Is there any way in the SEPM to pull windows settings: I am especially looking to pull the windows list in the network with windows Firwewall turned on or off .
Windows settings query with SEPM
symantec analysis issue of file
Dear all,
After send file to symantec analysis, and it feedback the file is clean. But why it still detected security warning by symantec . It should be white list.
error code 0x80070003 when deploying through LogMeIn?
I'm testing software deployment through LogMeIn and is getting this error when I tried to run the SEP64.msi
>
Output truncated..
Endpoint Protection -- The installer integrity check failed with error code 0x80070003. Common causes for this failure include an incomplete download, damaged media, or problems with the Trusted Root certificate store.
The installer integrity check failed with error code 0x80070003. Common causes for this failure include an incomplete download, damaged media, or problems with the Trusted Root certificate store.
Action ended 10:08:02: LaunchConditions. Return value 3.
Action ended 10:08:02: INSTALL. Return value 3.
Property(S): UpgradeCode = {F7BE9C8A-C2E6-470D-B703-0A1845E6FF8C}
Property(S): IEVERSION = 9.11.18362.0
Property(S): CLOUDMANAGED = 0
Property(S): OS_SUPPORTS_UI = C:\Windows\explorer.exe
Property(S): SYMRASMAN_REG13_PATH = C:\Windows\System32\rastls.dll
Property(S): SYMRASMAN_REG13_INTERACTIVEUIPATH = C:\Windows\System32\rastls.dll
Property(S): SYMRASMAN_REG13_CONFIGUIPATH = C:\Windows\System32\rastls.dll
Property(S): SYMRASMAN_REG13_IDENTITYPATH = C:\Windows\System32\rastls.dll
Property(S): SYMRASMAN_REG25_PATH = C:\Windows\System32\rastls.dll
Property(S): SYMRASMAN_REG25_INTERACTIVEUIPATH = C:\Windows\System32\rastls.dll
Property(S): SYMRASMAN_REG25_CONFIGUIPATH = C:\Windows\System32\rastls.dll
Property(S): SYMRASMAN_REG25_IDENTITYPATH = C:\Windows\System32\rastls.dll
Property(S): DEFENDERFOUND = Microsoft Windows Defender
Property(S): ProductName = Symantec Endpoint Protection
Property(S): ProductDisplayName = Symantec Endpoint Protection
Property(S): ProductVersion = 14.2.4815.1101
Property(S): OPTOUTREPSUBMISSION = 0
Property(S): ENABLEAUTOPROTECT = 1
Property(S): DISABLEDEFENDER = 1
Property(S): RUNLIVEUPDATE = 1
Property(S): IDCENABLE = 1
Property(S): VersionNT64 = 603
Property(S): ReducedSizeButton = 0
Property(S): SetupType = Typical
Property(S): _IsSetupTypeMin = Typical
Property(S): AgreeToLicense = No
Property(S): _IsMaintenance = Change
Property(S): RestartManagerOption = CloseRestart
Property(S): SMSName = SepMasterService
Property(S): SMSDescription = Symantec Endpoint Protection
Property(S): InUISequence = 0
Property(S): CACHE_INSTALLER = 1
Property(S): REBOOT = ReallySuppress
Property(S): System64Folder = C:\Windows\system32\
Property(S): REQUEST_LICENSE = false
Property(S): ProgramFilesFolder = C:\Program Files (x86)\
Property(S): WindowsFolder = C:\Windows\
Property(S): CommonFilesFolder = C:\Program Files (x86)\Common Files\
Property(S): SourceDir = C:\Windows\TEMP\LMIPKG20FE98\
Property(S): CommonAppDataFolder = C:\ProgramData\
Property(S): ProgramMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
Property(S): DesktopFolder = C:\Users\Public\Desktop\
Property(S): ALLUSERS = 1
Property(S): APPTYPE = 105
Property(S): LUMoniker = {57201BD7-52EE-4841-8368-05C54B1F44DC}
Property(S): SecurityUpdatesMoniker = {01004CAE-0A4B-0378-65D4-6282A66CD075}
Property(S): CloudAutoupgradeMoniker = {33769587-5823-4393-8BC7-82ACF5EAC8FE}
Property(S): ARPSYSTEMCOMPONENT = 1
Property(S): INSTALLLEVEL = 100
Property(S): MSIENFORCEUPGRADECOMPONENTRULES = 1
Property(S): Manufacturer = Symantec Corporation
Property(S): ProductCode = {EDDFA2FE-A36E-4C80-8060-14A2141F8882}
Property(S): ProductLanguage = 1033
Property(S): IDCDATASERVER = tses.symantec.com
Property(S): IDCDATALOC = /incoming
Property(S): IDCDEPLOYMENT = Local
Property(S): IDCEXTRAINFO = 0
Property(S): MAXMIGRATIONDELAY = 60
Property(S): MIGRATIONDELAY = 30
Property(S): MsiLogging = voicewarmupx
Property(S): MSIRESTARTMANAGERCONTROL = Disable
Property(S): SMSLongDescription = Provides malware and threat protection for Symantec Endpoint Protection
Property(S): SymMigrationRebootMessage = To provide complete protection, Symantec Endpoint Protection requires this computer to restart.
