Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all 10484 articles
Browse latest View live

SEP Cloud - license nightmare

September 24, 2019, 7:46 am
$
0
0
I do not need a solution (just sharing information)

We added an additional 5 device licenses to a customer who had 54 device licenses. 

The new license pop up out of groups (Group: none). Groups are where we have all devices gathered, and attach appropriate policies. So what you say we should do, is have like 10 computers from Finance in one group, and 8 computers from Sales split in two groups, to fully use two licenses.

IT MAKES NO SENSE!

Another thing: When I look at a device, I cannot see who uses that device. 
How do I find DESKTOP-2REBS2A without naming computers with the users name, or having a 3rd tool to match user and computer? The old on-prem Endpoint Protection could do this!

0
Search

False positive - chromium 79.0.3930.0

October 1, 2019, 11:52 pm
$
0
0
I need a solution

Hello,

It seems that there is a false positive for chromium > 78.

Our defs are current 9/30/19 r18.

Can anyone confirm this false positive?  Timeline for rapid release fix?

Thanks,

Antoine

Zip : https://storage.googleapis.com/chromium-browser-snapshots/Win_x64/701533/chrome-win.zip

Binarie : chrome.exe

Symantec Endpoint Protection Notification :

Scan type: Auto-Protect Scan
Event: Security Risk Found!
Security risk detected: WS.Reputation.1
File: xxxxx\chrome-win\chrome.exe
Location: Deleted or access blocked
Computer: xxxx
User: xxxx
Action taken: Leave Alone succeeded
Date found: mercredi 2 octobre 2019  08:33:27

0

SEP clients report offline in SEPM but actually is connected to SEPM

October 2, 2019, 1:47 am
$
0
0
I do not need a solution (just sharing information)

We are facing issue that client entries are showing as offline in SEPM & the under "properties" most of the fields are blank.

But, when checked locally on those machines, SEP clients show as Up-to-date & connected under "Server connection status " with very recent time stamp. Out of 650 odd windows VM's we have, around 15 VMs we are facing this issue.

The client & SEPM version = 14.2.1031.0100

Logged a support case and they as well suggested its due to clonning. But these were not built via clone process.
Hence, as suggested by support team we had deleted the offline entries and ran rebuild DB indexing.
This showed up no progress.

Hence, please some one have an idea of this issue please help, Thanks

0

Chrome browser not working when firewall turned on

October 2, 2019, 8:23 am
$
0
0
I need a solution

Network and host settings, options, go to change settings, untick firewall and chrome works, but ticking it, can't use chrome.

Colleague also has same issue with Chrome and with FTP client, although our settings look the same.

Any ideas?

0

SEPM Reporting Customization

September 24, 2019, 11:13 am
$
0
0
I need a solution

Hi all,

We currently have SEPM installed and occasionaly need to run specific reports and the information from the Monitors page/Reporting Tab returns too much information. Is there a tool or way we can more custimize the reports and the date we retrieve?

Thanks,

0

New SEP version 14.2.4815.1101 released on Sept 24th

September 25, 2019, 3:44 am
$
0
0
I need a solution

Hello,

I see that new SEP version was released yesterday, it is build 14.2.4815.1101.

But I cannot find any release notes, what's new, what was fixed in this version. 

Anyone managed to find it?

Regards

0
1569412089

False positive - chromium 79.0.3930.0

October 1, 2019, 11:52 pm
$
0
0
I need a solution

Hello,

It seems that there is a false positive for chromium > 78.

Our defs are current 9/30/19 r18.

Can anyone confirm this false positive?  Timeline for rapid release fix?

Thanks,

Antoine

Zip : https://storage.googleapis.com/chromium-browser-snapshots/Win_x64/701533/chrome-win.zip

Binarie : chrome.exe

Symantec Endpoint Protection Notification :

Scan type: Auto-Protect Scan
Event: Security Risk Found!
Security risk detected: WS.Reputation.1
File: xxxxx\chrome-win\chrome.exe
Location: Deleted or access blocked
Computer: xxxx
User: xxxx
Action taken: Leave Alone succeeded
Date found: mercredi 2 octobre 2019  08:33:27

0

Chrome browser not working when firewall turned on

October 2, 2019, 8:23 am
$
0
0
I need a solution

Network and host settings, options, go to change settings, untick firewall and chrome works, but ticking it, can't use chrome.

