I am having an issue with our SEPM where I go to Security Status>Perferences>Logs and Reports>Maximum number of rows and increase the default number "200" to a different value. The value remains while I am logged in but reverts to "200" after I log out, the setting is not permenatly applying to the SEPM and I am unsure of how to get it to permenantly change.
Any advice would be greatly appreciated.
Hi All,
How can get qurantine logs from a client, tried all the logs in the client but unsuccessful
or is there a way to get it from the SEPM
thanks in advance
I'm trying to upgrade SEP agent on endpoints though SEPM by adding the install packages option on a group (with mix of win 32 and 64 bit OS), there we have an option to add multiple packages. So my question is on what basis the packages will be pulled out if we add more than one Package.
Example :
Adding SEP version 14.2.1031.0100 for WIN64BIT with some X client feature set
Adding SEP version 14.2.1031.0100 for WIN32BIT with some Y client feature set
Adding SEP version 12.x for WIN64 or 32BIT with some X client feature set
Hi Team,
Where Symantec agent is logging logs? any particular file or it will register in eventchannel?
We couldn't see any log file in C:\Program Files (x86)\Symantec\Symantec Endpoint Protection.
Regards,
Puneeth
I'm using SEP Small Business Edition Cloud. I assume I'm running some version of 14, because I upgraded all of them in May and June, but I can't seem to find where the version number is reported (I do see Cloud Agent 3.00.31.2817 and Endpoint Protection NIS-22.15.2.22).
The cloud console shows 17 of 53 computers offline since July 16. They are running either Windows 10 1803/1809 or Windows 7, as are the other 36 computers on the network. When I run a network test from the local SEP client, the presence SSL handshake fails. Otherwise the clients continue to download the latest definitions, and all of the indicators are green. There are no events in the clients' history that indicate what might have caused the connection failure.
What should I do to get them back online?
Thank you!
Jeffrey Pike, Groton Public Library
i'm using C# restclient to get client information for some specific hostnames. passing json query
[{"computerName":"hostn1"},{"computerName":"hostn2"}]. i getting first page response with 20 client details which is reporting to the SEPM.
How could i get only the response for the hostnames which i passed in. Some one suggest to get this achieved.
Passing this as QuerystringParameters. Getting response but with the whole results ,even i can't loopin through pages. which i can successfully achived for grouplisting.
any help please...
Hi All,
How can get qurantine logs from a client, tried all the logs in the client but unsuccessful
or is there a way to get it from the SEPM
thanks in advance
I'm trying to upgrade SEP agent on endpoints though SEPM by adding the install packages option on a group (with mix of win 32 and 64 bit OS), there we have an option to add multiple packages. So my question is on what basis the packages will be pulled out if we add more than one Package.
Example :
Adding SEP version 14.2.1031.0100 for WIN64BIT with some X client feature set
Adding SEP version 14.2.1031.0100 for WIN32BIT with some Y client feature set
Adding SEP version 12.x for WIN64 or 32BIT with some X client feature set
Hello guys,
I'm just installing new sepm, the version is 14.2.777xx (forgot the exact version). I'm trying to liveupdate from Sepm and the liveupdate got failed (screenshoot attached below). I already try uninstall and install the liveupdate manytime but still got the same error. I try to live update using liveupdate express and it also got failed to with code LU1835 (screenshoot attached below). I'm not using any proxy and already try to cleanup the liveupdate folder. Could someone help me please ?
Hi,
Can anyone please help us to create script for downloading latest Virus definitions.
from HTTPS (https://definitions.symantec.com/defs/download)
(*) End of Life for FTP will be December 21st, 2019.
Planning to schedule it and run once in a day.
Thanks in Advance
Due to a new cert being applied to our SEPM (14.2 build 3332) communications between our workstation clients and the SEPM stopped working. We have found limited success by exporting the communication settings from the workstation group in the SEPM and then manually updating the clients but it is not feasible to update all of the workstations this way. Is there a way to mass deploy this update/is there a regkey or anything we can script to update? Thanks
Hi,
Can anyone please help us to create script for downloading latest Virus definitions.
from HTTPS (https://definitions.symantec.com/defs/download)
(*) End of Life for FTP will be December 21st, 2019.
Planning to schedule it and run once in a day.
Thanks in Advance
Hi we are using End Point Protection Version 14 but its not working fine
Its blocking my internet traffic and upload speed as well like when i send a message on skype its keep lading deliver after one or two minutes.
All internet working fine google aws and few other sites keep on loading
i have Craeted windows exception policy and adeed these websites url and applied to my group as well but no luck
Any one have solution when i see in user computer logs it shows that ICMP traffic is being blocked by End Point protection
Thank You
Good day, we are new and the previous admin provide us unusable user/pwd for the local Symantec endpoint protection manager (SEPM) server.. Is there a way/backdoor for us to get back the access? We will be finding for a new vendor to renew our SEP but we cannot install more users to our SEPM.
