We just want to know if Symantec is aware about the Team viewer compromise (ATP41) reported by FireEye? If yes, update us if there is any Virus definitions already available for this, so that we can download and install the virus defintions on all the endpoints
Regards,
Raghav
We've been using Microsoft USMT for a while. We just started upgrading from 14.2 MP1 to 14.2 (RU1 MP1 - 14.2.4814.1101). We've found that USMT fails on computers running 14.2.4814.1101.
Disabling the SEP service does not solve the issue. You have to uninstall it entirely.
We do not see this issue with 14.2 MP1.
Has anyone seen this before? Is there a new policy setting by chance that I need to take into account?
Hello everyone, Can anyone shared with me the steps how I can achieve the below.
1) Block all removable media
2) Allow mouse and keyboard
3) Explicility allow any specfic USB as per the requirement
Thanks
NO encuentro la manera de descargar el producto que compramos, en mysymantec me permite ingresar mi licencia me dice activa pero no aparece el link de descarga, me dice que tien que esperar la validacion del administrador del sitio ... prefiero el sistema anterior tengo mil cosas que hacer y con Av pierdo mas tiempo que con el resto de las cosas .. un desatre
Hello,
after upgrading to SEP 14.2 RU1 MP1 we have the following issue https://support.symantec.com/us/en/article.tech256432.html.
But on some clients the Security Center says that SEP is terminated(see attachment). But Syealm is enabled and when we restart SEP hard via smc the status in the Security Center looks good until a reboot.
Can you help us with that issue or de have to wait for that update to RU3?
Thank you!
Hello,
Does anyone have an idea what could be this from the screenshot (I removed most of the customer related information)?
The last row showing "Disable outgoing protection" is what I am trying to find out what it is and where it comes from. I checked the firewall rules and I don't have such rule configured. Is this something built-in or configured from somewhere else?
The update/install of the Endpoint Protection client failes and rolls back.
=== Verbose logging started: 02.10.2019 13:09:57 Build type: SHIP UNICODE 5.00.10011.00 Calling process: C:\WINDOWS\system32\msiexec.exe ===
[snip]
[snip]
Property(S): MsiLogFileLocation = C:\Users\ADMINI~1\AppData\Local\Temp\SEP_INST.LOG
Property(S): PackageCode = {AF3439CE-A633-4C9B-99F8-C445A17B6BFE}
Property(S): ProductState = -1
Property(S): PackagecodeChanging = 1
Property(S): CURRENTDIRECTORY = C:\Users\ADMINI~1\AppData\Local\Temp\6c7ddeb3-d864-4dff-933c-eeab0db9690b
Property(S): CLIENTUILEVEL = 2
Property(S): CLIENTPROCESSID = 9564
Property(S): VersionDatabase = 200
Property(S): MsiSystemRebootPending = 1
Property(S): VersionMsi = 5.00
Property(S): VersionNT = 603
Property(S): WindowsBuild = 9600
Property(S): ServicePackLevel = 0
Property(S): ServicePackLevelMinor = 0
Property(S): MsiNTProductType = 1
Property(S): WindowsVolume = C:\
Property(S): System64Folder = C:\WINDOWS\system32\
Property(S): RemoteAdminTS = 1
Property(S): TempFolder = C:\Users\ADMINI~1\AppData\Local\Temp\
Property(S): ProgramFiles64Folder = C:\Program Files\
Property(S): CommonFiles64Folder = C:\Program Files\Common Files\
Property(S): AppDataFolder = C:\Users\administrator\AppData\Roaming\
Property(S): FavoritesFolder = C:\Users\administrator\Favorites\
Property(S): NetHoodFolder = C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts\
Property(S): PersonalFolder = C:\Users\administrator\Documents\
Property(S): PrintHoodFolder = C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\
Property(S): RecentFolder = C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Recent\
Property(S): SendToFolder = C:\Users\administrator\AppData\Roaming\Microsoft\Windows\SendTo\
Property(S): TemplateFolder = C:\ProgramData\Microsoft\Windows\Templates\
Property(S): LocalAppDataFolder = C:\Users\administrator\AppData\Local\
Property(S): MyPicturesFolder = C:\Users\administrator\Pictures\
Property(S): AdminToolsFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
