Is there any way in the SEPM to pull windows settings: I am especially looking to pull the windows list in the network  with windows Firwewall turned on or off . 

Dear all, 

After send file to symantec analysis, and it feedback the file is clean. But why it still detected security warning by symantec . It should be white list.

I'm testing software deployment through LogMeIn and is getting this error when I tried to run the SEP64.msi

>

Output truncated..

 Endpoint Protection -- The installer integrity check failed with error code 0x80070003. Common causes for this failure include an incomplete download, damaged media, or problems with the Trusted Root certificate store.

The installer integrity check failed with error code 0x80070003. Common causes for this failure include an incomplete download, damaged media, or problems with the Trusted Root certificate store.
Action ended 10:08:02: LaunchConditions. Return value 3.
Action ended 10:08:02: INSTALL. Return value 3.
Property(S): UpgradeCode = {F7BE9C8A-C2E6-470D-B703-0A1845E6FF8C}
Property(S): IEVERSION = 9.11.18362.0
Property(S): CLOUDMANAGED = 0
Property(S): OS_SUPPORTS_UI = C:\Windows\explorer.exe
Property(S): SYMRASMAN_REG13_PATH = C:\Windows\System32\rastls.dll
Property(S): SYMRASMAN_REG13_INTERACTIVEUIPATH = C:\Windows\System32\rastls.dll
Property(S): SYMRASMAN_REG13_CONFIGUIPATH = C:\Windows\System32\rastls.dll
Property(S): SYMRASMAN_REG13_IDENTITYPATH = C:\Windows\System32\rastls.dll
Property(S): SYMRASMAN_REG25_PATH = C:\Windows\System32\rastls.dll
Property(S): SYMRASMAN_REG25_INTERACTIVEUIPATH = C:\Windows\System32\rastls.dll
Property(S): SYMRASMAN_REG25_CONFIGUIPATH = C:\Windows\System32\rastls.dll
Property(S): SYMRASMAN_REG25_IDENTITYPATH = C:\Windows\System32\rastls.dll
Property(S): DEFENDERFOUND = Microsoft Windows Defender
Property(S): ProductName = Symantec Endpoint Protection
Property(S): ProductDisplayName = Symantec Endpoint Protection
Property(S): ProductVersion = 14.2.4815.1101
Property(S): OPTOUTREPSUBMISSION = 0
Property(S): ENABLEAUTOPROTECT = 1
Property(S): DISABLEDEFENDER = 1
Property(S): RUNLIVEUPDATE = 1
Property(S): IDCENABLE = 1
Property(S): VersionNT64 = 603
Property(S): ReducedSizeButton = 0
Property(S): SetupType = Typical
Property(S): _IsSetupTypeMin = Typical
Property(S): AgreeToLicense = No
Property(S): _IsMaintenance = Change
Property(S): RestartManagerOption = CloseRestart
Property(S): SMSName = SepMasterService
Property(S): SMSDescription = Symantec Endpoint Protection
Property(S): InUISequence = 0
Property(S): CACHE_INSTALLER = 1
Property(S): REBOOT = ReallySuppress
Property(S): System64Folder = C:\Windows\system32\
Property(S): REQUEST_LICENSE = false
Property(S): ProgramFilesFolder = C:\Program Files (x86)\
Property(S): WindowsFolder = C:\Windows\
Property(S): CommonFilesFolder = C:\Program Files (x86)\Common Files\
Property(S): SourceDir = C:\Windows\TEMP\LMIPKG20FE98\
