Virus And Risk Detection everday for few of my client and later it is pointing to my shared drive.
Any solution?
| Filename: C:\Windows\CSC\v2.0.6\namespace\server01\Shareddrive01\ | ||
| Hash Type / File Hash: SHA-256 881C47FA638E064319BF2B2BC56663CE3D40B4416C7DDE8B1B19204EFB81ABCD |
Hi,
I work with SEP 14, and today for no apparent reason I’ve started to get the following IPS detection:
[SID: 30239] Audit: Unimplemented Trans2 Subcommand attack detected but not blocked. Application path: SYSTEM
The clients are in different Windows versions, such as: 7, 8 and 10. I can see that they are trying to reach a specific host on the network but nothing has changed in the last days.
Could this be a case of just a bad set of Defs? And why the attack is being detected and not blocked?
Thank you!
Hi All
Need your help here. I used to have bitorrent in my machine before installing Symantec Endpoint Protection. After the installtion, i started getting this pop up - Audit: P2P BitTorrent Traffic detected continously. Literally every second it's popping up.
I have removed all bittorrent contents in my machine but unable to stop the popping notification.
Any idea how i could stop the notification completely. I have feeling bittorrent still trying to access my machine but how i will be able to remove this completely. The pop up message is really annoying.
Appreciate your help.
regards
devenImage may be NSFW.
Clik here to view.
Hello all
How can I block opening any page related to Teamviwer using Symantec firewall?
*.teamviewer.com from any app (IE, Edge, Chrome, etc)
I have already tried creating a special rule but it is not working
Thanks
My Symantec Endpoint protection v14.2 RU1 is probably blocking usage of Dokany. See https://github.com/dokan-dev/dokany/issues/698, the end of discussion (search for "symantec"). What should I disable in SEP to get Dokany working?
Hello all
How can I block opening any page related to Teamviwer using Symantec firewall?
*.teamviewer.com from any app (IE, Edge, Chrome, etc)
I have already tried creating a special rule but it is not working
Thanks
Hello,
we have an environment with around 600 Domains in our SEPM. At the moment we do the update package asignment manual within each domain to each group who has clients.
Is there a way to assign the "latest" client packackes 32/64 bit to the group with the SEPM api? I'm not able to find somenthing in the documentation.
Thanks!
Kind Regards
Andreas
Hi
I have several sites with of this problem. After upgrade to 14.2 RU1 MP1 clients unable to update Virus and Spyware Definitions from managment server. The client can update with live update.
Client system logs show this:
An update for Virus and Spyware Definitions SDS Win32 failed to install. Error: Content patching failure (0xE0010005), DuResult: Success (0). (repeate many times)
and also some logs like this:
New content update failed to download from the management server. Remote file path: https://SEPM-Server:443/content/{1A79EE79-891B-4CB6-9A00-8D07FC6BF1FF}/190914002/Full.zip
New content update failed to download from the management server. Remote file path: https://SEPM-Server:443/content/TempCache/{1A79EE79-891B-4CB6-9A00-8D07FC6BF1FF}/190904007/xdelta190904007_To_190910020.dax
New content update failed to download from the management server. Remote file path: https://SEPM-Server:443/content/{EDBD3BD0-8395-4d4d-BAC9-19DD32EF4758}/190910002/xdelta190910002_To_190911002.dax
New content update failed to download from the management server. Remote file path: https://SEPM-Server:443/content/{810D5A61-809F-49c2-BD75-177F0647D2BA}/190910052/xdelta190910052_To_190910056.dax
Does anyone else face this problem? How can I solve it?
Dear all,
The client disappeared in this column,
anyone have this issue before???
should Ii restore the certificate first?
Hello,
Im preparing the migration to the latest version off SEPM. Im upgrading from 14.2.760.0000 --> 14.2.4814.1101 with the database running on SQL 12.00.5000.
After the update im getting error: The procedure entry point JVM_CopySwapMemory could not be located in the dynamic link library jvm.dll.
Any ideas?
LEVD
Following a side by side Active Directory migration, on our SEPM we ended up with 2 domains. I will call them Olddomain and Newdomain. When i go to Admin-Domains, each domain has clients. I need to move clients from Olddomain to Newdomain so that i can delete Olddomain.
- When i delete Olddomain, it takes the clients with it
- I open Olddomain and try Move clients, but i cant see Newdomain for a target
What would be the best approach?
Good evening,
I have been trying to figure this one out all day. We are a small company with a dozen or so computers regularly hitting the main server with all of our data on it via mapped network drives. This has been working pretty much fine as long as I can remember being here (5 years almost) and we have an old version of Symantec Endpoint on the server, 12.1.4xxx.
Today I rebooted the server after personally being effected by trying to open a large excel sheet (database work is my main task) and it would just hang and eventually ive me an error about the application was waiting and fail. Other users were seeing just slow movement around the network, folders taking 5-30 seconds to open.