Property(S): StartupFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Property(S): StartMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\
Property(S): FontsFolder = C:\WINDOWS\Fonts\
Property(S): GPTSupport = 1
Property(S): OLEAdvtSupport = 1
Property(S): ShellAdvtSupport = 1
Property(S): MsiAMD64 = 6
Property(S): Msix64 = 6
Property(S): Intel = 6
Property(S): PhysicalMemory = 8117
Property(S): VirtualMemory = 5853
Property(S): AdminUser = 1
Property(S): MsiTrueAdminUser = 1
Property(S): LogonUser = administrator
Property(S): UserSID = S-1-5-21-1910545008-2276187321-3739630811-500
Property(S): UserLanguageID = 3079
Property(S): ComputerName = TECHNIK09
Property(S): SystemLanguageID = 3079
Property(S): ScreenX = 1024
Property(S): ScreenY = 768
Property(S): CaptionHeight = 23
Property(S): BorderTop = 1
Property(S): BorderSide = 1
Property(S): TextHeight = 16
Property(S): TextInternalLeading = 3
Property(S): ColorBits = 32
Property(S): TTCSupport = 1
Property(S): Time = 13:10:18
Property(S): Date = 02.10.2019
Property(S): MsiNetAssemblySupport = 4.7.3056.0
Property(S): MsiWin32AssemblySupport = 6.3.17134.1
Property(S): RedirectedDllSupport = 2
Property(S): MsiRunningElevated = 1
Property(S): Privileged = 1
Property(S): USERNAME = Egger
Property(S): COMPANYNAME = Microsoft
Property(S): DATABASE = C:\WINDOWS\Installer\1160eed.msi
Property(S): OriginalDatabase = C:\Users\administrator\AppData\Local\Temp\6c7ddeb3-d864-4dff-933c-eeab0db9690b\Sep.msi
Property(S): UILevel = 3
Property(S): MsiUIHideCancel = 1
Property(S): ACTION = INSTALL
Property(S): BFEServiceRunning = 1
Property(S): SYMVERSIONNT64 = 1000
Property(S): EMBEDDEDSYSTEM = 0
Property(S): AlreadyElevated = 1
MSI (s) (C0:F0) [13:10:18:763]: Note: 1: 1708
MSI (s) (C0:F0) [13:10:18:763]: Product: Symantec Endpoint Protection -- Installation operation failed.
MSI (s) (C0:F0) [13:10:18:764]: Das Produkt wurde durch Windows Installer installiert. Produktname: Symantec Endpoint Protection. Produktversion: 14.0.3929.1200. Produktsprache: 1033. Hersteller: Symantec Corporation. Erfolg- bzw. Fehlerstatus der Installation: 1603.
MSI (s) (C0:F0) [13:10:18:771]: Deferring clean up of packages/files, if any exist
MSI (s) (C0:F0) [13:10:18:771]: MainEngineThread is returning 1603
MSI (s) (C0:44) [13:10:18:771]: Calling SRSetRestorePoint API. dwRestorePtType: 13, dwEventType: 103, llSequenceNumber: 11, szDescription: "".
MSI (s) (C0:44) [13:10:18:772]: The call to SRSetRestorePoint API succeeded. Returned status: 0.
=== Logging stopped: 02.10.2019 13:10:18 ===
MSI (s) (C0:44) [13:10:18:773]: User policy value 'DisableRollback' is 0
MSI (s) (C0:44) [13:10:18:773]: Machine policy value 'DisableRollback' is 0
MSI (s) (C0:44) [13:10:18:773]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (C0:44) [13:10:18:774]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (C0:44) [13:10:18:774]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (C0:44) [13:10:18:774]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (s) (C0:44) [13:10:18:774]: Destroying RemoteAPI object.
MSI (s) (C0:A0) [13:10:18:774]: Custom Action Manager thread ending.
MSI (c) (5C:90) [13:10:18:776]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (c) (5C:90) [13:10:18:777]: MainEngineThread is returning 1603
=== Verbose logging stopped: 02.10.2019 13:10:18 ===
Hello everyone, Can anyone shared with me the steps how I can achieve the below.
1) Block all removable media
2) Allow mouse and keyboard
3) Explicility allow any specfic USB as per the requirement
Thanks
NO encuentro la manera de descargar el producto que compramos, en mysymantec me permite ingresar mi licencia me dice activa pero no aparece el link de descarga, me dice que tien que esperar la validacion del administrador del sitio ... prefiero el sistema anterior tengo mil cosas que hacer y con Av pierdo mas tiempo que con el resto de las cosas .. un desatre
Hello,
after upgrading to SEP 14.2 RU1 MP1 we have the following issue https://support.symantec.com/us/en/article.tech256432.html.