Property(S): CommonAppDataFolder = C:\ProgramData\
Property(S): ProgramMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
Property(S): DesktopFolder = C:\Users\Public\Desktop\
Property(S): ALLUSERS = 1
Property(S): APPTYPE = 105
Property(S): LUMoniker = {57201BD7-52EE-4841-8368-05C54B1F44DC}
Property(S): SecurityUpdatesMoniker = {01004CAE-0A4B-0378-65D4-6282A66CD075}
Property(S): CloudAutoupgradeMoniker = {33769587-5823-4393-8BC7-82ACF5EAC8FE}
Property(S): ARPSYSTEMCOMPONENT = 1
Property(S): INSTALLLEVEL = 100
Property(S): MSIENFORCEUPGRADECOMPONENTRULES = 1
Property(S): Manufacturer = Symantec Corporation
Property(S): ProductCode = {EDDFA2FE-A36E-4C80-8060-14A2141F8882}
Property(S): ProductLanguage = 1033
Property(S): IDCDATASERVER = tses.symantec.com
Property(S): IDCDATALOC = /incoming
Property(S): IDCDEPLOYMENT = Local
Property(S): IDCEXTRAINFO = 0
Property(S): MAXMIGRATIONDELAY = 60
Property(S): MIGRATIONDELAY = 30
Property(S): MsiLogging = voicewarmupx
Property(S): MSIRESTARTMANAGERCONTROL = Disable
Property(S): SMSLongDescription = Provides malware and threat protection for Symantec Endpoint Protection
Property(S): SymMigrationRebootMessage = To provide complete protection, Symantec Endpoint Protection requires this computer to restart.
Property(S): SymRebootAtEndMessage = To provide complete protection, Symantec Endpoint Protection requires this computer to restart.
Property(S): InstallCompleteMessage = The installation has completed successfully
Property(S): ShowServiceProgressMessage = Executing install script via service
Property(S): ShowServiceProgress_RBMessage = Executing rollback script via service
Property(S): SiloGUID = {2DC5761D-FECC-4832-B9C5-67CA39DE7369}
Property(S): SILO_REGHIVE = SOFTWARE\Symantec\Symantec Endpoint Protection
Property(S): HIGHCONTRAST = 0
Property(S): SYM_MAJOR_UPGRADE = 0
Property(S): SEPLicprop = SB
Property(S): SEPLicpropReg = sepsb
Property(S): SYMLICENSETYPE = 0
Property(S): SYMLICENSETYPESTRING = sepe
Property(S): MIGLICENSETYPE = 0
Property(S): LOADEDDRIVERSFOUND = 0
Property(S): RESOLVEFEATURES = 0
Property(S): InstallingToReparse = 0
Property(S): SYMCOMPRESSFOLDERS = 1
Property(S): VMWAREDETECTED = 0
Property(S): RegSilo = HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\{2DC5761D-FECC-4832-B9C5-67CA39DE7369}
Property(S): SepmDataDir =  
Property(S): SepmInstallDir =  
Property(S): TempExportFolder = C:\Users\NS5\AppData\Local\Temp\a2d66d03-3a18-4075-b840-912cfea12508
Property(S): ValidInstallDir = 0
Property(S): CACHEINSTALL = 1
Property(S): MIGRATESETTINGS = 1
Property(S): CMC_PRODUCT_BUILD = #1101
Property(S): CMC_PRODUCT_VERSION = 14.2
Property(S): Managed_Client_Type = Unmanaged
Property(S): ADDSTARTMENUICON = 1
Property(S): SEPORSNAC = 1
Property(S): PROXY_TYPE = 1
Property(S): PROXY_SERVER =  
Property(S): PROXY_HTTP_PORT = 0
Property(S): PROXY_HTTPS_PORT = 0
Property(S): PROXY_USER = **********