Colleague also has same issue with Chrome and with FTP client, although our settings look the same.

Any ideas?

0
Search

Logging when users disable NTP?

October 2, 2019, 10:26 am
$
0
0
I need a solution

Is there a way to view through the console how often users are disabling their SEP firewall? We want to allow users to temporarily disable the firewall (to get online at hotels, etc.), but we're curious as to how often the feature is actually being used. We want to make sure it's used enough to make it worthwhile but not so much that it's being abused (we're only allowing 2 disables for 2 minutes each, so hard to abuse, but still...).

I've looked through all the monitors in the console and haven't come across anything. It is logged on the local SEP client's system logs, but doesn't seem to get transferred to the server.

Am I just missing it?

Thanks!

0

Pushing Installers Out to Clients - Says Success, Is NOT Showing Up on The Clients Tab

October 2, 2019, 1:55 pm
$
0
0
I need a solution

Hello, and whoever can give me a solution to this has my blessings.

Here is the current situation. My company is attempting to roll out Symantec Endpoint Protection V14.2 to our client machines. Currently, we do have another AV on those machines, but I can confirm that we can have those simultaneously (with intentions to uninstall the older AV obviously). 

I was given a list of devices to deploy to. I grab the correct installer, I select the text file I created with all of the computer names, they are recognized. I move them over to be deployed, it prepares for the install appropriately. 

Finally, I am ready to install. It hangs at 0 percent for a very long time (assuming that is just SEP working its magic behind the scenes). Then one by one, the clients pop up as a "success". Great!

I click on the clients tab to search for these, because I would like to verify that these have actually been rolled out. Sure enough, I search by computer name and a total of zero of the "success" computers show up.

Has anyone had this issue before? We have another whitelisting program, and I have ensured that the installer is approved. I checked the computers for anything that has been blocked. 

This has been a serious head scratcher, even for SEP support. If anyone knows how to remediate this issue, it would be greatly appreciated :)

0

SEP clients connecting to telemetry URL of Symantec.

October 3, 2019, 1:30 am
$
0
0
I need a solution

I have mix of SEP client in my environmet statring from SEP 14.0 to SEP 14.2 RU1. Recently i saw connection to central.b6.crsi.symantec.com from different SEP client. As per article https://support.symantec.com/us/en/article.TECH253692.html & https://support.symantec.com/us/en/article.TECH162286.html need ot allow these for SEP 15.0 however my concern is I have disbaled live update on SEP clients, GUP & SEPM is providing all type of update to SEP clients. Do I still need to allow all these URLs at my internet firewall. 

0

unbale to upload latest package to the SEPM manually

October 3, 2019, 1:54 am

How to use DoScan.exe to start a Symantec Endpoint Protection (SEP) client scan from a command-line in Asp.net c#

October 3, 2019, 5:33 am

question regarding Firewall rule

October 3, 2019, 6:02 am
$
0
0
I need a solution

Hello,

Does anyone have an idea what could be this from the screenshot (I removed most of the customer related information)?

The last row showing "Disable outgoing protection" is what I am trying to find out what it is and where it comes from. I checked the firewall rules and I don't have such rule configured. Is this something built-in or configured from somewhere else?

0

Citrix VDI appearing offline over console.

October 3, 2019, 7:59 am
$
0
0
I need a solution

Citrix VDI systems are appearing offline on SEPM console post cloning due to duplicate GUID. However all VDI’s are online over network and taking definition update regularly.

Followed all Symantec guidelines while cloning VDI's still showing offline.

0
Search

Update/Install fails with error 1708

October 3, 2019, 7:44 am
$
0
0
I need a solution

The update/install of the Endpoint Protection client failes and rolls back.

