SSL handshake fails; Cloud console shows computers offline

July 25, 2019, 7:56 am

≫ Next: 14.2 RU1 won't install on 2008 SP2 x64

I need a solution

I'm using SEP Small Business Edition Cloud. I assume I'm running some version of 14, because I upgraded all of them in May and June, but I can't seem to find where the version number is reported (I do see Cloud Agent 3.00.31.2817 and Endpoint Protection NIS-22.15.2.22).

The cloud console shows 17 of 53 computers offline since July 16. They are running either Windows 10 1803/1809 or Windows 7, as are the other 36 computers on the network. When I run a network test from the local SEP client, the presence SSL handshake fails. Otherwise the clients continue to download the latest definitions, and all of the indicators are green. There are no events in the clients' history that indicate what might have caused the connection failure.

What should I do to get them back online?

Thank you!

Jeffrey Pike, Groton Public Library

↧

14.2 RU1 won't install on 2008 SP2 x64

July 25, 2019, 10:31 pm

≫ Next: SEPM 14 Database sizing tool

≪ Previous: SSL handshake fails; Cloud console shows computers offline

I need a solution

I'm trying to upgrade a client on a Windows Server 2008 SP2 x64 machine, but it will not install.

I see the following in the SEP_INST log

CommunicateLaunchConditions: NOT PackageIntegrityError=1
CommunicateLaunchConditions: VersionNT >= 601=0
CommunicateLaunchConditions: Symantec Endpoint Protection only be installed on Windows 7 / Server 2008 R2 and later.
CommunicateLaunchConditions: calling communicate state with the following arguments:
CommunicateLaunchConditions: Prodversion = 14.2.3332.1000
CommunicateLaunchConditions: PathToSylink = C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.1015.0100.105\SmcLU\Setup\
CommunicateLaunchConditions: Oldversion = 14.2.1015.0100
CommunicateLaunchConditions: ReasonStr = Symantec Endpoint Protection only be installed on Windows 7 / Server 2008 R2 and later.
CommunicateLaunchConditions: StatusCode = 302469127
CommunicateLaunchConditions: Initializing opstate communicator
CommunicateLaunchConditions: File path = C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.1015.0100.105\SmcLU\Setup\SyLink.xml
CommunicateLaunchConditions: Reg path =
CommunicateLaunchConditions: Invalid registry path for client identity
CommunicateLaunchConditions: Added OpState callback
CommunicateLaunchConditions: Added OpState provider.
CommunicateLaunchConditions: Initialized UserInfo Provider. Initialization done.
CommunicateLaunchConditions: Successfully created CVE object
CommunicateLaunchConditions: Failed to send the opstate: 0x80004005
MSI (s) (F0:88) [07:20:28:674]: Doing action: preLaunchCond
Action ended 7:20:28: CommunicateLaunchConditions. Return value 1.
MSI (s) (F0:7C) [07:20:28:690]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI47E5.tmp, Entrypoint: preLaunchCond
Action start 7:20:28: preLaunchCond.
MSI (s) (F0!D4) [07:20:29:767]: Note: 1: 2731 2: 0
IDCCA: preLaunchCond - Launch condition `7Symantec Endpoint Protection only be installed on Windows 7 / Server 2008 R2 and later.` with condition `VersionNT >= 601` failed

But in the release notes I see the following:

Windows Server 2008 (32-bit,64-bit;RTM, R2, SP1, and SP2)

Anybody seen this happen before and maybe has a solution?

↧

SEPM 14 Database sizing tool

July 26, 2019, 7:23 am

≫ Next: Automating Comm update to workstations

≪ Previous: 14.2 RU1 won't install on 2008 SP2 x64

I need a solution

Dear all,

I need SEPM 14 Database sizing tool. Does Anyone can help me?

I can see the Database sizing tool for SEPM12. But I think it was changed.

Thank you

↧

Automating Comm update to workstations

July 26, 2019, 8:20 am

≫ Next: Application Control Rules

≪ Previous: SEPM 14 Database sizing tool

I need a solution

Due to a new cert being applied to our SEPM (14.2 build 3332) communications between our workstation clients and the SEPM stopped working. We have found limited success by exporting the communication settings from the workstation group in the SEPM and then manually updating the clients but it is not feasible to update all of the workstations this way. Is there a way to mass deploy this update/is there a regkey or anything we can script to update? Thanks

↧

Application Control Rules

July 26, 2019, 9:31 am

≫ Next: Disabling Outlook Protection

≪ Previous: Automating Comm update to workstations

I need a solution

I'm attempting to create a whitelist-only style of Application Control, where all apps are blocked accept those designated otherwise. But upon creating the rule for "Do not apply..." and adding directories like C:\Windows\* and C:\Program Files (x86)\* it seems Symantec still blocks executables within subfolders. For example, despite C:\Windows\* being whitelisted, Symantec blocks "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe'.

