Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all 10484 articles
Browse latest View live

Location awareness issue with SEP version 14.2.4814 and 14.2.4815

October 15, 2019, 6:33 am
$
0
0
I need a solution

Issue after issue with every new SEP version. Will this end some day and Symantec to release some version which doesn't break something new with new releases? 

Now what happened after we started upgrade to 14.2.4814 is that Location awarenedd doesn't work. Here is short explanation what we have tried:

When the user connects the machine via docking station directly to the corporate network, everything works fine, location shows Office. But when the user is connected to public WiFi (from home or somewhere else) and then makes VPN connection, the VPN shows successfull connection, the user gets IP address which is one of the conditions to switch to Office network but it stays in Out of corporate network location.

In the new fixes for 14.2.4815 it is mentioned the following:

Clients do not switch locations when using DNS Lookup criteria with Location Awareness

Fix ID: ESCRT-1710, ESCRT-1773, ESCRT-1801

Symptoms: Location Switching may intermittently fail when it relies on DNS Lookup as a criteria within Location Awareness.

Solution: Improvements made to Location Awareness functionality so that it now properly results in a location switch when DNS Lookup is used as the criteria.

First of all, we are not using the DNS Lookup criteria and second, upgrade to 14.2.4815 didn't fix the issue.

Anyone with the same issue? In the meantime we are escalating this to SYmantec with a case

0
Search

Citrix VDI appearing offline over console.

October 3, 2019, 7:59 am
$
0
0
I need a solution

Citrix VDI systems are appearing offline on SEPM console post cloning due to duplicate GUID. However all VDI’s are online over network and taking definition update regularly.

Followed all Symantec guidelines while cloning VDI's still showing offline.

0
1570462672

Enrolled but can not see it

October 3, 2019, 11:37 am
$
0
0
I need a solution

Laptop is enrolled according to the dashboard but can't see/find Symantec on the laptop to undertake full scan etc..

any ideas?

0

Start Menu Freeze using SEP 14.2 RU1 MP1/build 14.2.4814.1101 on Windows 10 Build 1903

October 4, 2019, 12:05 pm
$
0
0
I need a solution

I am having an issue on a brand new Fujitsu Windows 10 1903 64- bit laptop with 64-bit SEP client version 14.2 RU1 MP1/build 14.2.4814.1101. The issue is that the Start menu, and any icons by the clock such as WiFi icon to connect to a WiFi network, volume, etc do nothing when clicked. Removing SEP resolves the issue, but it comes back after a reinstall of SEP.

  1. I see a new refresh build of 14.2 RU1 MP1, build 14.2.4815.1101 was released on 09/24. Do we know if the refresh 14.2 RU1 MP1/build 14.2.4815.1101 is available yet from My.Symantec? I want to try it just to see if the Fix ID: ESCRT-2418 that fixes an issue where certain programs (MMC.exe, RegEdit.exe, AD Console) won't open or Windows Updates will not install with 14.2.4814.1101 installed, will resolve my issue.
  2. There was a post opened of someone reporting my same issue with using 14.2 RU1 (not MP1), build 14.2.1031.0100, but it was locked without a resolution. Does anyone have any additional info regarding this issue?https://www.symantec.com/connect/forums/start-button-freezes-after-sep-142-installation
  3. I have another user reporting the same issue, but only when he RDPs onto a machine running the same versions.

Thanks!

0
1570462631

Spyware and Risk

October 4, 2019, 9:44 pm
$
0
0
I need a solution

Hi Team,

Today on my scan report under Spyware and Risk it was showing  risk below are the details. Need help on this on urgently.

Risk Name: Sonar.susplaunch!g90 security Risk    Sethic.exe is cleaned/Blocked  

Regards,

Rajesh Vanapalli

0
1570722005

 Configuring on SEP MANAGER

October 15, 2019, 6:00 am
$
0
0
I need a solution

 Hello Team,

I\' just finding ifis it poosible to Configure from SEP MANAGER  that AV (SEP) client to scan all files accessed via the internet including files that are installed directly from the internet and not necessarily saved on the local disk.

Ayny one can assist me on this.

0

BSOD caused by SEP update?

October 15, 2019, 6:08 am

BSOD issue on Win 7 machines caused by virus defs 14/10/2019 r.9

October 15, 2019, 6:20 am
$
0
0
I need a solution

Hello,

Did somebody have BSOD issue this morning caused by virus definitions 14/10/2019 r.9? We received many calls and all of the BSODs were on machines with virus definitions 14/10/2019 r.9. After they managed to boot and login somehow on the machine and the definitions were updated to 14/10/2019 r.20 all was working fine.

Regards

0
1571150060
Search

Location awareness issue with SEP version 14.2.4814 and 14.2.4815

October 15, 2019, 6:33 am
$
0
0
I need a solution

Issue after issue with every new SEP version. Will this end some day and Symantec to release some version which doesn't break something new with new releases? 

