Access API as Domain Admin

August 14, 2019, 2:02 am

≫ Next: Computer dont update from 01/08 - W7

≪ Previous: Computer dont update from 01/08 - W7

I need a solution

Hi All,

We have SEP 14.2 deployed infrastructure with 2 domains. I am an admin for one of the domain and have no access to the other.

I am trying to use API to automate some tasks. All I can do is to authenticate and get back a token and to list admin information for my domain.

Any other request finish with error 401.

Example : Invoke-RestMethod -Uri $URL -Headers $header -ContentType "application/json" with $URL pointing to groups or computers.

But the SEPM Admin who has access to anything can run the command with success, so it is related to my previlege as domain admin.

Domain admins can use SEPM API or is it restricted only to SEP Admins ?

I guess that I have to specify the domain in the header ? At this moment the header contain only the token (@{Authorization='Bearer '+$token}). I tried to add Domain or DomainId (from the authentication response) but without success.

Any help is welcome.

Best regards

↧

Computer dont update from 01/08 - W7

August 21, 2019, 7:03 am

≫ Next: How to Exclude DVD Devices Only for Third Party Virus Scanning?

≪ Previous: Access API as Domain Admin

I need a solution

Dear,

I have around of 50 computer wth W7 with update definition problem, the last update was the 01/08/2019 and i like to know if this issue is related to this issue - https://support.symantec.com/us/en/article.tech255857.html

The version of the sep client is 14.0.3752.1000

You can help me?

Miguel

↧

How to Exclude DVD Devices Only for Third Party Virus Scanning?

August 21, 2019, 2:30 am

≫ Next: Validattions after migrating SEPM to new server

≪ Previous: Computer dont update from 01/08 - W7

I need a solution

We have third-party virus scanning software for external devices such as USB disk, memory cards, etc and dvd . I was able to build a policies in Symantec Application and Devices Control that only the same media scanning software above will give read and write access.

The Problem I Can't or Don't Know How To Do This On DVD DC BD Devices Is there something that has experienced such a phenomenon or know how to solve it?

My Sysmantec endpoint protection manager ver 14.2.1 (14.2ru1).

server : Windows server 2012 r2 Datacenter

↧

Validattions after migrating SEPM to new server

August 21, 2019, 4:50 am

≫ Next: How come no one knows anything about Private Insight Server?

≪ Previous: How to Exclude DVD Devices Only for Third Party Virus Scanning?

I need a solution

Hello everyone,

We are migrating SEPM to a new physical server, I believe we need to keep the same hostname and IP address. So, I'd like to know what are SEPM services do I need to validate to confirm that the all proccess are ok?

Thanks!

↧

How come no one knows anything about Private Insight Server?

August 21, 2019, 8:02 am

≫ Next: SEP IPS Out-Of-Band scanning causing IPS errors

≪ Previous: Validattions after migrating SEPM to new server

I do not need a solution (just sharing information)

For over a year I've been trying to get a private insight server setup. Support doesn't understand it, Sales doesn't understand it, and no one at my company understands it. We have a subnet with no internet access, they get updates from a manager in their subnet that does. It doesn't make sense to me that these cannot get reputation based updates from the manager. This should have been a top priority to add to the product and it just has not been.

↧

SEP IPS Out-Of-Band scanning causing IPS errors

August 21, 2019, 11:51 am

≫ Next: UAC Disable or Enable - Windows endpoint

≪ Previous: How come no one knows anything about Private Insight Server?

I do not need a solution (just sharing information)

While enabling the new Out-Of-Band scanning option in the IPS Server performance Tuning section in IPS on WIndows 2016 servers, the SEP clients starts displaying multiple errors with Download insight, MEM, Network Intrusion Prevention malfunction. Sometimes after reboot's the SEP client would display as healthy but after a reboot these errors would appear again.

I found that disabling the Out-Of-Band scanning option in IPS corrects these issues. These are new SEPM builds on new servers, so I dont know why this is causing errors in the client.