Property(S): SymRebootAtEndMessage = To provide complete protection, Symantec Endpoint Protection requires this computer to restart.
Property(S): InstallCompleteMessage = The installation has completed successfully
Property(S): ShowServiceProgressMessage = Executing install script via service
Property(S): ShowServiceProgress_RBMessage = Executing rollback script via service
Property(S): SiloGUID = {2DC5761D-FECC-4832-B9C5-67CA39DE7369}
Property(S): SILO_REGHIVE = SOFTWARE\Symantec\Symantec Endpoint Protection
Property(S): HIGHCONTRAST = 0
Property(S): SYM_MAJOR_UPGRADE = 0
Property(S): SEPLicprop = SB
Property(S): SEPLicpropReg = sepsb
Property(S): SYMLICENSETYPE = 0
Property(S): SYMLICENSETYPESTRING = sepe
Property(S): MIGLICENSETYPE = 0
Property(S): LOADEDDRIVERSFOUND = 0
Property(S): RESOLVEFEATURES = 0
Property(S): InstallingToReparse = 0
Property(S): SYMCOMPRESSFOLDERS = 1
Property(S): VMWAREDETECTED = 0
Property(S): RegSilo = HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\{2DC5761D-FECC-4832-B9C5-67CA39DE7369}
Property(S): SepmDataDir =
Property(S): SepmInstallDir =
Property(S): TempExportFolder = C:\Users\NS5\AppData\Local\Temp\a2d66d03-3a18-4075-b840-912cfea12508
Property(S): ValidInstallDir = 0
Property(S): CACHEINSTALL = 1
Property(S): MIGRATESETTINGS = 1
Property(S): CMC_PRODUCT_BUILD = #1101
Property(S): CMC_PRODUCT_VERSION = 14.2
Property(S): Managed_Client_Type = Unmanaged
Property(S): ADDSTARTMENUICON = 1
Property(S): SEPORSNAC = 1
Property(S): PROXY_TYPE = 1
Property(S): PROXY_SERVER =
Property(S): PROXY_HTTP_PORT = 0
Property(S): PROXY_HTTPS_PORT = 0
Property(S): PROXY_USER = **********
Property(S): PROXY_DOMAIN = **********
Property(S): PROXY_FULL_USER = **********
Property(S): PROXY_PASSWORD = **********
Property(S): ALLOW_FALLBACK = 1
Property(S): PROXY_AUTH_TYPE = 0
Property(S): PROXY_USER_PLAIN = **********
Property(S): PROXY_PASSWORD_PLAIN = **********
Property(S): SymRasManDefine = SymRasMan
Property(S): ErrorDialog = SetupError
Property(S): ApplicationUsers = AllUsers
Property(S): DefaultUIFont = Tahoma8
Property(S): ProgressType0 = install
Property(S): ProgressType1 = Installing
Property(S): ProgressType2 = installed
Property(S): ProgressType3 = installs
Property(S): SBE_Feature_Set = Typical
Property(S): INSTALLSYMELAM = 1
Property(S): DcsPolicyName = SISIPS
Property(S): IPS_ENABLE = true
Property(S): AGENT_PORT = 443
Property(S): PROTOCOL = https
Property(S): OS_FEATURES = PD
Property(S): Charset = UTF-8
Property(S): POLLING_INTERVAL = 300
Property(S): NOTIFICATION_ENABLE = true
Property(S): NOTIFICATION_PORT = 2222
Property(S): POLICY_FALLBACK = false
Property(S): DRIVER_LOG_FILE = SISIPS.log
Property(S): DRIVER_LOG_PROFILE = SISIPSProfile.log
Property(S): AGENT_POLICY = NULL
Property(S): LibSepCommon = 1
Property(S): HITYPE = 0
Property(S): LOCATIONSENSOR = 0
Property(S): REVERSEDNS = 0
Property(S): WSCAVALERT = 1
Property(S): WSCAVUPTODATE = 7
Property(S): WSCAVUPTODATELB = 30
Property(S): WSCCONTROL = 0
Property(S): LibSep64 = 1
Property(S): SYMVERSIONNT = 1000
Property(S): SysPlantStartType = disabled
Property(S): LibSnac64 = 1
Property(S): ForeFrontSupportProp = http://service1.symantec.com/SUPPORT/ent-security....