My question is, how can I whitelist all files and subfolders?

Thanks!

1564159472

↧

Disabling Outlook Protection

July 26, 2019, 10:12 am

≫ Next: How To Reclaim License

≪ Previous: Application Control Rules

I need a solution

Is there a way to disable Outlook Protection component in SEP 14.2 clients via regkey change or other mass deploy method (not using the built in SEPM deployment process). Thanks.

↧

How To Reclaim License

July 26, 2019, 11:20 am

≫ Next: Application Control Rules

≪ Previous: Disabling Outlook Protection

I need a solution

Hello,

If I'm going to rebuild a PC, should I just uninstall SEP and the license/download will re-populate in the "My Products" page?

Thanks

↧

Application Control Rules

July 26, 2019, 12:31 pm

≫ Next: In Accurate License Count in Reports

≪ Previous: How To Reclaim License

I need a solution

My question is, how can I whitelist all files and subfolders?

Thanks!

↧

In Accurate License Count in Reports

July 29, 2019, 5:39 am

≫ Next: Unable to verify the directory account(Account authentication failed)

≪ Previous: Application Control Rules

I need a solution

We currently have 25 000 SEP licenses allocated to us, with almost 25775 active clients reporting back to the SEPM server. They are receiving their definition updates and communicating with the SEPM servers where they report to, no issues.

The problem that I see is on the reporting side, where the license count says that we only used 5708 of the 25 000 licenses, which is not the case. Why would SEPM report that only 5708 are in use and not that we are exceeding our license count by 775 licenses?

Any suggestions on where I can start looking for possible solutions to this inaccurate reporting issue?

↧

Unable to verify the directory account(Account authentication failed)

July 23, 2019, 9:51 am

≫ Next: In Accurate License Count in Reports

≪ Previous: In Accurate License Count in Reports

I need a solution

Hi,

We have changed self-signed certificate to trusted certificate and all working fine but users are not able to login to SEPM console.

ERROR: Uable to verify the directory account. verify that the directory server and account name entered are correct. Enter usere principal name and try again.

We tried as suggested in ERROR but still users are unable to login to SEPM console.

Please help me to fix it.

Thanks in advance

↧

In Accurate License Count in Reports

July 29, 2019, 5:39 am

≫ Next: Adding SONAR feature via SEPM auto upgrade requires reboot?

≪ Previous: Unable to verify the directory account(Account authentication failed)

I need a solution

Any suggestions on where I can start looking for possible solutions to this inaccurate reporting issue?

↧

Adding SONAR feature via SEPM auto upgrade requires reboot?

July 29, 2019, 4:05 am

≫ Next: Application Control Variables

≪ Previous: In Accurate License Count in Reports

I need a solution

We are planning to install SONAR on 750 servers which has SEP installed with virus and spyware protection and advance download protection component. We have tried auto upgrade option via SEPM using the same version client which requires a reboot, is there an option to install this feature without reboot?

The version we are running is 12.1.7004.6500 and we have added auto upgrade packge in client tab with same version package for virus & spyware advanced protection and sonar component in client install feature set.

↧

Application Control Variables

July 29, 2019, 9:34 am

≫ Next: What happens if I add more than 1000 DeviceID ? (currently have 1300)

≪ Previous: Adding SONAR feature via SEPM auto upgrade requires reboot?

I need a solution

Good Morning,

I'm attempting to create an Application Control exception for a directory within AppData\Local, however the rules do not seem to function with the variables I'm using. For example:

If I whitelist %LOCALAPPDATA%\Microsoft\OneDrive\*\
I still see blocking take place for files within that directory.

I was thinking of trying C:\Users\%username%\AppData\Local\Microsoft\OneDrive\*\
however in the cases where a roaming profile has an issue, resulting in the cmd "whoami" to return "user" but the appdata location is actually "user.DOMAIN", this rule would not function.

Any suggestions? I tried reading through documentation on App Control rules with Environment Variables, but cannot find anything that specific.
Much appreicated!!! Have a great week.

