Hi All,
Someone can explain to me all the status and their explanation of GUProxy?
I know that if read:
GUProxy: Current GUP status is 1 -- means that GUP is ready and working properly.
Thanks a lot,
Loris
Hello,
Since the last issue with SHA2 certificates for Windows patching we are going for an upgrade to 14.2.4814.1101.
However we are facing issues with installation of SEP client 14.2.4814.1101 on Windows 7 persistent VDIs.
What has been tested until now:
- SCCM deployment for upgrade of an old 14x version that fails and leaves SEP services on disabled.
- Manual CleanWipe on one of the affected systems and manual installation of the client that fails with error from SIS_INST.log:
*DEBUG F SIS HttpQueryInfo: 0 Error: 0
*ERROR F SIS Unable to send install data - Error: 0x80004005 = Unbekannter Fehler
Is anyone facing this situation or has an update from Symantec regarding this ?
Hi - I'm trying to use powershell to query the SEPMs for information on computers protected by SEP in our environment. I can get the script to authenticate and retrieve information using the sample script but i'm now stuck at figuring out how to parse the results.
This is what i have so far:
--------------------------------------------
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $True }
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;
#match these paramters with the post requests for the api type listed https://SEPM_IP:8446/sepm/restapidocs.html
$cred= @{
username = "UserID"
password = "Password"
domain = ""
}
#converts $cred array to json to send to the SEPM
$auth = $cred | ConvertTo-Json
$authrequest = Invoke-RestMethod -Uri https://192.168.2.104:8446/sepm/api/v1/identity/au... -Method Post -Body $auth -ContentType 'application/json'
#access token from SEPM Authentication script
$access_token = $authrequest.token
#format HTTP header
$header =@{Authorization='Bearer '+$access_token}
$result = Invoke-RestMethod -Uri https://192.168.2.104:8446/sepm/api/v1/computers -Headers $header
--------------------------------------
The content of $result comes out looking like this...
{"content":[{"group":{"id":"A9C5F6A8C0A802681CDA41B0DD225D79","name":"My Company\\Default Group","f
ullPathName":null,"domain":{"id":"5595B9D6C0A8026862FF00463BD85216","name":"Default"},"externalRefe
renceId":null,"source":null},"ipAddresses":["192.168.2.111"],"macAddresses":["00-0C-29-7C-8C-55"],"
gateways":["192.168.2.1","0.0.0.0","0.0.0.0","0.0.0.0"],"subnetMasks":["255.255.255.0"],"dnsServers
":["192.168.2.100","0.0.0.0"],"winServers":["0.0.0.0","0.0.0.0"],"description":"","computerName":"D
LPEndpoint","logonUserName":"admin","domainOrWorkgroup":"test.ads","computerDescription":"","proces
sorType":"Intel64 Family 6 Model 62 Stepping 4","processorClock":2800,"physicalCpus":2,"logicalCpus
It appears to be a system object with no properties.... I'm having no luck parsing the data. Anybody have any insight on how to do this?
-Steve
I have question about "Download Protection Content Failures", We have many PC cannot doenload automatic, but we can froce update by manual.
We donr have an experinced, and need to know for step to verify the case, or solution to fix this problem.
Hello,
Since the last issue with SHA2 certificates for Windows patching we are going for an upgrade to 14.2.4814.1101.
However we are facing issues with installation of SEP client 14.2.4814.1101 on Windows 7 persistent VDIs.
What has been tested until now:
- SCCM deployment for upgrade of an old 14x version that fails and leaves SEP services on disabled.
- Manual CleanWipe on one of the affected systems and manual installation of the client that fails with error from SIS_INST.log:
*DEBUG F SIS HttpQueryInfo: 0 Error: 0
*ERROR F SIS Unable to send install data - Error: 0x80004005 = Unbekannter Fehler
Is anyone facing this situation or has an update from Symantec regarding this ?
Hello,
I uninstall Symantec Enpoint Protection on W2012. From I uninstall Symantec my System State backup with Backup Manager (Solardwins) failed.
I test uninstall Symantec from Program & Features, Cloud console or CleanWipe and backup failed anything.
If I install Symantec Enpoint, backups runs OK.
Solardwinds support says me that there are anything of SYmantec that remains when I uninstall it.