Property(S): LaunchBrowserProp = Rundll32.Exe url.Dll,FileProtocolHandler
Property(S): Lang = 1033
Property(S): LiveUpdateVars = 1
Property(S): SecureCustomProperties = ADDLOCAL;ADDSTARTMENUICON;AGENT_NAME;AGENT_POLICY;AGENT_PORT;AGENT_SECURITY_GROUP;ALLOW_FALLBACK;ALT_MANAGEMENT_SERVERS;AMBERPLUSFOUND;AMBERSNACPLUSFOUND;APPDATAINSTALL;APPDATAINSTALLLOGS;APPDATAINSTALLSCRIPTS;APPDATALOGS;APPLOGS;APTEMP;ARPESTSIZE;AVLOGS;BADPATTS;CACHE_INSTALLER;CACHED_INSTALLS;CACHEINSTALL;CLOUDMANAGED;CMC_PRODUCT_BUILD;CMC_PRODUCT_VERSION;COMPANYNAME;CONFIGDIR;CONTENTCACHE;CONTENTMIGRATION;DARKNETWORK;DB;DECTEMP;DEFENDERFOUND;DISABLEDEFENDER;DONOTSETSYMQUALLOCALDUMPS;DOWNLOAD;DRIVER_LOG_FILE;DRIVER_LOG_PROFILE;EMBEDDEDMINFEATURES;EMBEDDEDSYSTEM;ENABLEAUTOPROTECT;EWFAPIFOUND;EWFENABLED;EWFINSTALLED;EXCHANGEFOUND;FBWFENABLED;FBWFINSTALLED;FEATURESTATEDIR;FOREFRONEXCFOUND;FOREFRONTTMGFOUND;FOUNDBROWSERPROTECTIONLITE;FOUNDLIVEUPDTHST;FOUNDSEPSLF;FOUNDSETTINGSHOSTSLIVEUPDATE;FOUNDSNACSLF;HELP;HITYPE;HOSTNAME;I2_LDVP.VDB;IDCDATALOC;IDCDATASERVER;IDCDEPLOYMENT;IDCENABLE;IDCEXTRAINFO;IDS_POLICY_FILE;IEVERSION;INSTALLEDPRODUCTTYPE;INSTALLSCRIPTS;INSTALLSYMELAM;IPS_ENABLE;JAGUARSNACPLUSFOUND;LANG1033;LEGACYSEA_NM;LEGACYSEA_NM1;LEGACYSEA_NM2;LIVEUPDATE;LOADEDDRIVERSFOUND;LOCATIONSENSOR;LOWBANDWIDTH;MANAGEMENT_SERVER;MAXMIGRATIONDELAY;MIGLICENSETYPE;MIGRATESETTINGS;MIGRATIONDELAY;MIGRATIONPENDINGREBOOT;MSIRESTARTMANAGERCONTROL;NEWERFOUND;NEWERSNACFOUND;NORTON64FOUND;NORTONAV;NORTONAVPRO;NORTONFOUND;NOTIFICATION_ENABLE;NOTIFICATION_PORT;OLDAPPDATADIR;OLDERFOUND;OLDPRODUCTCLOUDMANAGED;OLDPRODUCTDARKNETWORK;OLDPRODUCTMANAGED;OLDPRODUCTREDUCEDSIZE;OLDPRODUCTVERSION;OLDSILOFOUND;OPTOUTREPSUBMISSION;OS_FEATURES;OS_SUPPORTS_UI;OUTLOOKFOUND;PARTIALCONTENT;PARTIALUPGRADE;PENDINGMODULEREMOVAL;PERSISTEDDATA;POLICY_FALLBACK;POLLING_INTERVAL;PREAMBERFOUND;PREAMBERSNACFOUND;PREHAMLETFOUND;PRODUCTINSTALLDIR;PRODUCTINSTALLDIRINSETAID;PROTOCOL;PROXY_AUTH_TYPE;PROXY_DOMAIN;PROXY_FULL_USER;PROXY_HTTP_PORT;PROXY_HTTPS_PORT;PROXY_PASSWORD;PROXY_PASSWORD_PLAIN;PROXY_SERVER;PROXY_TYPE;PROXY_USER;PROXY_USER_PLAIN;QUARANTINE;REDUCEDSIZE;REGFILTERINSTALLED;REINSTALL;REMOVE;REQUEST_LICENSE;RES;RESOLVEFEATURES;REVERSEDNS;ROOTDRIVE;RUNLIVEUPDATE;SAVCORP7XFOUND;SAVFOUND;SAVMIGINSTDIR;SAVSMIGFOLDER;SCSMIGINSTDIR;SDIDATFOUND;SEAMIGINSTDIR;SEPMIGINSTDIR;SEPORSNAC;SERDEFDATFOUND;SILO_REGHIVE;SISFAILED;SMCLU;SNACFOUND;SNACMIGINSTDIR;SNACNPFOUND32;SNACNPFOUND64;SOURCEDIR;SPA51BLOCK;SPAFOUND;SPMXMLFOUND;STATEDIR;STATICDATA;SYLINKSRCDIR;SYM_MAJOR_UPGRADE;SYMCOMPRESSFOLDERS;SYMFORCEFAIL;SYMFORCEFAILPHASE;SYMLICENSETYPE;SYMLICENSETYPESTRING;SYMRASMAN_REG13_CONFIGUIPATH;SYMRASMAN_REG13_CONFIGUIPATHBACKUP;SYMRASMAN_REG13_IDENTITYPATH;SYMRASMAN_REG13_IDENTITYPATHBACKUP;SYMRASMAN_REG13_INTERACTIVEUIPATH;SYMRASMAN_REG13_INTERACTIVEUIPATHBACKUP;SYMRASMAN_REG13_PATH;SYMRASMAN_REG13_PATHBACKUP;SYMRASMAN_REG25_CONFIGUIPATH;SYMRASMAN_REG25_CONFIGUIPATHBACKUP;SYMRASMAN_REG25_IDENTITYPATH;SYMRASMAN_REG25_IDENTITYPATHBACKUP;SYMRASMAN_REG25_INTERACTIVEUIPATH;SYMRASMAN_REG25_INTERACTIVEUIPATHBACKUP;SYMRASMAN_REG25_PATH;SYMRASMAN_REG25_PATHBACKUP;SYMREBOOT;SYMSRCDIR;SYMSTARTMENUDIR;SYMVERSIONNT;SYSFERFOUND32;SYSFERFOUND64;TARGETDIR;TEEFERFOUND;TEEFERPENDINGREBOOT;TEEFERVISTA;TEEFERWIN8;TPAR;UNINSTALLREBOOTREQUIRED;USEDCUSTOMINSTALL;USERNAME;UWFENABLED;UWFINSTALLED;VC8B1416CHECK;VC8B42CHECK;VC8B762CHECK;VMWAREDETECTED;WINDOWSFIREWALLSTATE;WSCAVALERT;WSCAVUPTODATE;WSCAVUPTODATELB;WSCCONTROL;WSCONFONLINE;XFER;XFER_TMP
Property(S): MsiHiddenProperties = PROXY_DOMAIN;PROXY_FULL_USER;PROXY_PASSWORD;PROXY_PASSWORD_PLAIN;PROXY_USER;PROXY_USER_PLAIN
Property(S): MsiLogFileLocation = C:\Windows\TEMP\LMIPKG20FE98\msilog_D51E9D1E01D76B5F7E71BE610C3B6CB8.log
Property(S): PackageCode = {049D6CC4-C02B-4475-B87E-00F0BF468235}
Property(S): ProductState = -1
Property(S): PackagecodeChanging = 1
Property(S): CURRENTDIRECTORY = C:\Windows\TEMP\LMIPKG20FE98
Property(S): CLIENTUILEVEL = 3
Property(S): CLIENTPROCESSID = 4508
Property(S): VersionDatabase = 200
Property(S): MsiSystemRebootPending = 1
Property(S): VersionMsi = 5.00
Property(S): VersionNT = 603
Property(S): WindowsBuild = 9600
Property(S): ServicePackLevel = 0
Property(S): ServicePackLevelMinor = 0
Property(S): MsiNTProductType = 1
Property(S): WindowsVolume = C:\
Property(S): SystemFolder = C:\Windows\SysWOW64\
Property(S): RemoteAdminTS = 1
Property(S): TempFolder = C:\Users\NS5\AppData\Local\Temp\
Property(S): ProgramFiles64Folder = C:\Program Files\