=== Verbose logging started: 02.10.2019  13:09:57  Build type: SHIP UNICODE 5.00.10011.00  Calling process: C:\WINDOWS\system32\msiexec.exe ===

[snip]
[snip]

Property(S): MsiLogFileLocation = C:\Users\ADMINI~1\AppData\Local\Temp\SEP_INST.LOG
Property(S): PackageCode = {AF3439CE-A633-4C9B-99F8-C445A17B6BFE}
Property(S): ProductState = -1
Property(S): PackagecodeChanging = 1
Property(S): CURRENTDIRECTORY = C:\Users\ADMINI~1\AppData\Local\Temp\6c7ddeb3-d864-4dff-933c-eeab0db9690b
Property(S): CLIENTUILEVEL = 2
Property(S): CLIENTPROCESSID = 9564
Property(S): VersionDatabase = 200
Property(S): MsiSystemRebootPending = 1
Property(S): VersionMsi = 5.00
Property(S): VersionNT = 603
Property(S): WindowsBuild = 9600
Property(S): ServicePackLevel = 0
Property(S): ServicePackLevelMinor = 0
Property(S): MsiNTProductType = 1
Property(S): WindowsVolume = C:\
Property(S): System64Folder = C:\WINDOWS\system32\
Property(S): RemoteAdminTS = 1
Property(S): TempFolder = C:\Users\ADMINI~1\AppData\Local\Temp\
Property(S): ProgramFiles64Folder = C:\Program Files\
Property(S): CommonFiles64Folder = C:\Program Files\Common Files\
Property(S): AppDataFolder = C:\Users\administrator\AppData\Roaming\
Property(S): FavoritesFolder = C:\Users\administrator\Favorites\
Property(S): NetHoodFolder = C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts\
Property(S): PersonalFolder = C:\Users\administrator\Documents\
Property(S): PrintHoodFolder = C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\
Property(S): RecentFolder = C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Recent\
Property(S): SendToFolder = C:\Users\administrator\AppData\Roaming\Microsoft\Windows\SendTo\
Property(S): TemplateFolder = C:\ProgramData\Microsoft\Windows\Templates\
Property(S): LocalAppDataFolder = C:\Users\administrator\AppData\Local\
Property(S): MyPicturesFolder = C:\Users\administrator\Pictures\
Property(S): AdminToolsFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
Property(S): StartupFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Property(S): StartMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\
Property(S): FontsFolder = C:\WINDOWS\Fonts\
Property(S): GPTSupport = 1
Property(S): OLEAdvtSupport = 1
Property(S): ShellAdvtSupport = 1
Property(S): MsiAMD64 = 6
Property(S): Msix64 = 6
Property(S): Intel = 6
Property(S): PhysicalMemory = 8117
Property(S): VirtualMemory = 5853
Property(S): AdminUser = 1
Property(S): MsiTrueAdminUser = 1
Property(S): LogonUser = administrator
Property(S): UserSID = S-1-5-21-1910545008-2276187321-3739630811-500
Property(S): UserLanguageID = 3079
Property(S): ComputerName = TECHNIK09
Property(S): SystemLanguageID = 3079
Property(S): ScreenX = 1024
Property(S): ScreenY = 768
Property(S): CaptionHeight = 23
Property(S): BorderTop = 1
Property(S): BorderSide = 1
Property(S): TextHeight = 16
Property(S): TextInternalLeading = 3
Property(S): ColorBits = 32
Property(S): TTCSupport = 1
Property(S): Time = 13:10:18
Property(S): Date = 02.10.2019
Property(S): MsiNetAssemblySupport = 4.7.3056.0
Property(S): MsiWin32AssemblySupport = 6.3.17134.1
Property(S): RedirectedDllSupport = 2
Property(S): MsiRunningElevated = 1
Property(S): Privileged = 1
Property(S): USERNAME = Egger
Property(S): COMPANYNAME = Microsoft
Property(S): DATABASE = C:\WINDOWS\Installer\1160eed.msi
Property(S): OriginalDatabase = C:\Users\administrator\AppData\Local\Temp\6c7ddeb3-d864-4dff-933c-eeab0db9690b\Sep.msi
Property(S): UILevel = 3
Property(S): MsiUIHideCancel = 1
Property(S): ACTION = INSTALL
Property(S): BFEServiceRunning = 1
Property(S): SYMVERSIONNT64 = 1000
Property(S): EMBEDDEDSYSTEM = 0
Property(S): AlreadyElevated = 1
MSI (s) (C0:F0) [13:10:18:763]: Note: 1: 1708 
MSI (s) (C0:F0) [13:10:18:763]: Product: Symantec Endpoint Protection -- Installation operation failed.

MSI (s) (C0:F0) [13:10:18:764]: Das Produkt wurde durch Windows Installer installiert. Produktname: Symantec Endpoint Protection. Produktversion: 14.0.3929.1200. Produktsprache: 1033. Hersteller: Symantec Corporation. Erfolg- bzw. Fehlerstatus der Installation: 1603.