↧

UAC Disable or Enable - Windows endpoint

August 21, 2019, 11:58 am

≫ Next: Symantec client quarantined files, but nothing in reports/ EDR Incident manager

≪ Previous: SEP IPS Out-Of-Band scanning causing IPS errors

I need a solution

Dear,

The UAC in Windows have to be disable in the endpoint client?

If this funtion is enable is possible failures in the update of signatures?

↧

Symantec client quarantined files, but nothing in reports/ EDR Incident manager

August 22, 2019, 12:45 am

≫ Next: Error 25010 During Installation of V14

≪ Previous: UAC Disable or Enable - Windows endpoint

I need a solution

When checking client for 1 user, found a lot of quarantined files. Problem though is that I do not find anything in the reports. Is there a report I can generate? EDR also did not report anything. Thanks to help

↧

Error 25010 During Installation of V14

August 22, 2019, 2:22 am

≫ Next: Download Protection Definitions - Out of Date

≪ Previous: Symantec client quarantined files, but nothing in reports/ EDR Incident manager

I need a solution

Gents,

I'm encountering an issue when trying to install SEP 14.2 RU1. Below is a screen shot of the error message and here is the actual text.

Error 25010, Could not locate "Microsoft Test Root Authority" certificate in "Trusted Root Certification Authorities" store. It is required for this build of Symantec Endpoint Protection. Please install it and retry Symantec Endpoint Protection installation.

↧

Download Protection Definitions - Out of Date

August 22, 2019, 6:47 am

≫ Next: SEP Manage Windows Firewall

≪ Previous: Error 25010 During Installation of V14

I need a solution

Dear,

For any reason some endpoint dont update for the manager and to fix this download the definitions of AV,IPS and SONAR from https://www.symantec.com/security_response/definitions.jsp?pid=sep14 all component update OK but the Download Protecction Definitions still out date.

Its possible to download this definitions?

My version is 14 RU1 in the manager and clients

↧

SEP Manage Windows Firewall

August 22, 2019, 8:09 am

≫ Next: How to replace self signed console certificates with 3rd party

≪ Previous: Download Protection Definitions - Out of Date

I do not need a solution (just sharing information)

So we're trying to make it so SEP will manage the Windows firewall in the Windows security center. More or less so we don't have two firewalls running on the machines of the organization . See attached; it gives the icon a red "X," and clicking to open SEP does nothing. As far as the SEP console looks, everything is fine. And while it's running okay, we just don't want to deploy it like this and have users think something is wrong.

This is my machine with SEP 14.2.1 and Windows 10 1903. Any fixes?

Capture_251.png

↧

How to replace self signed console certificates with 3rd party

August 22, 2019, 8:16 am

≫ Next: UAC issue with 14.2.4814.1101 on Win 10 PC

≪ Previous: SEP Manage Windows Firewall

I need a solution

Hi,

Looking for some help how i can replace the SEPM consoles selfsigned certificates with a 3rd party certificate.

I cant seem to find many guides which are easy to follow.

Thanks.

↧

UAC issue with 14.2.4814.1101 on Win 10 PC

August 22, 2019, 12:52 pm

≫ Next: Business class AV

≪ Previous: How to replace self signed console certificates with 3rd party

I need a solution

Hi all,

I have been slowly pushing out 14.2.4814.1101 to our machines. Most are Win 7 and a few are running Win 10. I have experienced no issues until yesterday. We have one PC running Win 10 Pro 1903 with the Hyper-V feature enabled. The PC is running one Win 2012 Server VM which is the SEP Management console. The host machine was running 14.2.4811.1100 with no issues. When .1101 was installed and the machine rebooted, I started receiving a red User Account Control warning:

“This app mas been blocked for your protection. An administrator has blocked you from running this app. For more information contact the administrator mmc.exe”

I have received the error when trying to open the Hyper-V mmc console and going into other areas that use mmc.exe such as device manager. I tried some of the suggested solutions I found on the web with no success. Fortunately, I use Veritas System Recovery and was able to restore the disk image before .1101 was installed. Here are the results of some testing I have done.

