Quantcast
Viewing all 10484 articles
Browse latest View live

Whitelisting binaries over 100MB size

October 22, 2019, 12:24 pm
$
0
0
I need a solution

Hi,

We have SEP 14 wrongly flagging some of our installers with reputation alert "WS.Reputation".

Binaries are all digitally signed ( singing cert rooted by well-known CAs); We ware able to fix this issue for binaries less than 100MB following the process outlined on Symnatec website.

Does anybody know what is the process for binaries over 100MB (we have several in 103 MB - 110 MB size range)? These false alerts are more than annoing.

Thank you,

Dragos.

0
Search

Previously Whitelisted Devices now being blocked

October 15, 2019, 7:53 am
$
0
0
I need a solution

We currently are using SEP 15 (hybrid with clients on 14.2).

Our policy blocks all access to the USB Class 36fc9e60-c465-11cf-8056-444553540000.

We’ve been carving out exceptions as needed and one of those of those devices in question is a vendor specific secure thumb drive.

Through initial testing I realized that allowing:

 USBSTOR\Disk&Ven_Apricorn&Prod_Secure_Key_3z&Rev_0401*

didn’t do the trick and I needed to whitelist the parent device which was

USB\VID_0984&PID_1409*.

This worked fine for months and then on October 9th these devices (along with clickshare and some others) began being blocked again despite nothing having changed. The policy has been through a few new versions, but the whitelisting of those devices hasn’t changed. No method of whitelisting I’ve tried seems to do the trick anymore so I’m not sure what I’m missing.

Any help or guidance would be appreciated.

0
1571158083

SEP client duplicates; same UUID

October 15, 2019, 8:54 am
$
0
0
I need a solution

Greetings,

We have several hundred machines that were reimaged recently.  All of these clients were created as duplicates in SEPM with same Computer Name and same UUID, but different Unique ID and Hardware Key as their previous listed client.  Also, the logs do not show that these clients were re-registered.  

I'm trying to get a list of these duplicate machines for management, and possibly remove them from SEPM before they automatically drop off.  Does anyone know how to do this?

0

How to Backdate Virus Definitions in Symantec Endpoint Protection Manager

October 15, 2019, 9:23 am
$
0
0
I do not need a solution (just sharing information)

***Taken From Symantec Support TECH102935 ***

You suspect that the virus definitions currently in use by Symantec Endpoint Protection (SEP) clients are corrupt, and would like to roll back to a previous virus definition set. These clients are managed by a Symantec Endpoint Protection Manager (SEPM).  You wish to configure or control the content revisions that clients use.

Please note:

the example below shows reverting AntiVirus definitions to an earlier version.  The procedure works with other SEP components as well (reverting to an earlier release of IPS definitions, etc)

To rollback definitions, the [LiveUpdate Settings] policy -> Server settings -> [Use default management server] must be enabled.

The method described below can also be used to circumvent a confirmed False Positive (FP) until definitions are available that remove the detection.  In the case of False Positives, though, creating a specific exclusion or awaiting new Rapid Release definitions is the recommended approach.  As each set of new definitions includes protection against new threats, reverting to an older revision will always introduce security risk into an organization.

SOLUTION:

Follow the steps below to roll back virus definitions in Symantec Endpoint Protection Manager:

  1. Click Policies
  2. Select View Policies
  3. Click LiveUpdate.
  4. Double-click your current LiveUpdate Content Policy Under the "LiveUpdate Content" tab. The LiveUpdate Content Policy Overview dialog box appears.
  5. From the "LiveUpdate Content" section, click Security Definitions.
  6. Enable the Select a revision option located in the "AntiVirus and AntiSpyware definitions" section,
  7. Click the Edit button. The Select Revision - Antivirus and AntiSpyware definitions dialog box appears.
  8. Expand the drop-down list and browse to the appropriate (32-bit or 64-bit) definition set.
  9. Click the desired rollback definition date.
  10. Click OK.
  11. Click OK to close the "Security Definitions" dialog box and return to the "Policies" tab.

Note: Remember to later return to your LiveUpdate Content Policy and change back to the Use latest available option.  Definitions on all endpoints must be kept current in order to protect against the latest threats in circulation. 

Click HERE to go to original TECH article

0

Cisco anyconnect and SEP

October 22, 2019, 9:47 am
$
0
0
I need a solution

Hello there, 

Is there anyone who is facing an issue with Ciscco anyconnect and SEP?

So when SEP's on the Cisco anyconnect does not connect I see Tamper Protection events. 

Any Suggestions?

0

Notification Events Timestamp: Client Time or Server Time?

October 22, 2019, 12:01 pm
$
0
0
I need a solution

We have endpoints in many different timezones with our SEPM servers here in Eastern timezone. Notification Events show the event date/time... is that the client time or SEPM time?

0
1571835459

Whitelisting binaries over 100MB size

October 22, 2019, 12:24 pm
$
0
0
I need a solution

Hi,

We have SEP 14 wrongly flagging some of our installers with reputation alert "WS.Reputation".

Binaries are all digitally signed ( singing cert rooted by well-known CAs); We ware able to fix this issue for binaries less than 100MB following the process outlined on Symnatec website.

Does anybody know what is the process for binaries over 100MB (we have several in 103 MB - 110 MB size range)? These false alerts are more than annoing.

Thank you,

Dragos.

0
1571841906

cloud enrollment issue

October 22, 2019, 2:29 pm
$
0
0
I need a solution

we are using SEPM 14.2 Ru1 Mp1. we can enroll the SEPM to cloud successfully but it's unenrolled after 5 min any idea

0
Search

Chrome 78 Update & Symantec Endpoint Protection Issue!