Backup of files runs correctly but System State backup fails. In event viewer shoes this :
ESENT ID 482
lsass (564) Al intentar escribir en el archivo "\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Windows\NTDS\ntds.dit", en la posición 0 (0x0000000000000000) 8192 (0x00002000) bytes se produjo el error de sistema 19 (0x00000013) después de 0.000 segundos: "El medio está protegido contra escritura. ". La operación de escritura se cerrará con el error -1032 (0xfffffbf8). Si el error persiste, es posible que el archivo esté dañado y sea necesario restaurarlo desde una copia de seguridad anterior.
ESENT ID 439
lsass (564) No se puede escribir una copia sombra del encabezado para el archivo \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Windows\NTDS\ntds.dit. Error -1032.
ESENT ID 454
lsass (564) Error inesperado al recuperar o restaurar la base de datos -1032.
VSS ID 8229
Un VSS Writer rechazó un evento con el error 0x800423f4, El escritor experimentó un error no transitorio. Si se intenta de nuevo el
proceso de copia de seguridad, es probable que se vuelva a producir el error.
. Los cambios realizados por el escritor en sus componentes mientras administraba el evento no estarán disponibles para el solicitante. Consulte en el registro de eventos los eventos relacionados de la aplicación que hospeda el VSS Writer.
Operación:
Evento PostSnapshot
Contexto:
Contexto de ejecución: Writer
Id. de clase del escritor: {b2014c9e-8711-4c5c-a5a9-3cf384484757}
Nombre del escritor: NTDS
Id. de instancia del escritor: {92d6fd6d-5961-49be-be24-582e205d9024}
Línea de comandos: C:\Windows\system32\lsass.exe
Can you help, please?
Regards,
Does SEP protect agains the new Emotet veriant?
Just raising awarness of a helpful new feature that can help admins find and fix their environment's vulnerabilities swiftly. Prioritizing and mitigating vulnerable software is important because many malware samples can only function by exploiting a vulnerability.
Some resources:
Introducing Symantec Endpoint Vulnerability Remediation
https://help.symantec.com/cs/SAEP/SAEP/v131106726_v123284638/Introducing-Symantec-Endpoint-Vulnerability-Remediation?locale=EN_USHow Symantec Endpoint Vulnerability Remediation works?
https://help.symantec.com/cs/SAEP/SAEP/v132122463_v123284638/How-Symantec-Endpoint-Vulnerability-Remediation-works?%3Flocale=EN_US&locale=EN_USGetting started with Symantec Endpoint Vulnerability Remediation
https://help.symantec.com/cs/SAEP/SAEP/v132283782_v123284638/Getting-started-with-Symantec-Endpoint-Vulnerability-Remediation?locale=EN_US
The product launch webinar for Symantec Endpoint Vulnerability Remediationis available to view on demand. https://www.symantec.com/connect/events/webinar-symantec-endpoint-vulnerability-remediation-product-launch
Does SEP protect agains the new Emotet veriant?
Hi, I cannot update Symantec. Here's the update log:
The following Symantec products and components are installed on your computer:
> AP Portal List
> Intrusion Prevention Signatures
> Symantec Endpoint Protection Client
> Common Network Transport Library and Configuration
> SEP Client Security Updates
> Endpoint Detection and Response
> AdvML (Static) Win64
> Application Control Data
> Symantec Whitelist
> SEPC Error Submission Control Data
> Centralized Reputation Settings
> Power Eraser Definitions
> Extended File Attributes and Signatures
> Submission Control Thresholds
> Virus and Spyware Definitions SDS Win64 (Reduced)
> Revocation Data
> WSS Traffic Redirection
> SONAR Definitions
Initializing...
Connecting to liveupdate.symantecliveupdate.com...
Connected to LiveUpdate server successfully.
Files to be downloaded: 17
Downloading catalog file (1 of 17) finished.
Downloading catalog file (2 of 17) finished.
Downloading catalog file (3 of 17) finished.
Downloading catalog file (4 of 17) finished.
Downloading catalog file (5 of 17) finished.
Downloading catalog file (6 of 17) finished.
Downloading catalog file (7 of 17) finished.
Downloading catalog file (8 of 17) finished.
Downloading catalog file (9 of 17) finished.
Downloading catalog file (10 of 17) finished.
Downloading catalog file (11 of 17) finished.
Downloading catalog file (12 of 17) finished.