↧

What happens if I add more than 1000 DeviceID ? (currently have 1300)

July 29, 2019, 9:51 am

≫ Next: Application Learning:Site Properties for Local Site : Keep track of every application a client runs

≪ Previous: Application Control Variables

I need a solution

I currently haveDeviceID added to Hardware Devices about 1300

I have read the TECH145973 and know that the limitations of adding DeviceID in the Hardware Devices and excluded devices that Symantec recommends are not more than 1000

Ref https://support.symantec.com/us/en/article.tech145...

↧

Application Learning:Site Properties for Local Site : Keep track of every application a client runs

July 29, 2019, 10:27 am

≫ Next: 169.254.x.x network address

≪ Previous: What happens if I add more than 1000 DeviceID ? (currently have 1300)

I need a solution

I’ve read https://support.symantec.com/us/en/article.tech134367.html

The articles states:

The SEPM processes this data and inserts parts of it into two different database tables: COMPUTER_APPLICATION and SEM_APPLICATION. The SEM_APPLICATION table is essentially a list of all learned applications (file hash, executable file name, file path, file size, version etc). The COMPUTER_APPLICATION table contains data on the “who”, ”what”, and “when” of Learned Applications. Essentially it is a list of when what machines encountered what applications.

QUESTIONS:

Where/what is the path in the SEPM Manager folder to find the COMPUTER_APPLICATION and SEM_APPLICATIONS database tables?

Are these applications being blocked/dropped by the firewall or, are

they auto-magically added to the firewall rules?

How do people use/what do they do with the info in the COMPUTER_APPLICATION and SEM_APPLICATIONS database tables?

↧

169.254.x.x network address

July 29, 2019, 11:19 am

≫ Next: Clients not Receiving Virus Definitions (but communicating to SEPM)

≪ Previous: Application Learning:Site Properties for Local Site : Keep track of every application a client runs

I need a solution

Hi everyone,

Is anyone else getting clients reporting a 169.254.x.x address that are using Windows v1903?

If I double click on a client, I can see their correct IP address under the network tab. We are running Symantec 14.2.1 (14.2 RU1) On-Premise.

Thanks,

↧

Clients not Receiving Virus Definitions (but communicating to SEPM)

July 29, 2019, 1:13 pm

≫ Next: Change Live Update Server

≪ Previous: 169.254.x.x network address

I need a solution

I have 60 clients in various groups/subnets that are NOT getting virus updates. They have a green dot. Are communicating to SEPM. Can be scanned/interacted with. The LiveUpdate policy is configured how it should be. SEPM has the latest definitions. But they simply refuse to update their definitions. I am losing my mind over this, as nothing I've done has made any difference. "Update content" on these clients goes through, no errors. But definitions stay old. Can you please assist.

↧

Change Live Update Server

July 29, 2019, 3:46 pm

≫ Next: Is there a SEP 15 client?

≪ Previous: Clients not Receiving Virus Definitions (but communicating to SEPM)

I need a solution

So we have two domains in our company, and our update server is on our primary one. Live Update is failing on clients in our secondary one, however, because the log files show it's still pointing to our old SEP server. How can I go into the configuration to modify it to point to our main one in our other domain? And how do I go about disabling the tamper so I can do so?

↧

Is there a SEP 15 client?

July 29, 2019, 4:10 pm

≫ Next: Why machine updating from Symantec Live Update server

≪ Previous: Change Live Update Server

I need a solution

I am utterly confused. Is there or is there not a SEP 15 client, or is it just to say that SEP 15 is a cloud version of SEPM but all the clients are 14.2?

Seems to me this is a bit of a branding snafu, or maybe not though. You don't want all the enterprises out there, running 14.2 with on-prem SEPM, freaking out thinking they are a version behind the latest security features and such. Is that more or less what this situation is?

I only have one SEP 15 console to look at right now but can only see 14.2 clients as options - I install a new clients to a machine, and it's only 14.2. Just want to be sure I'm not missing some kind of "activate 15 online!" type thing.

Thanks!

↧

Why machine updating from Symantec Live Update server

July 29, 2019, 6:27 pm

≫ Next: SEPM 14 How do you set "Maximum number of rows in report table" permanently?

≪ Previous: Is there a SEP 15 client?

I need a solution

Once SEP client installed on any machine, its trying to connect to liveupdate.symantec.com to download the content updates though we configured Group Update Provider's. Is it normal? if not, why its connecting?

One other question is that is there a way to track the size of the content update files being downloaded?

↧