I do not need a solution (just sharing information)
Hi,
I am looking for a API for SEP to scan a file in c# application before uploading.
0
↧
API to use in Asp.Net application to scan file before uploading
↧
Rest API internal error from request
I need a solution
Hello, I need help with figure out my problem.
Every time when I try to communicate via rest api to SEPM, I have respone in html form with message: "The request resulted in an internal error."
Script in powershell:
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $True }
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$credentails = Get-Credential -UserName "UserName" -Message "Message"
$cred= @{
username = $credentails.UserName
password = $credentails.Password
domain = ""
}
#converts $cred array to json to send to the SEPM
$auth = $cred | ConvertTo-Json
$Authnet = Invoke-RestMethod -Uri https://SEP_ADD:SEP_PORT/console/apps/sepm/api/v1/... -Method Post -Body $auth -ContentType "application/json"
$access_token = $Authnet.Token
#format HTTP header
$header = @{Authorization='Bearer '+$access_token}
#Lists All groups
Invoke-RestMethod -Method Get -Uri https://SEP_ADD:SEP_PORT/console/apps/sepm/api/v1/... -Headers $header
---------------
Variable $access_token is empty because $Authnet have only error message. Certificate trusted. Somewhere I saw similiar problem, and the solution probably was changing something in administrator lockout account policies, but it is really possible that was solution?
Any ideas?
0
↧
↧
SEPM 14.2 upgrade confusion
I need a solution
Hello everyone,
I'm just trying to upgrade Symantec_Endpoint_Protection_14.2_RU1(3335) to Symantec_Endpoint_Protection_14.2.1_MP1(4814) but it's so hard.
I've stopped all services that Admin account can stop including Symantec Endpoint Protection Manager service but stll can't upgrade because I have an error that SEPM has to be stopped.
Please see screenshot.
To be honest I'm very frustrated with such a problematic upgrade procedure.
Please help me.
0
↧
Linux connecting to LUA
I need a solution
Hello, Is there a way to check SEP client on Linux machine to see where it connects to recieve virus def? which LUA
0
↧
Business class AV
I need a solution
Hello
I am searching for a new security software for my home network (1x Android phone, 1x iPhone, 2x iPad, 1x Android tablet, 1x Windows 10 laptop and 1x Windows 10 PC)
My needs are like below;
Cloud management console
Detailed AV and Firewall configurations, like block apps, block ports, block apps on defined ports like blocking to access Chrome on 21 port
VPN will be good, but it should be hosted on vendor site, not some 3rd party hosts like hidemyass, hotspotshield, etc
So far I tested Symantec Endpoint Protection 15 with Symantec Endpoint Cloud Connect Defense. SEP 15 works good but SECCD is not working and Symantec refused to give support for trial accounts.
More questions.
Is there a engine difference between SEPC and SEP 15?
How can I connect my mobile devices to VPN when using SEP Mobile? When I try to connect manually on my iPhone I get only VPN server is not responding error.
How can I enforce devices to compliance when using SEP Mobile?
How can I enroll my mobile devices with SEPC automatically?
Is encryption different from Bitlocker?
After installing SEP 15 client into Windows, it is not getting enrolled like SEPC client. I have to wait around half an hour, if it doesn't enroll until that time I have to reinstall client. Is there a fix for that?
Best regards
0
5812111
↧
↧
Arp Cache Poison being blocked on Mac
I need a solution
Anyone have any Macs in their environment that get these blocks? Seems this is happening when the Mac is connected via wireless and then connects to a wired network, making the mac address table get dhcp for the same IP with different mac addresses.
0
↧
Linux connecting to LUA
I need a solution
Hello, Is there a way to check SEP client on Linux machine to see where it connects to recieve virus def? which LUA
0
↧
NOT able to find correct setup file, new installation of software.
I need a solution
Everyone: I have a new Apple MacBook Pro laptop computer. I selected the free trial version of Endpoint Protection software. I downloaded one file but was not able to install it because it was a Microsoft Windows version, which does NOT run on my Mac. How can you tell which is the correct version of Endpoint Protection to install on the MacBook Pro laptop comouter? This is NOT marked at the website!!!
0
↧
Penetration test discovers SEP client can be turned off by tampering registry in SafeMode
I do not need a solution (just sharing information)
Hi All,
Would be really hepful if someone could help out in this issue, Thanks in advance!
