Hi All,
We have whitelisted the some of our IPs in IPS policy so now it wont be preventing the traffic but should it log as security log if any attacks comes through?
Can we place some mechanism where we can get the alerts for security logs which is an attack detected by IDS?
Regards
Dev
Zydus Cadila Client want to export report All SEPM users right access list.
Example: - Administrator:- Full admin access
3000000:- View Right
I have a support contract. The website where you create cases won't accept anything I put in and no-one answers the phone. How do I get in touch with anyone? Sending an email just gets an automated response to go to the website (which doesn't work).
Hello Everyone,
Is there anyway to block list of HASH files in ADC policy using txt file. Its difficult to manually block one by one so please let me know if we can export the file to block all the hashes.
Hi Everybody,
Can someone help tell me the proper of external log format of SEPM 14.2? After upgrading from SEPM 14.0.1 to SEPM 14.2 the external log format insert 02 columns
| SHA-256: | MD-5: |
as the below:
| 【previous log format】 | |||||||
| Jul 3 23:36:59 [] SymantecServer: [] | Local: [] | Local: 3 | Local: 4439C452B258 | Remote: [] | Remote: [] | Remote: 3 | Remote: 0024C38D0247 |
| 【current log format】 | |||||||
| Jul 11 15:33:20 [] SymantecServer: [] | SHA-256: | MD-5: | Host Integrity check passed | Local: [] | Local: B88A60E4A804 | Remote: | Remote: 0.0.0.0 |
Is the order of two columns of log format proper? Thanks in advance.
Regards,
TRUNG
Hi,
Kindly provide me answers of following two questions:
1. What is exact meaning of Symantec license seats?
2. Symantec license are floating license?
I'm having trouble with our Linux SEP clients connecting to our SEPM server.
I performed a packet capture and see that the client is requesting http://<servername>:8014//secreg/secreg.dll?l=2 and the SEPM is responding with 400 Bad Request.
Has anyone seen this before?
My Symantec Endpoint protection v14.2 RU1 is probably blocking usage of Dokany. See https://github.com/dokan-dev/dokany/issues/698, the end of discussion (search for "symantec"). What should I disable in SEP to get Dokany working?
Hello,
Just received this error on the SEPM 14.2.1, any ideas?
| Event type: | An unexpected exception has occurred |
| Event description: | Unexpected server error. |
| Error message: | Unexpected server error. |
| Error code: | Unexpected server error. |
| Stack trace: | java.lang.NumberFormatException: For input string: "18446738429439147460" at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65) at java.lang.Long.parseLong(Long.java:592) at java.lang.Long.parseLong(Long.java:631) at com.sygate.scm.server.task.ApplicationCollector.insertLanDevice(ApplicationCollector.java:1199) at com.sygate.scm.server.task.ApplicationCollector.run(ApplicationCollector.java:326) at java.util.TimerThread.mainLoop(Timer.java:555) at java.util.TimerThread.run(Timer.java:505) com.sygate.scm.server.util.ServerException: Unexpected server error. at com.sygate.scm.server.util.ServerLogger.log(ServerLogger.java:507) at com.sygate.scm.server.util.ServerLogger.log(ServerLogger.java:472) at com.sygate.scm.server.util.ServerLogger.log(ServerLogger.java:468) at com.sygate.scm.server.util.ServerLogger.log(ServerLogger.java:464) at com.sygate.scm.server.task.ApplicationCollector.run(ApplicationCollector.java:340) at java.util.TimerThread.mainLoop(Timer.java:555) at java.util.TimerThread.run(Timer.java:505) Caused by: java.lang.NumberFormatException: For input string: "18446738429439147460" at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65) at java.lang.Long.parseLong(Long.java:592) at java.lang.Long.parseLong(Long.java:631) at com.sygate.scm.server.task.ApplicationCollector.insertLanDevice(ApplicationCollector.java:1199) at com.sygate.scm.server.task.ApplicationCollector.run(ApplicationCollector.java:326) ... 2 more |
Thanks in advance.
Hello,
We have the following issue. When we go to Monitors -> Logs -> Computer Status log and click on "View Log", we are getting the attached error.