I uninstalled .1100 and have uninstalled .1100 using clean wipe. A fresh install of .1101 creates the UAC issue.
If I sign in with built-in Administrator account, the error disappears.
I created a new user with administrative rights and the UAC error continues.
When I uninstall .1101, the problem continues. I must restore an image back to .1100.
As a control test, after uninstalling .1100 I pushed out .1100 again and it installs with no UAC issues. The problem ONLY occurs when .1101 is installed clean or as an upgrade.
I removed the Hyper-V feature and installed .1101. UAC error continues.
I installed a “generic” unmanaged version of .1101 and the UAC error continues.
When I try to uninstall .1101 it fails and rolls back. Clean wipe occasionally fails too. The only trusted recovery is restoring the .1100 disk image.

Unfortunately, restoring an image takes approx. 40 minutes, so testing has been a slow, tedious procedure. I get one test per image restore. I will be creating a support case but wanted to throw this out for comments or suggestions. I certainly hope I will not have to refresh Windows and start over. I NEVER have had an issue with this machine until .1101 was installed. A couple of weeks ago the pc was upgraded from Win 10 1809 to 1903. Several other machines are running 1903 and .1101 has installed with no issues.

↧

Business class AV

August 22, 2019, 1:56 pm

≫ Next: SEP15 - integration with network ATP or EDR cloud console

≪ Previous: UAC issue with 14.2.4814.1101 on Win 10 PC

I need a solution

Hello

I am searching for a new security software for my home network (1x Android phone, 1x iPhone, 2x iPad, 1x Android tablet, 1x Windows 10 laptop and 1x Windows 10 PC)

My needs are like below;

Cloud management console

Detailed AV and Firewall configurations, like block apps, block ports, block apps on defined ports like blocking to access Chrome on 21 port

VPN will be good, but it should be hosted on vendor site, not some 3rd party hosts like hidemyass, hotspotshield, etc

So far I tested Symantec Endpoint Protection 15 with Symantec Endpoint Cloud Connect Defense. SEP 15 works good but SECCD is not working and Symantec refused to give support for trial accounts.

SEP15 - integration with network ATP or EDR cloud console

August 25, 2019, 7:25 pm

≫ Next: Auto Protect Staus and Firewall Status error.

≪ Previous: Business class AV

I do not need a solution (just sharing information)

is there any plans for network ATP integration under SEP15

also will the EDR cloud component ever talk to the SEP15 console and vice versa

while im at it will the coming release of SEP15 have the WSS WTR pac file enforcement capability

we were told the new sep15 wont have this and we should be talking to customers about them running CCD as a paid upgrade to sep15

↧

Auto Protect Staus and Firewall Status error.

August 26, 2019, 7:11 am

≫ Next: potential network overload.

≪ Previous: SEP15 - integration with network ATP or EDR cloud console

I need a solution

Auto-protect Status	Firewall status
Component is Malfunctioning	Not Installed

some of our centos server where we are getting Auto Protect Staus and Firewall Status error.

↧

potential network overload.

August 26, 2019, 7:15 am

≫ Next: Upgrading the GUPs necessary?

≪ Previous: Auto Protect Staus and Firewall Status error.

I need a solution

Below IP are consuming high bandwidth for downloading symantec updates.

25 requests for Virus and Spyware full definitions has been received in the past 10 minutes. This situation could indicate a potential network overload.