Downloading catalog file (13 of 17) finished.
Downloading catalog file (14 of 17) finished.
Downloading catalog file (15 of 17) finished.
Downloading catalog file (16 of 17) finished.
Downloading catalog file (17 of 17) finished.
Session summary: 0 update(s) available, 0 update(s) installed.
LiveUpdate session is complete.
We've encountered an issue with SEP 14.2 RU1 MP1 (14.2.4814.1101) on Windows 10 1803 where Windows Defender Security Center shows "Status Unavailable" for both "Virus & Threat Protection" and "Firewall & Network Protection". If I open SEP, everything looks good, as expected, and opening the Windows Defender Firewall control panel applet shows the "These settings are being managed by vendor application Symantec Endpoint Protection", as expected.
I've tried to do some research on this before posting; TECH247987 doesn't appear to apply in this situation, as that's for an older version. TECH255344 says to check the SepWscSvc and SymELAM services; SepWscSvc is running without error, and SymELAM is enabled but stopped. If I manually start the SymELAM service, the status messages in WSC don't change.
What's weird is if I open WSC right after a reboot, it'll display an indeterminate progress bar (the animated "line of dots" thing) under both Virus & threat protection and Firewall & network protection for about a minute or two, then for about 15 seconds Firewall will go green and say "No action needed" and Virus will show "Threat service has stopped. Restart it now". After that, it reverts back to "Status unavailable".
It shouldn't matter that we have a password set for the SEP client, right? Anyone have any ideas?
Hello
Once new SEP version is installed, a reboot is requiered (expected behaviour)
It is done, server is online but after that is unable to login via Remote desktop connection.
someone else with the same problem?
thanks
Tried pulling the SEPM Group from (Reports-->Computer Status-->Client Count by Group) and went the Advanced Settings and gave all '*'. Unfortunately all the groups did not populated here. Do we have any other alternative way for the same?
Hi All,
We have whitelisted the some of our IPs in IPS policy so now it wont be preventing the traffic but should it log as security log if any attacks comes through?
Can we place some mechanism where we can get the alerts for security logs which is an attack detected by IDS?
Regards
Dev
Tried pulling the SEPM Group from (Reports-->Computer Status-->Client Count by Group) and went the Advanced Settings and gave all '*'. Unfortunately all the groups did not populated here. Do we have any other alternative way for the same?
Hello All,
We have been upgrading the SEP Clients which are reporting to the SEPM Console. Most of time the server list which we are getting from the platform team for the upgrade are reporting to different groups of the SEPM Console. So it's being very difficult for us to move the clients manually from different groups to a particular group for the SEP Upgrade. After the upgrade again we have to move it back to the original location.
If someone helping me with the script to move the clients from various group to one group that would be more helpful. I am looking for quick response.
I think I asked here before and v14.2 will work with Ubuntu, or should.
What about a headless Ubuntu server? Does SEP work with that at all?
Hi,
I was going through Upgrade paths to Endpoint Protection 15 https://support.symantec.com/us/en/article.tech253178.html
I have already enrolled my SEPM on the cloud, latest version 14.2.1_MP1. Found 'SEP 14.2 RU1 or higher clients that are associated with a cloud-enrolled, on-premises SEPM can be converted to SEP 15 cloud-managed, thereby removing the need for SEP client re-deployment.
How can i proceed? I cannot find the Symantec_Agent_Setup.exe installation file which can be downloaded from the cloud console nor Via SEPM client group command.
Please help. Should I activate the cloud-enrolled with a subscription key?
Hello Everyone,
Is there anyway to block list of HASH files in ADC policy using txt file. Its difficult to manually block one by one so please let me know if we can export the file to block all the hashes.
Hi,
I was going through Upgrade paths to Endpoint Protection 15 https://support.symantec.com/us/en/article.tech253178.html
I have already enrolled my SEPM on the cloud, latest version 14.2.1_MP1. Found 'SEP 14.2 RU1 or higher clients that are associated with a cloud-enrolled, on-premises SEPM can be converted to SEP 15 cloud-managed, thereby removing the need for SEP client re-deployment.
How can i proceed? I cannot find the Symantec_Agent_Setup.exe installation file which can be downloaded from the cloud console nor Via SEPM client group command.
Please help. Should I activate the cloud-enrolled with a subscription key?