Now what happened after we started upgrade to 14.2.4814 is that Location awareness doesn't work. Here is short explanation what we have tried:

When the user connects the machine via docking station directly to the corporate network, everything works fine, location shows Office. But when the user is connected to public WiFi (from home or somewhere else) and then makes VPN connection, the VPN shows successfull connection, the user gets IP address which is one of the conditions to switch to Office network but it stays in Out of corporate network location.

In the new fixes for 14.2.4815 it is mentioned the following:

Clients do not switch locations when using DNS Lookup criteria with Location Awareness

Fix ID: ESCRT-1710, ESCRT-1773, ESCRT-1801

Symptoms: Location Switching may intermittently fail when it relies on DNS Lookup as a criteria within Location Awareness.

Solution: Improvements made to Location Awareness functionality so that it now properly results in a location switch when DNS Lookup is used as the criteria.

First of all, we are not using the DNS Lookup criteria and second, upgrade to 14.2.4815 didn't fix the issue.

Anyone with the same issue? In the meantime we are escalating this to SYmantec with a case

0

Firewall Rules from Symantec Endpoint protection to Group Policy

October 15, 2019, 7:28 am
$
0
0
I do not need a solution (just sharing information)

We are trying to get copy the SEP firewall rules to group policy. Is there a way we can export them or copy the SEP firewall rules to group policy (GPO).

0

Auto-Upgrade schedule not adhered to on Endpoint Protection 14.2 clients

October 15, 2019, 7:30 am
$
0
0
I need a solution

We have scheduled an auto upgrade for a set of clients for upgrade from 14.2 MP1 (14.2.1015.0100) to 14.2. RU1 MP1 (14.2.4814.1101). We have specified an "Upgrade Schedule" and "Distribute upgrade over X days" too. But for some reason the clients are not adhering to the auto upgrade schedule. We have the below deployment status and messages in the clients.

"The client is ready to accept the upgrade package. Client has accepted an upgrade package, version 14.2.4814.1101. The download of the package will begin when client and OS compatibility are confirmed."

Can someone please let me know why the clients are not adhering to the auto-upgrade schedule and how could this be resolved? We have been doing this for almost 400+ clients in batches. There were no issues encountered but is failing only for the last batch of 50+ clients. We suspected that this could be due to the install package or install settings getting corrupted and we removed the content and re-assigned the package to the group again. But that doesn't help either. Can someone please assist?

0

Is there a command line to uninstall SEP 14 with uninstallation password?

October 15, 2019, 7:32 am
$
0
0
I need a solution

Hello,

I have Symantec EP ver 14 installed on more than 1500 clients, they are all managed via SEPM and an uninstallation password is set to prevent the users from uninstalling SEP on their machines.

Is there a command (or a script) to uninstall Symantec using an attribute for the uninstallation password in that command or script?

Thanks and regards,

Jameel

0
1571151086

Previously Whitelisted Devices now being blocked

October 15, 2019, 7:53 am
$
0
0
I need a solution

We currently are using SEP 15 (hybrid with clients on 14.2).

Our policy blocks all access to the USB Class 36fc9e60-c465-11cf-8056-444553540000.

We’ve been carving out exceptions as needed and one of those of those devices in question is a vendor specific secure thumb drive.

Through initial testing I realized that allowing:

 USBSTOR\Disk&Ven_Apricorn&Prod_Secure_Key_3z&Rev_0401*

didn’t do the trick and I needed to whitelist the parent device which was

USB\VID_0984&PID_1409*.

This worked fine for months and then on October 9th these devices (along with clickshare and some others) began being blocked again despite nothing having changed. The policy has been through a few new versions, but the whitelisting of those devices hasn’t changed. No method of whitelisting I’ve tried seems to do the trick anymore so I’m not sure what I’m missing.

Any help or guidance would be appreciated.

0
1571158083

SEP client duplicates; same UUID

October 15, 2019, 8:54 am
$
0
0
I need a solution

Greetings,

We have several hundred machines that were reimaged recently.  All of these clients were created as duplicates in SEPM with same Computer Name and same UUID, but different Unique ID and Hardware Key as their previous listed client.  Also, the logs do not show that these clients were re-registered.  

I'm trying to get a list of these duplicate machines for management, and possibly remove them from SEPM before they automatically drop off.  Does anyone know how to do this?

0

How to Backdate Virus Definitions in Symantec Endpoint Protection Manager

October 15, 2019, 9:23 am
$
0
0
I do not need a solution (just sharing information)

***Taken From Symantec Support TECH102935 ***

You suspect that the virus definitions currently in use by Symantec Endpoint Protection (SEP) clients are corrupt, and would like to roll back to a previous virus definition set. These clients are managed by a Symantec Endpoint Protection Manager (SEPM).  You wish to configure or control the content revisions that clients use.