Virus and Spyware Full Definition Requests

Client IP	Product Version	Definition Name	Source Revision	Target Revision	Reason Code	Reason Description	Time	Server	File Size
	14.2.770.0000	SEPC Virus R Definitions SDS Win64 (x64) 14.2	190813008	190824002	5	Source revision sent by client did not exist on server	08/25/2019 09:52:03	SYMANTEC	59 MB
	14.2.770.0000	SEPC Virus R Definitions SDS Win64 (x64) 14.2	190810003	190824002	5	Source revision sent by client did not exist on server	08/25/2019 09:51:57	SYMANTEC	59 MB
	14.2.770.0000	SEPC Virus R Definitions SDS Win64 (x64) 14.2	190810003	190824002	5	Source revision sent by client did not exist on server	08/25/2019 09:51:36	SYMANTEC	59 MB
	14.2.770.0000	SEPC Virus R Definitions SDS Win64 (x64) 14.2	190813008	190824002	5	Source revision sent by client did not exist on server	08/25/2019 09:50:54	SYMANTEC	59 MB
	14.2.770.0000	SEPC Virus R Definitions SDS Win64 (x64) 14.2	190805019	190824002	5	Source revision sent by client did not exist on server	08/25/2019 09:50:47	SYMANTEC	59 MB
	14.2.770.0000	SEPC Virus R Definitions SDS Win64 (x64) 14.2	190813008	190824002	5	Source revision sent by client did not exist on server	08/25/2019 09:50:20	SYMANTEC	59 MB
	14.2.770.0000	SEPC Virus R Definitions SDS Win64 (x64) 14.2	190810003	190824002	5	Source revision sent by client did not exist on server	08/25/2019 09:50:15	SYMANTEC	59 MB
	14.2.770.0000	SEPC Virus R Definitions SDS Win32 14.2	0	190824002	4	Client did not send source sequence number	08/25/2019 09:50:02	SYMANTEC	59 MB
	14.2.770.0000	SEPC Virus R Definitions SDS Win64 (x64) 14.2	190805007	190824002	5	Source revision sent by client did not exist on server	08/25/2019 09:49:51	SYMANTEC	59 MB
	14.2.770.0000	SEPC Virus R Definitions SDS Win64 (x64) 14.2	190613019	190824002	5	Source revision sent by client did not exist on server	08/25/2019 09:48:56	SYMANTEC	59 MB
	14.2.770.0000	SEPC Virus R Definitions SDS Win64 (x64) 14.2	190813003	190824002	5	Source revision sent by client did not exist on server	08/25/2019 09:48:49	SYMANTEC	59 MB
	14.2.770.0000	SEPC Virus R Definitions SDS Win64 (x64) 14.2	190813008	190824002	5	Source revision sent by client did not exist on server	08/25/2019 09:47:42	SYMANTEC	59 MB
	14.2.770.0000	SEPC Virus R Definitions SDS Win64 (x64) 14.2	190806020	190824002	5	Source revision sent by client did not exist on server	08/25/2019 09:47:05	SYMANTEC	59 MB
	14.2.770.0000	SEPC Virus R Definitions SDS Win32 14.2	0	190824002	4	Client did not send source sequence number	08/25/2019 09:46:12	SYMANTEC	59 MB
	14.2.770.0000	SEPC Virus R Definitions SDS Win64 (x64) 14.2	0	190824002	4	Client did not send source sequence number	08/25/2019 09:45:58	SYMANTEC	59 MB
	14.2.770.0000	SEPC Virus R Definitions SDS Win64 (x64) 14.2	190813008	190824002	5	Source revision sent by client did not exist on server	08/25/2019 09:45:45	SYMANTEC	59 MB
	14.2.770.0000	SEPC Virus R Definitions SDS Win64 (x64) 14.2	190805019	190824002	5	Source revision sent by client did not exist on server	08/25/2019 09:45:20	SYMANTEC	59 MB
	14.2.770.0000	SEPC Virus R Definitions SDS Win64 (x64) 14.2	190813008	190824002	5	Source revision sent by client did not exist on server	08/25/2019 09:45:11	SYMANTEC	59 MB
	14.2.770.0000	SEPC Virus R Definitions SDS Win64 (x64) 14.2	190805007	190824002	5	Source revision sent by client did not exist on server	08/25/2019 09:44:43	SYMANTEC	59 MB
	14.2.770.0000	SEPC Virus R Definitions SDS Win64 (x64) 14.2	190613019	190824002	5	Source revision sent by client did not exist on server	08/25/2019 09:43:48	SYMANTEC	59 MB
	14.2.770.0000	SEPC Virus R Definitions SDS Win64 (x64) 14.2	190813003	190824002	5	Source revision sent by client did not exist on server	08/25/2019 09:43:40	SYMANTEC	59 MB
	14.2.770.0000	SEPC Virus R Definitions SDS Win64 (x64) 14.2	0	190824002	4	Client did not send source sequence number	08/25/2019 09:43:21	SYMANTEC	59 MB
	14.2.770.0000	SEPC Virus R Definitions SDS Win64 (x64) 14.2	190805007	190824002	5	Source revision sent by client did not exist on server	08/25/2019 09:42:54	SYMANTEC	59 MB
	14.2.770.0000	SEPC Virus R Definitions SDS Win64 (x64) 14.2	0	190824002	4	Client did not send source sequence number	08/25/2019 09:42:53	SYMANTEC	59 MB
	14.2.770.0000	SEPC Virus R Definitions SDS Win64 (x64) 14.2	190813008	190824002	5	Source revision sent by client did not exist on server	08/25/2019 09:42:25	SYMANTEC	59 MB