Property(S): PROXY_DOMAIN = **********
Property(S): PROXY_FULL_USER = **********
Property(S): PROXY_PASSWORD = **********
Property(S): ALLOW_FALLBACK = 1
Property(S): PROXY_AUTH_TYPE = 0
Property(S): PROXY_USER_PLAIN = **********
Property(S): PROXY_PASSWORD_PLAIN = **********
Property(S): SymRasManDefine = SymRasMan
Property(S): ErrorDialog = SetupError
Property(S): ApplicationUsers = AllUsers
Property(S): DefaultUIFont = Tahoma8
Property(S): ProgressType0 = install
Property(S): ProgressType1 = Installing
Property(S): ProgressType2 = installed
Property(S): ProgressType3 = installs
Property(S): SBE_Feature_Set = Typical
Property(S): INSTALLSYMELAM = 1
Property(S): DcsPolicyName = SISIPS
Property(S): IPS_ENABLE = true
Property(S): AGENT_PORT = 443
Property(S): PROTOCOL = https
Property(S): OS_FEATURES = PD
Property(S): Charset = UTF-8
Property(S): POLLING_INTERVAL = 300
Property(S): NOTIFICATION_ENABLE = true
Property(S): NOTIFICATION_PORT = 2222
Property(S): POLICY_FALLBACK = false
Property(S): DRIVER_LOG_FILE = SISIPS.log
Property(S): DRIVER_LOG_PROFILE = SISIPSProfile.log
Property(S): AGENT_POLICY = NULL
Property(S): LibSepCommon = 1
Property(S): HITYPE = 0
Property(S): LOCATIONSENSOR = 0
Property(S): REVERSEDNS = 0
Property(S): WSCAVALERT = 1
Property(S): WSCAVUPTODATE = 7
Property(S): WSCAVUPTODATELB = 30
Property(S): WSCCONTROL = 0
Property(S): LibSep64 = 1
Property(S): SYMVERSIONNT = 1000
Property(S): SysPlantStartType = disabled
Property(S): LibSnac64 = 1
Property(S): ForeFrontSupportProp = http://service1.symantec.com/SUPPORT/ent-security....
Property(S): LaunchBrowserProp = Rundll32.Exe url.Dll,FileProtocolHandler
Property(S): Lang = 1033
Property(S): LiveUpdateVars = 1
Property(S): SecureCustomProperties = ADDLOCAL;ADDSTARTMENUICON;AGENT_NAME;AGENT_POLICY;AGENT_PORT;AGENT_SECURITY_GROUP;ALLOW_FALLBACK;ALT_MANAGEMENT_SERVERS;AMBERPLUSFOUND;AMBERSNACPLUSFOUND;APPDATAINSTALL;APPDATAINSTALLLOGS;APPDATAINSTALLSCRIPTS;APPDATALOGS;APPLOGS;APTEMP;ARPESTSIZE;AVLOGS;BADPATTS;CACHE_INSTALLER;CACHED_INSTALLS;CACHEINSTALL;CLOUDMANAGED;CMC_PRODUCT_BUILD;CMC_PRODUCT_VERSION;COMPANYNAME;CONFIGDIR;CONTENTCACHE;CONTENTMIGRATION;DARKNETWORK;DB;DECTEMP;DEFENDERFOUND;DISABLEDEFENDER;DONOTSETSYMQUALLOCALDUMPS;DOWNLOAD;DRIVER_LOG_FILE;DRIVER_LOG_PROFILE;EMBEDDEDMINFEATURES;EMBEDDEDSYSTEM;ENABLEAUTOPROTECT;EWFAPIFOUND;EWFENABLED;EWFINSTALLED;EXCHANGEFOUND;FBWFENABLED;FBWFINSTALLED;FEATURESTATEDIR;FOREFRONEXCFOUND;FOREFRONTTMGFOUND;FOUNDBROWSERPROTECTIONLITE;FOUNDLIVEUPDTHST;FOUNDSEPSLF;FOUNDSETTINGSHOSTSLIVEUPDATE;FOUNDSNACSLF;HELP;HITYPE;HOSTNAME;I2_LDVP.VDB;IDCDATALOC;IDCDATASERVER;IDCDEPLOYMENT;IDCENABLE;IDCEXTRAINFO;IDS_POLICY_FILE;IEVERSION;INSTALLEDPRODUCTTYPE;INSTALLSCRIPTS;INSTALLSYMELAM;IPS_ENABLE;JAGUARSNACPLUSFOUND;LANG1033;LEGACYSEA_NM;LEGACYSEA_NM1;LEGACYSEA_NM2;LIVEUPDATE;LOADEDDRIVERSFOUND;LOCATIONSENSOR;LOWBANDWIDTH;MANAGEMENT_SERVER;MAXMIGRATIONDELAY;MIGLICENSETYPE;MIGRATESETTINGS;MIGRATIONDELAY;MIGRATIONPENDINGREBOOT;MSIRESTARTMANAGERCONTROL;NEWERFOUND;NEWERSNACFOUND;NORTON64FOUND;NORTONAV;NORTONAVPRO;NORTONFOUND;NOTIFICATION_ENABLE;NOTIFICATION_PORT;OLDAPPDATADIR;OLDERFOUND;OLDPRODUCTCLOUDMANAGED;OLDPRODUCTDARKNETWORK;OLDPRODUCTMANAGED;OLDPRODUCTREDUCEDSIZE;OLDPRODUCTVERSION;OLDSILOFOUND;OPTOUTREPSUBMISSION;OS_FEATURES;OS_SUPPORTS_UI;OUTLOOKFOUND;PARTIALCONTENT;PARTIALUPGRADE;PENDINGMODULEREMOVAL;PERSISTEDDATA;POLICY_FALLBACK;POLLING_INTERVAL;PREAMBERFOUND;PREAMBERSNACFOUND;PREHAMLETFOUND;PRODUCTINSTALLDIR;PRODUCTINSTALLDIRINSETAID;PROTOCOL;PROXY_AUTH_TYPE;PROXY_DOMAIN;PROXY_FULL_USER;PROXY_HTTP_PORT;PROXY_HTTPS_PORT;PROXY_PASSWORD;PROXY_PASSWORD_PLAIN;PROXY_SERVER;PROXY_TYPE;PROXY_USER;PROXY_USER_PLAIN;QUARANTINE;REDUCEDSIZE;REGFILTERINSTALLED;REINSTALL;REMOVE;REQUEST_LICENSE;RES;RESOLVEFEATURES;REVERSEDNS;ROOTDRIVE;RUNLIVEUPDATE;SAVCORP7XFOUND;SAVFOUND;SAVMIGINSTDIR;SAVSMIGFOLDER;SCSMIGINSTDIR;SDIDATFOUND;SEAMIGINSTDIR;SEPMIGINSTDIR;SEPORSNAC;SERDEFDATFOUND;SILO_REGHIVE;SISFAILED;SMCLU;SNACFOUND;SNACMIGINSTDIR;SNACNPFOUND32;SNACNPFOUND64;SOURCEDIR;SPA51BLOCK;SPAFOUND;SPMXMLFOUND;STATEDIR;STATICDATA;SYLINKSRCDIR;SYM_MAJOR_UPGRADE;SYMCOMPRESSFOLDERS;SYMFORCEFAIL;SYMFORCEFAILPHASE;SYMLICENSETYPE;SYMLICENSETYPESTRING;SYMRASMAN_REG13_CONFIGUIPATH;SYMRASMAN_REG13_CONFIGUIPATHBACKUP;SYMRASMAN_REG13_IDENTITYPATH;SYMRASMAN_REG13_IDENTITYPATHBACKUP;SYMRASMAN_REG13_INTERACTIVEUIPATH;SYMRASMAN_REG13_INTERACTIVEUIPATHBACKUP;SYMRASMAN_REG13_PATH;SYMRASMAN_REG13_PATHBACKUP;SYMRASMAN_REG25_CONFIGUIPATH;SYMRASMAN_REG25_CONFIGUIPATHBACKUP;SYMRASMAN_REG25_IDENTITYPATH;SYMRASMAN_REG25_IDENTITYPATHBACKUP;SYMRASMAN_REG25_INTERACTIVEUIPATH;SYMRASMAN_REG25_INTERACTIVEUIPATHBACKUP;SYMRASMAN_REG25_PATH;SYMRASMAN_REG25_PATHBACKUP;SYMREBOOT;SYMSRCDIR;SYMSTARTMENUDIR;SYMVERSIONNT;SYSFERFOUND32;SYSFERFOUND64;TARGETDIR;TEEFERFOUND;TEEFERPENDINGREBOOT;TEEFERVISTA;TEEFERWIN8;TPAR;UNINSTALLREBOOTREQUIRED;USEDCUSTOMINSTALL;USERNAME;UWFENABLED;UWFINSTALLED;VC8B1416CHECK;VC8B42CHECK;VC8B762CHECK;VMWAREDETECTED;WINDOWSFIREWALLSTATE;WSCAVALERT;WSCAVUPTODATE;WSCAVUPTODATELB;WSCCONTROL;WSCONFONLINE;XFER;XFER_TMP
Property(S): MsiHiddenProperties = PROXY_DOMAIN;PROXY_FULL_USER;PROXY_PASSWORD;PROXY_PASSWORD_PLAIN;PROXY_USER;PROXY_USER_PLAIN
Property(S): MsiLogFileLocation = C:\Windows\TEMP\LMIPKG20FE98\msilog_D51E9D1E01D76B5F7E71BE610C3B6CB8.log
Property(S): PackageCode = {049D6CC4-C02B-4475-B87E-00F0BF468235}
Property(S): ProductState = -1
Property(S): PackagecodeChanging = 1
Property(S): CURRENTDIRECTORY = C:\Windows\TEMP\LMIPKG20FE98
Property(S): CLIENTUILEVEL = 3
Property(S): CLIENTPROCESSID = 4508
Property(S): VersionDatabase = 200
Property(S): MsiSystemRebootPending = 1
Property(S): VersionMsi = 5.00
Property(S): VersionNT = 603
Property(S): WindowsBuild = 9600
Property(S): ServicePackLevel = 0
Property(S): ServicePackLevelMinor = 0
Property(S): MsiNTProductType = 1