I found that if I turned off Endpoint entirely the problem goes away company wide. I personally tried opening my excel sheet on one monitor and on the other I turned off Endpoint on the server and my file stopped hanging and immediately opened. I tried again but this time only turned off the Network Threat Protection portion of Endpoint. Then finally tried again by only re-enabling Network Instrustion Protection and Browser Intrustion Prevention (leaving only the Firewall disbaled) and it continues to work just fine, the minute I turn the firewall back on, it dies again.
Anybody seen this before? I do not use Endpoint much, I inherited this when I Took the job as database manager, I was able to get into the primitive web console to try a few things out but nothing worked. I figured it might be a logging thing, like the logs are full type of deal? But could not figure out how to clear them, the only reason I Thought that is because of the fact that I don't change anything much on the server , especially with Endpoint, the only thing constantly changing is logs.
Any advice would be appreciative. I do not know what would cause this all of a sudden, it's quite strange that's for sure.
I did notice under Network Threat Protection there is "Definitions" that updated Sept 13, 2019 (friday) and says r61 after it, is there a way to roll whatever that is back and test?
Thanks for any help
Hello,
Im preparing the migration to the latest version off SEPM. Im upgrading from 14.2.760.0000 --> 14.2.4814.1101 with the database running on SQL 12.00.5000.
After the update im getting error: The procedure entry point JVM_CopySwapMemory could not be located in the dynamic link library jvm.dll.
Any ideas?
LEVD
We need to validate if the below details are a legitimate file or not. This was detected by Cynet. If anyone does know we would appreciate your help on what does the below details do
Details are as follows:
Thank you! |
I have question about "Download Protection Content Failures", We have many PC cannot doenload automatic, but we can froce update by manual.
We donr have an experinced, and need to know for step to verify the case, or solution to fix this problem.
We need to validate if the below details are a legitimate file or not. This was detected by Cynet. If anyone does know we would appreciate your help on what does the below details do
Details are as follows:
Thank you! |
My customer have 3 problem
1. Enpoint cannot connect to Symantec console if they're not join domain.
2. How to know which device installed Symantec EP it has licensed or not
3. Which open ports Firewall for connect to Symantec Console - Joined Domain and Not join Domain
Thanks for your support
Hi Guys,
When I trying to install SEP client using pushing from SEPM with appremover for existing 3rd party antiviruses, the jave is uninstalled also which causes issues since the users are using oracle application on thier PCs, any one facing the same issue? is there any solution?
Hello,
I uninstall Symantec Enpoint Protection on W2012. From I uninstall Symantec my System State backup with Backup Manager (Solardwins) failed.
I test uninstall Symantec from Program & Features, Cloud console or CleanWipe and backup failed anything.
If I install Symantec Enpoint, backups runs OK.
Solardwinds support says me that there are anything of SYmantec that remains when I uninstall it.
Backup of files runs correctly but System State backup fails. In event viewer shoes this :
ESENT ID 482
lsass (564) Al intentar escribir en el archivo "\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Windows\NTDS\ntds.dit", en la posición 0 (0x0000000000000000) 8192 (0x00002000) bytes se produjo el error de sistema 19 (0x00000013) después de 0.000 segundos: "El medio está protegido contra escritura. ". La operación de escritura se cerrará con el error -1032 (0xfffffbf8). Si el error persiste, es posible que el archivo esté dañado y sea necesario restaurarlo desde una copia de seguridad anterior.
ESENT ID 439
lsass (564) No se puede escribir una copia sombra del encabezado para el archivo \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Windows\NTDS\ntds.dit. Error -1032.
ESENT ID 454
lsass (564) Error inesperado al recuperar o restaurar la base de datos -1032.
VSS ID 8229
Un VSS Writer rechazó un evento con el error 0x800423f4, El escritor experimentó un error no transitorio. Si se intenta de nuevo el
proceso de copia de seguridad, es probable que se vuelva a producir el error.
. Los cambios realizados por el escritor en sus componentes mientras administraba el evento no estarán disponibles para el solicitante. Consulte en el registro de eventos los eventos relacionados de la aplicación que hospeda el VSS Writer.
Operación:
Evento PostSnapshot
Contexto:
Contexto de ejecución: Writer
Id. de clase del escritor: {b2014c9e-8711-4c5c-a5a9-3cf384484757}
Nombre del escritor: NTDS
Id. de instancia del escritor: {92d6fd6d-5961-49be-be24-582e205d9024}
Línea de comandos: C:\Windows\system32\lsass.exe
Can you help, please?
Regards,
Hi Guys,
When I trying to install SEP client using pushing from SEPM with appremover for existing 3rd party antiviruses, the jave is uninstalled also which causes issues since the users are using oracle application on thier PCs, any one facing the same issue? is there any solution?