We have externals who performed penetration test in our estate and foud out that SEP can be disabled by modifying symantec registries in safe mode by following below steps, though I have Tamper & password protection enabled (for stopping /uninstallation).
1. Boot the Windows in Safe mode.
2. Press Win+R to open run command dialog box.
3. Type regedit and hit enter.
4. Goto Computer\HKEY_Local_Machine\SYSTEM\ControlSet001\Services\SepMasterService
5. Change the value of “Start key” from 2 to 3
6. Restart the windows.
I tired the same steps in my machine and was able to turn off symantec.
Hence, I believe tamper protection does not work in windows safe mode (not sure if this is flaw in the product or a expected behaviour). So, pls suggest if there is anyting that i can do from Symantec policies that will make Tamper protection ON Even In SAFE MODE? or any other way that can fix it, Thanks.
0
↧
↧
Powershell with RestAPI to obtain CSV output of computer details
I need a solution
Hi - I'm trying to use powershell to query the SEPMs for information on computers protected by SEP in our environment. I can get the script to authenticate and retrieve information using the sample script but i'm now stuck at figuring out how to parse the results.
This is what i have so far:
--------------------------------------------
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $True }
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;
#match these paramters with the post requests for the api type listed https://SEPM_IP:8446/sepm/restapidocs.html
$cred= @{
username = "UserID"
password = "Password"
domain = ""
}
#converts $cred array to json to send to the SEPM
$auth = $cred | ConvertTo-Json
$authrequest = Invoke-RestMethod -Uri https://192.168.2.104:8446/sepm/api/v1/identity/au... -Method Post -Body $auth -ContentType 'application/json'
#access token from SEPM Authentication script
$access_token = $authrequest.token
#format HTTP header
$header =@{Authorization='Bearer '+$access_token}
$result = Invoke-RestMethod -Uri https://192.168.2.104:8446/sepm/api/v1/computers -Headers $header
--------------------------------------
The content of $result comes out looking like this...
{"content":[{"group":{"id":"A9C5F6A8C0A802681CDA41B0DD225D79","name":"My Company\\Default Group","f
ullPathName":null,"domain":{"id":"5595B9D6C0A8026862FF00463BD85216","name":"Default"},"externalRefe
renceId":null,"source":null},"ipAddresses":["192.168.2.111"],"macAddresses":["00-0C-29-7C-8C-55"],"
gateways":["192.168.2.1","0.0.0.0","0.0.0.0","0.0.0.0"],"subnetMasks":["255.255.255.0"],"dnsServers
":["192.168.2.100","0.0.0.0"],"winServers":["0.0.0.0","0.0.0.0"],"description":"","computerName":"D
LPEndpoint","logonUserName":"admin","domainOrWorkgroup":"test.ads","computerDescription":"","proces
sorType":"Intel64 Family 6 Model 62 Stepping 4","processorClock":2800,"physicalCpus":2,"logicalCpus
It appears to be a system object with no properties.... I'm having no luck parsing the data. Anybody have any insight on how to do this?
-Steve
0
↧
New fully integrated add-on to SEP 15: Symantec Endpoint Vulnerability Remediation (VR)
I do not need a solution (just sharing information)
Just raising awarness of a helpful new feature that can help admins find and fix their environment's vulnerabilities swiftly. Prioritizing and mitigating vulnerable software is important because many malware samples can only function by exploiting a vulnerability.
Some resources:
Introducing Symantec Endpoint Vulnerability Remediation
https://help.symantec.com/cs/SAEP/SAEP/v131106726_v123284638/Introducing-Symantec-Endpoint-Vulnerability-Remediation?locale=EN_USHow Symantec Endpoint Vulnerability Remediation works?
