Hi all,
We want to analyse the cases where Virus has been detected from Symantec Server but not quarantined for Audit purpose. There are 2 requirements for this:
1: Logs for Virus detected but not quarantined needs to be taken so that they can be used to integrate in SIEM tool.
2: E-mail alerts can be obtained for this particular case where Virus has been detected but has not been quarantined.
Regards,
Anishk
This might be a basic question but I'm not really a security expert. SEP has flagged powershell.exe on a user's computer so they sent me the ticket (I'm desktop support) and I'm not sure if I should worry or what the appropriate action should be. I tried searching on google but didn't find an answer. I copied the notes I have below. Thanks.
Risk name: SONAR.AM.PS!g1
File path: c:\windows\system32\windowspowershell\v1.0\powershell.exe
Event time: Aug 13, 2019 11:04:49 AM
Database insert time: Aug 16, 2019 3:38:42 PM
Source: Heuristic Scan
Description:
User: SYSTEM
Computer: Computername
IP Address: xxx.xxx.xx.xxx
Domain: Default
Server: Server
Client Group: My Company\AWclients
Action taken on risk: Access denied
Hi Team,
Can we implement something for SEP to not block traffic from a detected “offender” and instead just logging this?
Is it something we need to do on central server?
Regards
Dev
Hello,
I just updated LUA to the latest version. However this LUA has no internet connection and recives virus def from external LUA that has internet access. How do I update the catolog on LUA without internet so I can download and distribut viris def?
Hi Team,
Can we implement something for SEP to not block traffic from a detected “offender” and instead just logging this?
Is it something we need to do on central server?
Regards
Dev
I can not update SEP client which Installed on Linux Machine.
Should i use an Internal live update server but the number of machines less than the recommended to use it ?
or how to update sep agent on Linux machines through SEP Manager Directely ??!?!
Current Versioon : 14.X can not get the release number rightnow
Thanks
Hi all,
I have an SEP 14.2 Infra deployed and need to automate some tasks (move computers from group to another, add/apply exception or other policy, etc.) with Powershell.
To use the API, I have to authenticate, this is good, but is it a way to use a secured password and not plain text ?
The only way I found and that work is by using a json file (or a hash table converted to json) with password in plain text. Get-Credential or Read-Host -AsSecureString don't work and always generate errors. Even demo scripts from Symantec are with plain text password.
Any help please ?
Karim Kanoun
I can not update SEP client which Installed on Linux Machine.
Should i use an Internal live update server but the number of machines less than the recommended to use it ?
or how to update sep agent on Linux machines through SEP Manager Directely ??!?!
Current Versioon : 14.X can not get the release number rightnow
Thanks
Hi All,
As per above, do we can only select 1 trial at time?
Apparently my access to SEP Protection Cloud is fine but I can't see SEP 15 option at https://us.securitycloud.symantec.com
Anything need to be done at Backend?
Thanks
/connect/sites/default/files/users/user-4256461/180px_SEP%20cloud%20dashboard.JPG
After upgrading from SEP 14.2 to Symantec_Endpoint_Protection_14.2.1_MP1, which went through successfully, i was to then do some config through the Management Server Configuration wizard.
Step 1.
Authentication type: Database Server Authentication
Database server: <Database_server_name\instance_name>
SQL server port: 1443
SQL Server client folder: e:\folder_name
Step 2
Database Name: SEPMDB
Database user name: sepmuser
Database Password: <Password>
I click next and i am presented with an error
"Connection to the named instance of SQL Server is available on database server port 51220. This port is not matched to the port that is currently configured for database connectionss. Check the Symantec Endpoint Protection Manager database port settings and be sure that it matches the actual database server port".
I tried google and nothing really makes sense on this error. Shouldnt an upgrade assume that this info was already there prior to the upgrade?
As a result, i am unable to use the SEPM. Any work around?
Hi All,
As per above, do we can only select 1 trial at time?
Apparently my access to SEP Protection Cloud is fine but I can't see SEP 15 option at https://us.securitycloud.symantec.com
Anything need to be done at Backend?
Thanks
/connect/sites/default/files/users/user-4256461/180px_SEP%20cloud%20dashboard.JPG
Hello All,
Im changed launguage of our SEPM (installed a new one) and need you assistance to see what is the best way to link the existing SEP clients to the new server
bellow the information for both SEPMs
SEPM 1 = Old Manager (Still working)
SEPM 2 = New mamnager
So the client need to bee linked to SEPM 2
Thank you for your support
Hi
I have configured system lockdown In Whitelist mode with checksum.exe and its working fine.
Now I want to allow a few applications manually which needs to be installed.I have added them manually in Exceptions but not working.
How can i achieve this configuration?
How can I deploy to multiple machines SEP client only update patches ? Can these be imported into SEPM and added to autoupgrade ?
For example the one listed here :
https://support.symantec.com/us/en/article.info5360.html
Hi,
we are trying to prevent users from stopping sep services & start them if stopped.
i see an option in HI policy to restart the service if it is stopped. However, when smc is stopped HI is not going to work & this functionality is pretty much pointless. correct me if am wrong & if it works.
I also see Mick's comment in below article to use MEM SEHOP to prevent service stopping. can someone help how this can be done?
https://www.symantec.com/connect/forums/script-start-sep-service?1565754867759
thanks in advance for suggestions.
How can I deploy to multiple machines SEP client only update patches ? Can these be imported into SEPM and added to autoupgrade ?
For example the one listed here :
https://support.symantec.com/us/en/article.info5360.html
Hey Everyone,
Management of AV Product has always been like an overhead for the AV Admins,
I've been working on getting this task a bit reduced, by trying to incorporate different methods, alternatives of getting these day to day tasks done.
One of the Major over head taks where there is a lot of redundency is Extracting reports. Hence thought of making a way out for the AV Admins to get a Unified location to collect the customized report instead of loggin in to individual SEPM servers to get the report.
Looking at the requirement it seemed that using REST API should pretty much resolve the issue.
However as we have a multi server Enviroment where Servers represent different Geographical locaitons as well. There is no sync within the servers and that the reporting still needs to be done individually for each of the server location.
I was hoping if there is a way to get this done the other wise, Please help if you are aware of such a way.
Regards,
EK
Dear,
I have around of 50 computer wth W7 with update definition problem, the last update was the 01/08/2019 and i like to know if this issue is related to this issue - https://support.symantec.com/us/en/article.tech255857.html
The version of the sep client is 14.0.3752.1000
You can help me?
Miguel
Hi All,
We have SEP 14.2 deployed infrastructure with 2 domains. I am an admin for one of the domain and have no access to the other.
I am trying to use API to automate some tasks. All I can do is to authenticate and get back a token and to list admin information for my domain.
Any other request finish with error 401.
Example : Invoke-RestMethod -Uri $URL -Headers $header -ContentType "application/json" with $URL pointing to groups or computers.
But the SEPM Admin who has access to anything can run the command with success, so it is related to my previlege as domain admin.
Domain admins can use SEPM API or is it restricted only to SEP Admins ?
I guess that I have to specify the domain in the header ? At this moment the header contain only the token (@{Authorization='Bearer '+$token}). I tried to add Domain or DomainId (from the authentication response) but without success.
Any help is welcome.
Best regards
Dear,
I have around of 50 computer wth W7 with update definition problem, the last update was the 01/08/2019 and i like to know if this issue is related to this issue - https://support.symantec.com/us/en/article.tech255857.html
The version of the sep client is 14.0.3752.1000
You can help me?
Miguel