Property(S): WindowsVolume = C:\
Property(S): SystemFolder = C:\Windows\SysWOW64\
Property(S): RemoteAdminTS = 1
Property(S): TempFolder = C:\Users\NS5\AppData\Local\Temp\
Property(S): ProgramFiles64Folder = C:\Program Files\
Property(S): CommonFiles64Folder = C:\Program Files\Common Files\
Property(S): AppDataFolder = C:\Users\NS5\AppData\Roaming\
Property(S): FavoritesFolder = C:\Users\NS5\Favorites\
Property(S): NetHoodFolder = C:\Users\NS5\AppData\Roaming\Microsoft\Windows\Network Shortcuts\
Property(S): PersonalFolder = C:\Users\NS5\Documents\
Property(S): PrintHoodFolder = C:\Users\NS5\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\
Property(S): RecentFolder = C:\Users\NS5\AppData\Roaming\Microsoft\Windows\Recent\
Property(S): SendToFolder = C:\Users\NS5\AppData\Roaming\Microsoft\Windows\SendTo\
Property(S): TemplateFolder = C:\ProgramData\Microsoft\Windows\Templates\
Property(S): LocalAppDataFolder = C:\Users\NS5\AppData\Local\
Property(S): MyPicturesFolder = C:\Users\NS5\Pictures\
Property(S): AdminToolsFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
Property(S): StartupFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Property(S): StartMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\
Property(S): FontsFolder = C:\Windows\Fonts\
Property(S): GPTSupport = 1
Property(S): OLEAdvtSupport = 1
Property(S): ShellAdvtSupport = 1
Property(S): MsiAMD64 = 6
Property(S): Msix64 = 6
Property(S): Intel = 6
Property(S): PhysicalMemory = 1808
Property(S): VirtualMemory = 1433
Property(S): AdminUser = 1
Property(S): MsiTrueAdminUser = 1
Property(S): LogonUser = NS5
Property(S): UserSID = S-1-5-21-1716720655-350785297-3160252546-1001
Property(S): UserLanguageID = 1033
Property(S): ComputerName = RMS-TEST
Property(S): SystemLanguageID = 1033
Property(S): ScreenX = 1024
Property(S): ScreenY = 768
Property(S): CaptionHeight = 19
Property(S): BorderTop = 1
Property(S): BorderSide = 1
Property(S): TextHeight = 16
Property(S): TextInternalLeading = 3
Property(S): ColorBits = 32
Property(S): TTCSupport = 1
Property(S): Time = 10:08:02
Property(S): Date = 11/2/2019
Property(S): MsiNetAssemblySupport = 4.8.3752.0
Property(S): MsiWin32AssemblySupport = 6.3.18362.1
Property(S): RedirectedDllSupport = 2
Property(S): MsiRunningElevated = 1
Property(S): Privileged = 1
Property(S): USERNAME = NS5
Property(S): DATABASE = C:\Windows\Installer\210dda.msi
Property(S): OriginalDatabase = C:\Windows\TEMP\LMIPKG20FE98\Sep64.msi
Property(S): UILevel = 2
Property(S): ACTION = INSTALL
Property(S): BFEServiceRunning = 1
Property(S): Supports32BitDlls = 1
Property(S): SYMVERSIONNT64 = 1000
Property(S): IdcXmlPath = C:\Windows\Temp\idc.xml
Property(S): PackageIntegrityError = 80070003
Property(S): EMBEDDEDSYSTEM = 0
Property(S): AlreadyElevated = 1
MSI (s) (E0:94) [10:08:02:935]: Note: 1: 1708 
MSI (s) (E0:94) [10:08:02:935]: Product: Symantec Endpoint Protection -- Installation operation failed.