Note that this only happens when trying to view the Computer Status log, no issues with other logs or reports or Home, Monitors and Reports tab, only one specific log.
The SEPM is version 14.2.4814.1101, the latest one, with SQL server 2014 SP2. This issue started 2 days ago, so far everything was working fine.
What we have done:
- Reconfigured the SEPM
- Restarted SEPM services
- SQL team says from their side they don't see any issues
But still we have a problem. Anyone having some ideas?
Thanks
Following a side by side Active Directory migration, on our SEPM we ended up with 2 domains. I will call them Olddomain and Newdomain. When i go to Admin-Domains, each domain has clients. I need to move clients from Olddomain to Newdomain so that i can delete Olddomain.
- When i delete Olddomain, it takes the clients with it
- I open Olddomain and try Move clients, but i cant see Newdomain for a target
What would be the best approach?
Hello, I need help with figure out my problem.
Every time when I try to communicate via rest api to SEPM, I have respone in html form with message: "The request resulted in an internal error."
Script in powershell:
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $True }
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$credentails = Get-Credential -UserName "UserName" -Message "Message"
$cred= @{
username = $credentails.UserName
password = $credentails.Password
domain = ""
}
#converts $cred array to json to send to the SEPM
$auth = $cred | ConvertTo-Json
$Authnet = Invoke-RestMethod -Uri https://SEP_ADD:SEP_PORT/console/apps/sepm/api/v1/... -Method Post -Body $auth -ContentType "application/json"
$access_token = $Authnet.Token
#format HTTP header
$header = @{Authorization='Bearer '+$access_token}
#Lists All groups
Invoke-RestMethod -Method Get -Uri https://SEP_ADD:SEP_PORT/console/apps/sepm/api/v1/... -Headers $header
---------------
Variable $access_token is empty because $Authnet have only error message. Certificate trusted. Somewhere I saw similiar problem, and the solution probably was changing something in administrator lockout account policies, but it is really possible that was solution?
Any ideas?
Hello everyone,
I'm just trying to upgrade Symantec_Endpoint_Protection_14.2_RU1(3335) to Symantec_Endpoint_Protection_14.2.1_MP1(4814) but it's so hard.
I've stopped all services that Admin account can stop including Symantec Endpoint Protection Manager service but stll can't upgrade because I have an error that SEPM has to be stopped.
Please see screenshot.
To be honest I'm very frustrated with such a problematic upgrade procedure.
Please help me.
Hello,
We have the following issue. When we go to Monitors -> Logs -> Computer Status log and click on "View Log", we are getting the attached error.
Note that this only happens when trying to view the Computer Status log, no issues with other logs or reports or Home, Monitors and Reports tab, only one specific log.
The SEPM is version 14.2.4814.1101, the latest one, with SQL server 2014 SP2. This issue started 2 days ago, so far everything was working fine.
What we have done:
- Reconfigured the SEPM
- Restarted SEPM services
- SQL team says from their side they don't see any issues
But still we have a problem. Anyone having some ideas?
Thanks
Following a side by side Active Directory migration, on our SEPM we ended up with 2 domains. I will call them Olddomain and Newdomain. When i go to Admin-Domains, each domain has clients. I need to move clients from Olddomain to Newdomain so that i can delete Olddomain.
- When i delete Olddomain, it takes the clients with it
- I open Olddomain and try Move clients, but i cant see Newdomain for a target
What would be the best approach?
how Can we stop/limit users from restoring quarantined items? How will we apply this? please provide me any recommendations.
Hi All,
Someone can explain to me all the status and their explanation of GUProxy?
I know that if read:
GUProxy: Current GUP status is 1 -- means that GUP is ready and working properly.
Thanks a lot,
Loris
Anyone have any Macs in their environment that get these blocks? Seems this is happening when the Mac is connected via wireless and then connects to a wired network, making the mac address table get dhcp for the same IP with different mac addresses.
Hello, Is there a way to check SEP client on Linux machine to see where it connects to recieve virus def? which LUA
how Can we stop/limit users from restoring quarantined items? How will we apply this? please provide me any recommendations.