But on some clients the Security Center says that SEP is terminated(see attachment). But Syealm is enabled and when we restart SEP hard via smc the status in the Security Center looks good until a reboot.
Can you help us with that issue or de have to wait for that update to RU3?
Thank you!
Hello,
Does anyone have an idea what could be this from the screenshot (I removed most of the customer related information)?
The last row showing "Disable outgoing protection" is what I am trying to find out what it is and where it comes from. I checked the firewall rules and I don't have such rule configured. Is this something built-in or configured from somewhere else?
The update/install of the Endpoint Protection client failes and rolls back.
=== Verbose logging started: 02.10.2019 13:09:57 Build type: SHIP UNICODE 5.00.10011.00 Calling process: C:\WINDOWS\system32\msiexec.exe ===
[snip]
[snip]
Property(S): MsiLogFileLocation = C:\Users\ADMINI~1\AppData\Local\Temp\SEP_INST.LOG
Property(S): PackageCode = {AF3439CE-A633-4C9B-99F8-C445A17B6BFE}
Property(S): ProductState = -1
Property(S): PackagecodeChanging = 1
Property(S): CURRENTDIRECTORY = C:\Users\ADMINI~1\AppData\Local\Temp\6c7ddeb3-d864-4dff-933c-eeab0db9690b
Property(S): CLIENTUILEVEL = 2
Property(S): CLIENTPROCESSID = 9564
Property(S): VersionDatabase = 200
Property(S): MsiSystemRebootPending = 1
Property(S): VersionMsi = 5.00
Property(S): VersionNT = 603
Property(S): WindowsBuild = 9600
Property(S): ServicePackLevel = 0
Property(S): ServicePackLevelMinor = 0
Property(S): MsiNTProductType = 1
Property(S): WindowsVolume = C:\
Property(S): System64Folder = C:\WINDOWS\system32\
Property(S): RemoteAdminTS = 1
Property(S): TempFolder = C:\Users\ADMINI~1\AppData\Local\Temp\
Property(S): ProgramFiles64Folder = C:\Program Files\
Property(S): CommonFiles64Folder = C:\Program Files\Common Files\
Property(S): AppDataFolder = C:\Users\administrator\AppData\Roaming\
Property(S): FavoritesFolder = C:\Users\administrator\Favorites\
Property(S): NetHoodFolder = C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts\
Property(S): PersonalFolder = C:\Users\administrator\Documents\
Property(S): PrintHoodFolder = C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\
Property(S): RecentFolder = C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Recent\
Property(S): SendToFolder = C:\Users\administrator\AppData\Roaming\Microsoft\Windows\SendTo\
Property(S): TemplateFolder = C:\ProgramData\Microsoft\Windows\Templates\
Property(S): LocalAppDataFolder = C:\Users\administrator\AppData\Local\
Property(S): MyPicturesFolder = C:\Users\administrator\Pictures\
Property(S): AdminToolsFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
Property(S): StartupFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Property(S): StartMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\
Property(S): FontsFolder = C:\WINDOWS\Fonts\
Property(S): GPTSupport = 1
Property(S): OLEAdvtSupport = 1
Property(S): ShellAdvtSupport = 1
Property(S): MsiAMD64 = 6
Property(S): Msix64 = 6
Property(S): Intel = 6
Property(S): PhysicalMemory = 8117
Property(S): VirtualMemory = 5853
Property(S): AdminUser = 1
Property(S): MsiTrueAdminUser = 1
Property(S): LogonUser = administrator
Property(S): UserSID = S-1-5-21-1910545008-2276187321-3739630811-500
Property(S): UserLanguageID = 3079
Property(S): ComputerName = TECHNIK09
Property(S): SystemLanguageID = 3079
Property(S): ScreenX = 1024
Property(S): ScreenY = 768
Property(S): CaptionHeight = 23
Property(S): BorderTop = 1
Property(S): BorderSide = 1
Property(S): TextHeight = 16
Property(S): TextInternalLeading = 3
Property(S): ColorBits = 32
Property(S): TTCSupport = 1
Property(S): Time = 13:10:18
Property(S): Date = 02.10.2019
Property(S): MsiNetAssemblySupport = 4.7.3056.0
Property(S): MsiWin32AssemblySupport = 6.3.17134.1
Property(S): RedirectedDllSupport = 2
Property(S): MsiRunningElevated = 1
Property(S): Privileged = 1
Property(S): USERNAME = Egger
Property(S): COMPANYNAME = Microsoft
Property(S): DATABASE = C:\WINDOWS\Installer\1160eed.msi
Property(S): OriginalDatabase = C:\Users\administrator\AppData\Local\Temp\6c7ddeb3-d864-4dff-933c-eeab0db9690b\Sep.msi
Property(S): UILevel = 3
Property(S): MsiUIHideCancel = 1
Property(S): ACTION = INSTALL
Property(S): BFEServiceRunning = 1
Property(S): SYMVERSIONNT64 = 1000
Property(S): EMBEDDEDSYSTEM = 0
Property(S): AlreadyElevated = 1
MSI (s) (C0:F0) [13:10:18:763]: Note: 1: 1708
MSI (s) (C0:F0) [13:10:18:763]: Product: Symantec Endpoint Protection -- Installation operation failed.