October 23, 2019, 12:39 am
$
0
0
I need a solution

Hi, Few hours ago Google released Update 78 for Chrome and since then it's seems to be broken for symantec endpoint protection users.

The problem is you can't load any pages, You will get "Aw, Snap" Error.

The workaround I found was to launch chrome with no sandbox:

Chrome.exe --no-sandbox

Anyone know a permanent solution?

My symantec endpoint protection version is 14.0 MP1

0
1571819261

Clients logging to remote replication sites

October 23, 2019, 2:40 am
$
0
0
I need a solution

We have an environment with several replicaiton partners.

We are seeing clients on remote replication sitres logging acrivity to the sem5 database on remote SEPM sites on a different location.

Any idea whats happening here?

Thanks,

0

"The installer integrity check failed"

October 23, 2019, 5:50 am
$
0
0
I need a solution

Hello guys,

I was trying to install SEP agents on Win-Server 2012 r2, but i got that Error as i captioned as a tittle.

Kindly what is the way forward on fixing this issue?

Image may be NSFW.
Clik here to view.

""ATTCHED image ERROR""

0

Report Showing Clients Firewall Status = "Not Installed"?

October 23, 2019, 6:15 am
$
0
0
I do not need a solution (just sharing information)

Among our thousands of clients I'm seeing some get the basic protection client installed rather than the full protection. I'd like to identify them but I'm not seeing any way to do that in "Monitors" or "Reports".  I thought about using the REST API but I suck at scripts. I also looked at the database to see if I could come up with a SQL query but can't figure that out. Any suggestions? Thanks.

0

Any known issues with SEP 14.2 and later versions with Server 2016?

October 23, 2019, 7:53 am
$
0
0
I need a solution

Previous versions of SEP have affected windows updates in Windows server 2012 R2. The only way to install updates was to disable SEP while updates were being installed.

Are there any known issues with SEP 14.2.770 and later versions that affect Windows Server 2016 windows updates?

Thanks

0

issues setting up second managment server

October 23, 2019, 2:12 pm
$
0
0
I need a solution

14.01

first management server is using embeded database.

installing symantec endpoing on second server, selecting option to install additional managment server to existing site.

when I get to Database Server Authentication I have two options, SQL server authentication, and Windows Authentication.

tried windows authentication but no go, and try SQL server authentication and it fails as wellm error 11501.

notes show username for DB is DBA, and we have notes for the password, but not sure of the database name, it defautls to sem45.

how can I verify the correct database name for an embedded database on the other server.

0

SEP Manager activities

October 24, 2019, 2:38 am
$
0
0
I need a solution

Hello team,

I just want to get answers on below questions;

1. Is SEP scan for outgoing and incoming mails are scanned for malware.......?
2. Is  SEP scans memory, boot sector & registry keys......?
3. Is SEP scan for  web browsers installed has protection against malicious scripts executed on endpoints are used, especially to filter against......?

0
Search

Surface Hub 2 SEP Compatibility

October 17, 2019, 7:40 am
$
0
0
I do not need a solution (just sharing information)

Hello, I'm trying to download SEP onto the Surface Hub 2S from the WIndows application store.  The download button is grayed out there's a message saying a new Windows software update is required before being able to download SEP.  I made sure that the OS is up to date, and the download button is still grayed out.  Am I missing a step, or is this software not supported (it's listed as being supported in the store).

0

SEP Manager activities

October 24, 2019, 2:38 am
$
0
0
I need a solution

Hello team,

I just want to get answers on below questions;

1. Is SEP scan for outgoing and incoming mails are scanned for malware.......?
2. Is  SEP scans memory, boot sector & registry keys......?
3. Is SEP scan for  web browsers installed has protection against malicious scripts executed on endpoints are used, especially to filter against......?

0

SEP Learned Applications - auditing application versions

October 23, 2019, 9:53 pm
$
0
0
I do not need a solution (just sharing information)

Hi,

We have around 80 client workstations that we'd like to audit for application version changes (e.g. firefox.exe), so that we can determine whether a specific version has been installed on all workstations for compliance.

What we really would like is to be able to syslog each time a client workstation changes the version of an application (the syslog entry would need to include the client name, executable name, version, and time).

We cannot see an obvious way to achieve this. Has anyone used SEPM for this prupose?

Cheers
Rod

0

SEPM 14.2 - REST API - Accessing Hardware Devices list

October 24, 2019, 2:36 am
$
0
0
I need a solution

Hello everybody,

I'm trying to use the SEPM 14 REST API to perform some processing in Powershell. I need to get the "Hardware Devices" list (can be found in your SEPM under Policies > Policy Components > Hardware Devices).

At the same place, you can find the fingerprint list that you can retrieve thanks to that URI : https://apidocs.symantec.com/home/SAEP#_getfilefingerprintlist
 

GET /api/v1/policy-objects/fingerprints/{id}

I didn't manage to find something like /api/v1/policy-objects/hardware-devices

Is that a miss in the API description or does this feature isn't supported yet ?

Thank you for your help,
Regards,

M.

0

SEP Server in DR with different ip address

October 24, 2019, 9:18 am
$
0
0
I need a solution

Hi all, question , were looking to have a DR site.  So our VM windows 2012 server with SEP 14 called (NAV1 ip address 172.16.7.50) with SQL installed on a different server (SEPSQL ip address 172.16.7.51).  so all of our windows clients talk to this server.   so when a DR event happens all of our replicated servers on the DR side with have a different subnet supposably  like NAV1 will be now 172.16.8.50  and NAVSQL will be 172.16.8.51.   so what we are told with from our consultants as long a the server relyies soley on DNS it will be fine.   i didnt open a call yet with symantec but has anyone encountered this scienero ?  does anyone here know is my SEP farm will still work or will i have issue?  thanks everyone

0
Viewing all 10484 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>