MSI (s) (E0:94) [10:08:02:935]: Windows Installer installed the product. Product Name: Symantec Endpoint Protection. Product Version: 14.2.4815.1101. Product Language: 1033. Manufacturer: Symantec Corporation. Installation success or error status: 1603.

MSI (s) (E0:94) [10:08:02:951]: Deferring clean up of packages/files, if any exist
MSI (s) (E0:94) [10:08:02:951]: MainEngineThread is returning 1603
MSI (s) (E0:C0) [10:08:02:951]: No System Restore sequence number for this installation.
=== Logging stopped: 11/2/2019  10:08:02 ===
MSI (s) (E0:C0) [10:08:02:951]: User policy value 'DisableRollback' is 0
MSI (s) (E0:C0) [10:08:02:951]: Machine policy value 'DisableRollback' is 0
MSI (s) (E0:C0) [10:08:02:951]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (E0:C0) [10:08:02:951]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 
MSI (s) (E0:C0) [10:08:02:966]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 
MSI (s) (E0:C0) [10:08:02:966]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied.  Counter after decrement: -1
MSI (s) (E0:C0) [10:08:02:966]: Destroying RemoteAPI object.
MSI (s) (E0:CC) [10:08:02:966]: Custom Action Manager thread ending.
MSI (c) (9C:08) [10:08:02:966]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied.  Counter after decrement: -1
MSI (c) (9C:08) [10:08:02:966]: MainEngineThread is returning 1603
=== Verbose logging stopped: 11/2/2019  10:08:02 ===