Please note:

the example below shows reverting AntiVirus definitions to an earlier version.  The procedure works with other SEP components as well (reverting to an earlier release of IPS definitions, etc)

To rollback definitions, the [LiveUpdate Settings] policy -> Server settings -> [Use default management server] must be enabled.

The method described below can also be used to circumvent a confirmed False Positive (FP) until definitions are available that remove the detection.  In the case of False Positives, though, creating a specific exclusion or awaiting new Rapid Release definitions is the recommended approach.  As each set of new definitions includes protection against new threats, reverting to an older revision will always introduce security risk into an organization.

SOLUTION:

Follow the steps below to roll back virus definitions in Symantec Endpoint Protection Manager:

  1. Click Policies
  2. Select View Policies
  3. Click LiveUpdate.
  4. Double-click your current LiveUpdate Content Policy Under the "LiveUpdate Content" tab. The LiveUpdate Content Policy Overview dialog box appears.
  5. From the "LiveUpdate Content" section, click Security Definitions.
  6. Enable the Select a revision option located in the "AntiVirus and AntiSpyware definitions" section,
  7. Click the Edit button. The Select Revision - Antivirus and AntiSpyware definitions dialog box appears.
  8. Expand the drop-down list and browse to the appropriate (32-bit or 64-bit) definition set.
  9. Click the desired rollback definition date.
  10. Click OK.
  11. Click OK to close the "Security Definitions" dialog box and return to the "Policies" tab.

Note: Remember to later return to your LiveUpdate Content Policy and change back to the Use latest available option.  Definitions on all endpoints must be kept current in order to protect against the latest threats in circulation. 

Click HERE to go to original TECH article

0
Search

Secuirty Risk Found - SONAR.Kotver!gen5

October 15, 2019, 3:18 pm
$
0
0
I need a solution

Hi,

Symantec is reporting a "Security Risk Found (Access denied)" with the risk name SONAR.Kotver!gen5. Defintitions are up-to date on this computer and when you run the anti-virus scan on the computer, it doesn't find that it is infected but on the management portal, it says the computer is infected.

Not sure what to do. Can someone advise?

Thanks!

0

Endpoint Protection installer logs password in plain text

October 16, 2019, 2:17 am
$
0
0
I do not need a solution (just sharing information)

I tried to contact Symantec support as I couldn't install the Endpoint Protection product, but I was told that there is no support offered for trial customers, so I thought I'd post this here.

The installer was failing with the error "Failed to connect to database". I found the installer log file, and was surprised to see that the admin password was being included in the SQL query being used to create the account, and was logged in plain text. Logging a password in plain text seems like an odd thing for a product from a security company to do, as does passing parameters as part of the query rather than using a prepared statement with parameterized queries. To me this is very basic stuff and embarrasing to get it so wrong, and it makes me wonder how secure the rest of the product is.

I thought Symantec would want to know about this, but from the reply I got from the support request I posted, it would seem they're not.

If you're going to use this product I would recommend deleting any log files after you've installed it, just in case...

0

Sepm 14.0 MP2 server not pushing updates to clients.

October 16, 2019, 3:41 am
$
0
0
I need a solution

Hello Team,

Recently we migrated the server from windows 2008 to 2012.After that we install Sepm 14 ver and restore the old database of sepm server to new one.Finally we got sepm console and the 32 bit clients are updating properly and 64bit are not updating.Please resolve the issue, 

0

Prevent suspicious connections by SEP IPS

October 16, 2019, 9:45 am
$
0
0
I need a solution

Customer detected suspicious connections to malware domains via Chrome extension.

dtsince.comdtsince.com:443

elsticsr.comelsticsr.com:443

comvng.comcomvng.com:443

SEP IPS detected the malicious traffic by signature ID 31106 but not blocked. Althought, by default it should block and log.

How can I block the connections by SEP IPS signature? Why SEP IPS does not block by default?

Why SEP does not remove the Chrome extensions (files)?

Any other way to block the domains? Maybe explicit rule in Firewall can block the domain?

0

How SEP handles monitored applications

October 16, 2019, 9:54 am
$
0
0
I need a solution

Users installed sogouexplorer.exe browser. It is used in China.

I used Application to Monitor in Exceptions policy to detect the instances of sogouexplorer.exe. I used KB https://support.symantec.com/us/en/article.HOWTO80...

Several instances were detected from different clients. Now I want to remove the applicaiton, or just quarantine, or terminate.

Do you know what does these actions ( Quarantine, Terminate, or Remove. ) means?

Does it mean the file is going to be removed? Or application will be blocked every time it launched.

How else we can stop or remove unwanted software?

0
Viewing all 10484 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>