MSI (s) (C0:F0) [13:10:18:771]: Deferring clean up of packages/files, if any exist
MSI (s) (C0:F0) [13:10:18:771]: MainEngineThread is returning 1603
MSI (s) (C0:44) [13:10:18:771]: Calling SRSetRestorePoint API. dwRestorePtType: 13, dwEventType: 103, llSequenceNumber: 11, szDescription: "".
MSI (s) (C0:44) [13:10:18:772]: The call to SRSetRestorePoint API succeeded. Returned status: 0.
=== Logging stopped: 02.10.2019  13:10:18 ===
MSI (s) (C0:44) [13:10:18:773]: User policy value 'DisableRollback' is 0
MSI (s) (C0:44) [13:10:18:773]: Machine policy value 'DisableRollback' is 0
MSI (s) (C0:44) [13:10:18:773]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (C0:44) [13:10:18:774]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 
MSI (s) (C0:44) [13:10:18:774]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 
MSI (s) (C0:44) [13:10:18:774]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied.  Counter after decrement: -1
MSI (s) (C0:44) [13:10:18:774]: Destroying RemoteAPI object.
MSI (s) (C0:A0) [13:10:18:774]: Custom Action Manager thread ending.
MSI (c) (5C:90) [13:10:18:776]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied.  Counter after decrement: -1
MSI (c) (5C:90) [13:10:18:777]: MainEngineThread is returning 1603
=== Verbose logging stopped: 02.10.2019  13:10:18 ===
0

Enrolled but can not see it

October 3, 2019, 11:37 am
$
0
0
I need a solution

Laptop is enrolled according to the dashboard but can't see/find Symantec on the laptop to undertake full scan etc..

any ideas?

0

Start Menu Freeze using SEP 14.2 RU1 MP1/build 14.2.4814.1101 on Windows 10 Build 1903

October 4, 2019, 12:05 pm
$
0
0
I need a solution

I am having an issue on a brand new Fujitsu Windows 10 1903 64- bit laptop with 64-bit SEP client version 14.2 RU1 MP1/build 14.2.4814.1101. The issue is that the Start menu, and any icons by the clock such as WiFi icon to connect to a WiFi network, volume, etc do nothing when clicked. Removing SEP resolves the issue, but it comes back after a reinstall of SEP.

  1. I see a new refresh build of 14.2 RU1 MP1, build 14.2.4815.1101 was released on 09/24. Do we know if the refresh 14.2 RU1 MP1/build 14.2.4815.1101 is available yet from My.Symantec? I want to try it just to see if the Fix ID: ESCRT-2418 that fixes an issue where certain programs (MMC.exe, RegEdit.exe, AD Console) won't open or Windows Updates will not install with 14.2.4814.1101 installed, will resolve my issue.
  2. There was a post opened of someone reporting my same issue with using 14.2 RU1 (not MP1), build 14.2.1031.0100, but it was locked without a resolution. Does anyone have any additional info regarding this issue?https://www.symantec.com/connect/forums/start-button-freezes-after-sep-142-installation
  3. I have another user reporting the same issue, but only when he RDPs onto a machine running the same versions.

Thanks!

0

Spyware and Risk

October 4, 2019, 9:44 pm
$
0
0
I need a solution

Hi Team,

Today on my scan report under Spyware and Risk it was showing  risk below are the details. Need help on this on urgently.

Risk Name: Sonar.susplaunch!g90 security Risk    Sethic.exe is cleaned/Blocked  

Regards,

Rajesh Vanapalli

0

Collect information to generate Full report (Network Threat Protection)

October 5, 2019, 12:41 pm
$
0
0
I need a solution

Hi,

I am new and I have started using the SEPM API 14.2 to collect information and generate reports. So far, I have been able to collect enough information to generate a Computer Status Report.

My next step is to generate a report using the information for the Network Threat Protection - Full Report. However, I cannot get the information I need.

Using the following API:

/api/v1/stats/client/infection/{reportType}/{startTime}/to/{endTime}

I am able to collect some basic information but not all I need (attack, severity, etc) and only at a very high level aggregation - I need the information for each Group Id or host.

I am wondering if it is possible to get the information using the SEPM API or if there is any other way to get it from an API.

Thanks.

0
Viewing all 10484 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>