https://help.symantec.com/cs/SAEP/SAEP/v132122463_v123284638/How-Symantec-Endpoint-Vulnerability-Remediation-works?%3Flocale=EN_US&locale=EN_USGetting started with Symantec Endpoint Vulnerability Remediation
https://help.symantec.com/cs/SAEP/SAEP/v132283782_v123284638/Getting-started-with-Symantec-Endpoint-Vulnerability-Remediation?locale=EN_US
The product launch webinar for Symantec Endpoint Vulnerability Remediationis available to view on demand. https://www.symantec.com/connect/events/webinar-symantec-endpoint-vulnerability-remediation-product-launch
0
↧
How to Disable Administrator Account of Symantec Endpoint Protection Manager
I do not need a solution (just sharing information)
Dear Support,
We have multiple admin users in Symantec Ednpoint Protection Manager as administrator but tow of them is left their position and shift to another unit which are not interacted with Symantec anymore. therefore we want to disable their account not to delete but there is not such option to disable administrator account in Symantec Manager. hence we are rqeusting you to add this feature to disable the admin accounts from Symantec Manager. even though we have contacted your technical support to check this feature if it's possible to disable the account from backend but they also checked and counldn't fine any option to do then suggested us to submit an enhancment reqeust to Symantec to add in next or coming release. that's why we are writing here for your attention to do the needful by ASAP.
Best Regards,
Habibullah Salimy
Afghanistan International Bank.
0
↧
Host Integrity Policy not downloading PS Script, Version 14.0.3876
I need a solution
Hi All,
The topic for discussion is about Host Integrity Policy, Version 14.0.3876.
Yes, this is the version my organization is currently running with, as we had the necessity to scan any External storage media connected to the host.
As SEP do not have the feature, we leveraged HI policy and we used our in-house Powershell script, which worked fine to scan every one minute and log even outside SEP on Windows 10 PCs.
However we have a challenge with Windows7 PC’s, as the Policy could not successfully download the script however, it creates a “DING” noise everyone minute. And we tried taking assistance from MS / Symantec, which went in vain.
Please share your suggestions, if anyone would have come across this try !!!
We need to fix this on Windows 7 PC’s only, as it works perfectly fine on Win10.
On windows 7, we tried setting powershell execution policy to different mode as “restricted”, “unrestricted”, “bypass”. But the result was same as earlier, the script works fine when it was tried locally, ran.
0
↧
↧
SEP is blocking LB traffic
I need a solution
Hi Folks,
We have a situation where we have source IP as a loadbalancer for VMs and when SEP is in place it detects the source LB IP as an attacker.
The LB can add the X-Forwarded-For header, but SEP will happily ignore it.
How to enable X-Forwarded-For header so it wont ignore the origin IP?
Regards
Dev
0
↧
How to export events by REST API in Endpoint Protection 14
I need a solution
Hi guys,
Do you know how to export events by REST API in Endpoint Protection Manager 14 ?
I checked the REST API document for SEPM14. It looks like I can only find this one:
GET /api/v1/events/critical,
Is this only used to export critical events? Or do we have other REST API to export general evets.
0
↧
SEP is blocking LB traffic
I need a solution
Hi Folks,
We have a situation where we have source IP as a loadbalancer for VMs and when SEP is in place it detects the source LB IP as an attacker.
The LB can add the X-Forwarded-For header, but SEP will happily ignore it.
How to enable X-Forwarded-For header so it wont ignore the origin IP?
Regards
Dev
0
↧
SEP IDS
I need a solution
Hi All,
We have whitelisted the some of our IPs in IPS policy so now it wont be preventing the traffic but should it log as security log if any attacks comes through?
Can we place some mechanism where we can get the alerts for security logs which is an attack detected by IDS?
Regards
Dev
0
↧
↧
Client want to export report All SEPM users right access list
I do not need a solution (just sharing information)
Zydus Cadila Client want to export report All SEPM users right access list.
Example: - Administrator:- Full admin access
3000000:- View Right
0
↧
How to block Windows scripts host (WSH)
I need a solution
Hello evryone, Can anyone please tell me how can I block Windows scripts host (WSH) with application control? Appreciate if you can please share the steps. Thanks
0
↧
Directory Server authentication fails on 14.2 MP1 Build 1031
I need a solution
Hello All,
We have been having issues with Authentication and per Symantec that is known issue so we followed the below document available on Symantec Support as well as have raised CASE with Symantec Support.
https://support.symantec.com/us/en/article.tech251819.html
But still, we are having the same issue, some of my team members can able to log in while others are not on the same SEPM console, can anyone help me to get this issue resolved.
Have added complete FQDN on LDAP server also tried adding specific DC server also did changes in registry mentioned in doc but still same issue on all SEPM servers we have.
SEPM Version: 14.2 MP1 Build 1031
OS: Windows Server 2012 R2 Standard.
Also, there is no positive response from Support have CASE raised for more than 2 weeks now, hoping to get help from the community.
Thanks & Regards,
Pratik Pashte
0
↧