hi everyone

under sepm>policy>virus and spyware protection policy>miscellnious>notifications

i can get the end user to get a message after x amount of days that the definitions are out of date

but i can only get the message to appear once every reboot, not after. is there a way to get the messae to "annoy" the end user to take action? say a few times a day?

thank you

Hi All,

Just a curious question. We found the few of our servers prompted for a reboot as after they were moved to a different OU. Was told that definition update caused or prompted for reboot.

Just wanted to know if a def update can prompt for a reboot ? If yes what kind of def update would cause it ?

Current SEP version : 14.2.3335.1000

Hello,

Just a question. We have false detection Heur.AdvML.B and we are trying to add exception but it doesn't work as File risk exception and also as Application (by Hash). How can we exclude this from scan?

About SEP 14.2 RU1 MP1, could be possible to block any file, using the file's hash?
In fact. I need, to be able to block files by hash regardless of the file type.

I have used 7+ Taskbar Tweaker for many years. It is nhow being falsely detected by Symantec as malicious.

Please can you remove the false positive detection of 7+ Taskbar Tweaker?

Hi guys!

I'm trying to update the definition content from an internal LUA but the client just download the catalog and then show that there are no updates available.

I'm using Endpoint Security Console, Client 14.2.5280.2000, and LUA 2.3.7.51

Hope anyone could help me.

Regards!

Hi 

When I try to use upgrade clients in the management console all the groups are grayed out and some are ticked. The issue with this is servers are ticked and we do not want the upgrade pushed to them. Has anyone else had this?

Thanks

HI,

I need to block block external SCSI drives using SEP device control policy.

i have tried to block but External & Internal Class ID's were same in SEP predefined category (Disk Drives

If i block disk drives category, all internal HDD also got blocked. Is there any option to block this channel

Regards,

Chandrasekhar

Hello,

Does anyone know of Symantec blocking MEKA Ransomware?

It is part of the STOP / Djvu family but could't find specifics.

Any help is appreciated.

Thanks,

Dear all, 

When we click some attachment which contained virus at specific email, symantec protection will detect and show warning message and then it will stored at the path of  C:\Users\anderson\AppData\Local\Microsoft\Windows\Temporary Internet Files. And where can I find it's original email if the user forget what's happen

Thanks a lot.

Hello

In new Symantec Endpoint Protection cloud console I see there are default browser isolation policies for Firefox, IE, Chrome and Edge but not Edge Chromium. How can I get default policy for Edge Beta / Dev versions? It is hard to define every rule for it manually.

Best regards

Dear all, 

When we click some attachment which contained virus at specific email, symantec protection will detect and show warning message and then it will stored at the path of  C:\Users\anderson\AppData\Local\Microsoft\Windows\Temporary Internet Files. And where can I find it's original email if the user forget what's happen

Thanks a lot.

We are wanting to build a new virtual server (2016) to replace the vm server (2008R2). 

Trying to find some good information so I get this down ASAP.  

Hi,

Do anyone have any information on how to integrate SEP15 Cloud with on premis ArcSight SIEM?

Thanks

Something incredible happened today.

Since I've migrated all related devices from SEPM to Cloud management - I've decided to uninstall SEPM on my DC1.

After I uninstalled SEPM, I went to Integration -> Enrollment to remove  the link with SEPM. There was two options:

1. Just to break the link

2. Break the link and remove devices and policies

I've selected second thinking it will remove obsolete SEPM devices and device groups.

However, it also removed Cloud managed devices and device groups.

Bravo.

Now I need to start from scratch for 40 devices and 3 device groups.

Hello guys,

I post this a a challenge/issue that i'm facing, thus we have SEP on our working Environment as the protection for all endpoints.

Also we have NEXUS Tenable tool for Vuleneability scanning torwads our endpoints. Thus I'm facing an issue that Tenable is blocked by SEP and fails to scan the endpoints especially servers.

Kindly how can i whitelist Tenable IP or how can i resolve this...?

Hello,

did anyone ever face the problem that a risk event keeps coming up via email but the actual file has been quarantined long time ago and running a full scan does not find anything? The event seems to be stuck somewhere in the database and is not cleared.

Any ideas?

Thanks in advance.