SEPM is synced to our AD. We have hundreds of groups and OUs. Over the years and many SEPM admins, groups have had their "Inherit policies and settings from parent group..." messed with. Nothing's been documented.
I'd like to generate a list of groups that have policy inheritance turned off so I can review them without having to manually click on each and every one in SEPM.
Anybody know a way to do that? An SQL query on the database perhaps? (I can spell SQL and that's about it.)
Thanks.
Currently running Symantec Endpoint Protection and SEPM version 14.2 RU1 (14.2.3332.1000)
Advisory: https://support.symantec.com/us/en/security-advisory.html
This advisory was published yesterday - Remediation says to upgrade to 14.2 RU1
Upon further investigation I found there was a build released May 21, 2019 - (14.2.3335.1000) - I cannot find anything that tells me that build 3335 should be installed to mitigate this vulnerability.
Please advise - Thanks
Problem: Live Update on both SEPMs started giving the error, “Symantec Endpoint Protection Manager could not update Symantec Endpoint Protection Manager Content Catalog 14.2,” nearly 2.5 days ago. The logs have:
08/01 09:16:40 [1fac:1820] NONE SesmLu SesmLuObjects DownloadedContent attribute read error: ClientMoniker, 6, Msg: Invalid pointer, hr: 80004003
08/01 09:16:33 [2960:280c] WARNING SesmLu SesmLuObjects WARNING: DownloadedContent {22F6E1E7-C0A8-5601-231C-63C505180278} not found in content catalog, reading LUDCA.xml further
08/01 09:16:33 [2960:280c] NONE SesmLu SesmLuObjects DownloadedContent attribute read error: ClientMoniker, 6, Msg: Invalid pointer, hr: 80004003
08/01 09:16:33 [2960:280c] WARNING SesmLu SesmLuObjects WARNING: DownloadedContent {D3376E34-0A4B-0378-40BB-F90B3C7D94A4} not found in content catalog, reading LUDCA.xml further
08/01 09:16:33 [2960:280c] NONE SesmLu SesmLuObjects DownloadedContent attribute read error: ClientMoniker, 15, Msg: Invalid pointer, hr: 80004003
08/01 09:16:33 [2960:280c] WARNING SesmLu SesmLuObjects WARNING: DownloadedContent {E384F559-0A4B-0378-2A47-D5D9C12B8E18} not found in content catalog, reading LUDCA.xml further
08/01 09:16:33 [2960:280c] NONE SesmLu SesmLuObjects DownloadedContent attribute read error: ClientMoniker, 19, Msg: Invalid pointer, hr: 80004003
08/01 09:16:33 [2960:280c] WARNING SesmLu SesmLuObjects WARNING: DownloadedContent {C2A2A1DB-4AAF-498E-900A-3D7135B53966} not found in content catalog, reading LUDCA.xml further
Environment: Two Windows Server 2016 with 14.2.1015.0100 (waiting for 14.2 RU1 MP1 to upgrade), embedded database, and replication between them.
Support’s Proposed Solution: Break replication, run a repair on SEPM, and then run Live Update to see if error is gone
Since both SEPMs started to have the problem at the same time, I highly suspect there a problem with Symantec’s Lice Update servers and not my local SEPMs (no changes on them for months). Does this proposed solution from support make sense for this problem or do you have a better idea?
I have something still on my mac for the enterprise version of SEP... I cannot remove it using the menu nor can I find anythink that looks like SEP on my mac.
However, I also cannot install my Norton AV because of these remnants.
Anyone have ideas for me to search and destroy?
Thanks much.
Hi,
From last 3-4 days, few of our client computers IE proxy server settings are getting removed and getting grayed out randomly and the number of systems so affected are increasing. Please assist us.
Regards,
Anishk
Hello,
I checked few articles on this topic but still have some questions. We are going to integrate Content Analysis with the SEPM. Here are my questions:
1. Is it mandatory the SEPM to be enrolled to the cloud or it can stay on-premises?
2. Do we have to configure the settings on both sides, CAS and SEPM or only on the CAS side is enough?
2.1. Here it shows what has to be set on CAS side -
2.2. Here it shows for the SEPM side (and says that SEPM must be enrolled to the cloud, otherwise this option is not available in Admin -> Servers -> Edit Site Properties)
https://support.symantec.com/us/en/article.howto128224.html
https://www.symantec.com/connect/forums/how-integrate-sepm-cas
I would appreciate any help from someone who already used CAS with SEPM
Thanks