↧

Upgrading the GUPs necessary?

August 26, 2019, 11:39 am

≫ Next: Domain Replication NTP (Firewall)

≪ Previous: potential network overload.

I need a solution

Hello we are in the process of planning the upgrade to 14.2 and in one of the notes: https://support.symantec.com/us/en/article.howto80759.html

on step 6 it says to upgrade the GUPs before upgrading the client? is this absolutely necessary. What will happen if we don't? and Why is it nessary?

↧

Domain Replication NTP (Firewall)

August 27, 2019, 9:27 am

≫ Next: Windows Updates on Win7 & 2008 and SEP - latest word.

≪ Previous: Upgrading the GUPs necessary?

I need a solution

Good Morrning,

I've deployed NTP on our Domain Controller, whereby only the Microsoft defined Active Directory ports are allowed. This works great for our workstations, but I noticed our secondary Domain Controller is now failing replication. So as a result, I created a new rule to allow All traffic from all ports, inbound and outbound, to the Secondary Domain Controller IP Address. Through the SEPM I can see this rule is allowing some types of traffic between Primary and Secondary DC- yet replication still fails.

I know this is NTP related, because if I disable the firewall on the primary DC, then the secondary DC (which has no firewall) replication is a success.

So my question is, what other NTP feature would cause replication to fail despite explicitly having a rule to allow All between these two servers? I've attached a screenshot of the rule which applies to the Primary Domain Controller, whereby the IP of the secondary DC is added under "Hosts".

The rules below that one just go on to allow specific AD ports for all hosts, as well as some prohibitive rules which should not apply to the Secondary DC since this is the first rule in the sequence, above all else.

Any guidance would be appreciated, I've been struggling with this for days now.

↧

Windows Updates on Win7 & 2008 and SEP - latest word.

August 27, 2019, 9:43 am

≫ Next: SEPM 14.2 RU1 MP1 (14.2.4814.1101) with Client 12.1 RU6 MP10 (12.1.6.10)

≪ Previous: Domain Replication NTP (Firewall)

I do not need a solution (just sharing information)

Anyone else get an email from their Symantec TAM such as this?

Hello Everyone,

Symantec has completed its evaluation of the impact of this update and future updates to Windows 7/Windows 2008 R2 and has determined that there is no increased risk of a false positive detection for all in-field versions of Symantec Endpoint Protection.

Microsoft KB4512506/KB4512486 and future updates can be safely installed and we are expecting the soft block on these updates to be removed on August 27th, 2019.

Symantec will continue to maintain the safety of these updates via content, but in order to return the client’s ability to gather SHA-2 information on Microsoft signed files, we recommend that one of these upgrades be applied:

SEP 14.2 RU1 MP1 (14.2.4814.1101) has been certified and is available for download via MySymantec.

SEP 14.2 RU1 (14.2.3357.1000) has been certified and is available upon request through Symantec Technical Support.

SEP 14.2 MP1 (14.2.1057.0103) has been certified and is available upon request through Symantec Technical Support.

These can be applied as part of any upcoming routine operational activities associated with maintaining Symantec Endpoint Protection.

All this is documented in our Knowledge Base article.

https://support.symantec.com/us/en/article.tech255857.html

From the way I read this, we no longer have to push out SEP 14.2 RU1 MP1 (14.2.4814.1101) in a hurry so that our Win7 and Server 2008 machines can then be patched...unless I'm reading this wrong.

-Mike

↧