MSI (s) (C0:F0) [13:10:18:764]: Das Produkt wurde durch Windows Installer installiert. Produktname: Symantec Endpoint Protection. Produktversion: 14.0.3929.1200. Produktsprache: 1033. Hersteller: Symantec Corporation. Erfolg- bzw. Fehlerstatus der Installation: 1603.
MSI (s) (C0:F0) [13:10:18:771]: Deferring clean up of packages/files, if any exist
MSI (s) (C0:F0) [13:10:18:771]: MainEngineThread is returning 1603
MSI (s) (C0:44) [13:10:18:771]: Calling SRSetRestorePoint API. dwRestorePtType: 13, dwEventType: 103, llSequenceNumber: 11, szDescription: "".
MSI (s) (C0:44) [13:10:18:772]: The call to SRSetRestorePoint API succeeded. Returned status: 0.
=== Logging stopped: 02.10.2019 13:10:18 ===
MSI (s) (C0:44) [13:10:18:773]: User policy value 'DisableRollback' is 0
MSI (s) (C0:44) [13:10:18:773]: Machine policy value 'DisableRollback' is 0
MSI (s) (C0:44) [13:10:18:773]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (C0:44) [13:10:18:774]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (C0:44) [13:10:18:774]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (C0:44) [13:10:18:774]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (s) (C0:44) [13:10:18:774]: Destroying RemoteAPI object.
MSI (s) (C0:A0) [13:10:18:774]: Custom Action Manager thread ending.
MSI (c) (5C:90) [13:10:18:776]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (c) (5C:90) [13:10:18:777]: MainEngineThread is returning 1603
=== Verbose logging stopped: 02.10.2019 13:10:18 ===
Hello everyone, Can anyone shared with me the steps how I can achieve the below.
1) Block all removable media
2) Allow mouse and keyboard
3) Explicility allow any specfic USB as per the requirement
Thanks
NO encuentro la manera de descargar el producto que compramos, en mysymantec me permite ingresar mi licencia me dice activa pero no aparece el link de descarga, me dice que tien que esperar la validacion del administrador del sitio ... prefiero el sistema anterior tengo mil cosas que hacer y con Av pierdo mas tiempo que con el resto de las cosas .. un desatre
Hello,
after upgrading to SEP 14.2 RU1 MP1 we have the following issue https://support.symantec.com/us/en/article.tech256432.html.
But on some clients the Security Center says that SEP is terminated(see attachment). But Syealm is enabled and when we restart SEP hard via smc the status in the Security Center looks good until a reboot.
Can you help us with that issue or de have to wait for that update to RU3?
Thank you!
Hello Team,
I\' just finding ifis it poosible to Configure from SEP MANAGER that AV (SEP) client to scan all files accessed via the internet including files that are installed directly from the internet and not necessarily saved on the local disk.
Ayny one can assist me on this.
People are seeing BSOD's due to the Oct 14th updates. Any info from Symantec?
https://old.reddit.com/r/sysadmin/comments/di6v8k/...
Hello,
Did somebody have BSOD issue this morning caused by virus definitions 14/10/2019 r.9? We received many calls and all of the BSODs were on machines with virus definitions 14/10/2019 r.9. After they managed to boot and login somehow on the machine and the definitions were updated to 14/10/2019 r.20 all was working fine.
Regards