 18/07/2019 18:04:29
Begin Time: 18/07/2019 18:03:25
End Time: 18/07/2019 18:03:25
Number: 6
Event Description: Unsolicited incoming ARP reply detected, this is a kind of MAC spoofing that may consequently do harm to your computer. Packet data is shown in the right window.
Event Type: MAC Spoofing
Hack Type: 0
Severity: Minor and above
Application Name: N\A
Network Protocol: Other
Traffic Direction: Inbound
Remote IP: 10.2.xx4.136**(this is the Laptops IP address)
Remote MAC: B40C25E08010**(this is the wireless controller/AP MAC address)
Remote Host Name: N/A
Alert: 1
Local Port: 0
Remote Port: 0
So I am confused with why the SEPM log has picked up the wireless IP address as its IP address (also actual client IP address and MAC) under - When Event Occured (under IP address section)? This then inturn looks like it then analysing the remote IP (which is the laptops actual IP address) and the Remote MAC of the wireless device, so all confused and now alerting.
Question 2
Am i reading the above log correctly?
Any help would be appreciated.
Thanks
0
↧
Targeted Ransomware: Proliferating Menace Threatens Organizations
I do not need a solution (just sharing information)
Just raising awareness of this new (free!) blog post and white paper from Symantec Security Response:
Targeted Ransomware: Proliferating Menace Threatens Organizations
https://www.symantec.com/blogs/threat-intelligence/targeted-ransomware-threat
These attacks are launched every day. Take measures now to remain safe!
0
↧
Install Symantec on a server
I need a solution
Hello
May i install the SEP on a server even if i install the SEPM?
0
↧
↧
SEPM endpoint status suddenly increasing and decreasing offline counts
I need a solution
Hi Team,
Our SEPM endpoint status suddenly increasing and decreasing offline counts and keeps changes every 10-20 minutes from last 4 hours, our SEPM is online and not restarting os or services.
0
↧
Report Generating Question
I need a solution
Hi all,
I'm fairly new to SEP and have mostly been using the console for access and generating report. I was wondering if there was a way to extract a report of empty sites/groups in SEPM either through the console or other means.
Any ideas or suggestions are appreciated, thanks!
0
↧
SEP Status Unavailable in Windows Security Center
I need a solution
We have been having an issue since updating to 14.2 where Windows Security Center says that SEP is turned on, however antivirus and firewall status report as unavailable. This causes a Windows toast notification saying to turn on antivirus. Everything seems fine with SEP and it appears to only be a cosmetic issue, however it is causing a bit of confusion with our users.
We are currently on 14.2 3335, however we had this issue on the previous build (or two) as well. Our machines are currently on Windows 10 1809, however this problem also appears on a couple 1903 machines I have been testing with.
Anyone else have this issue?
0
↧
High resource utilization by ccsvchst.exe
I need a solution
Hi,
I have implemented SEPM 14.2 RU1 - 14.2.3335.1000 at one of my client place. They initially has laptops with SSD where the SEP was installed and working as expected. Recently on few laptops they made a combination of SSD + HDD post which there is a high resource spike even the system is idle.
Can anyone suggest me on what needs to be done to pin-point the issue and resolve it?
0
↧
↧
SEP Clients show Blank in the Version Column of SEP Report
I need a solution
I am managing the SEP setup (14.0.3929.1200) in a very large environment with more than 54000 endpoints. On extracting the computer status report from SEPM Console, I get more than 300 clients under Blank : Version Column. Upon manually checking, my team states that some of the PCs are actually updated and are reporting to the SEPM Server but the report comes as incorrect.
We tried to fix this issue by forcefully starting the services, restarting the PCs, deleting the clients from SEPM and then restarting the services but all such options were futile.
I need a solution because as Manager I have to rely on reports and further T-shooting is done on the same.
0
↧
SEP Clients are not reporting to SEPM Server and not appearing in the report
I need a solution
Dear All,
SEPM Version: 14.0.3929.1200
Many of SEP Clients are not reporting to our SEPM Console. Upon checking ~25 Pcs manually, we found that SEP Client is installed and updated to latest date and is connected to the Server (Green Light & Showing Connected in Troubleshooting Option). But when we search for the IPs in our SEPM Console, it shows that no clients found.
T-Shooting so far: No Solution:
1. tried to stop and re-start SMC.
2. re-updated sylink
3. re-installed av (sometimes this worked)
This creates a unwanted lag in the report.
Request support/fix on this issue.
Thanks !
0
↧
Logging information
I do not need a solution (just sharing information)
Hi Team,
Where Symantec agent is logging logs? any particular file or it will register in eventchannel?
We couldn't see any log file in C:\Program Files (x86)\Symantec\Symantec Endpoint Protection.
Regards,
Puneeth
0
↧