Property(S): CommonFiles64Folder = C:\Program Files\Common Files\
Property(S): AppDataFolder = C:\Users\NS5\AppData\Roaming\
Property(S): FavoritesFolder = C:\Users\NS5\Favorites\
Property(S): NetHoodFolder = C:\Users\NS5\AppData\Roaming\Microsoft\Windows\Network Shortcuts\
Property(S): PersonalFolder = C:\Users\NS5\Documents\
Property(S): PrintHoodFolder = C:\Users\NS5\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\
Property(S): RecentFolder = C:\Users\NS5\AppData\Roaming\Microsoft\Windows\Recent\
Property(S): SendToFolder = C:\Users\NS5\AppData\Roaming\Microsoft\Windows\SendTo\
Property(S): TemplateFolder = C:\ProgramData\Microsoft\Windows\Templates\
Property(S): LocalAppDataFolder = C:\Users\NS5\AppData\Local\
Property(S): MyPicturesFolder = C:\Users\NS5\Pictures\
Property(S): AdminToolsFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
Property(S): StartupFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Property(S): StartMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\
Property(S): FontsFolder = C:\Windows\Fonts\
Property(S): GPTSupport = 1
Property(S): OLEAdvtSupport = 1
Property(S): ShellAdvtSupport = 1
Property(S): MsiAMD64 = 6
Property(S): Msix64 = 6
Property(S): Intel = 6
Property(S): PhysicalMemory = 1808
Property(S): VirtualMemory = 1433
Property(S): AdminUser = 1
Property(S): MsiTrueAdminUser = 1
Property(S): LogonUser = NS5
Property(S): UserSID = S-1-5-21-1716720655-350785297-3160252546-1001
Property(S): UserLanguageID = 1033
Property(S): ComputerName = RMS-TEST
Property(S): SystemLanguageID = 1033
Property(S): ScreenX = 1024
Property(S): ScreenY = 768
Property(S): CaptionHeight = 19
Property(S): BorderTop = 1
Property(S): BorderSide = 1
Property(S): TextHeight = 16
Property(S): TextInternalLeading = 3
Property(S): ColorBits = 32
Property(S): TTCSupport = 1
Property(S): Time = 10:08:02
Property(S): Date = 11/2/2019
Property(S): MsiNetAssemblySupport = 4.8.3752.0
Property(S): MsiWin32AssemblySupport = 6.3.18362.1
Property(S): RedirectedDllSupport = 2
Property(S): MsiRunningElevated = 1
Property(S): Privileged = 1
Property(S): USERNAME = NS5
Property(S): DATABASE = C:\Windows\Installer\210dda.msi
Property(S): OriginalDatabase = C:\Windows\TEMP\LMIPKG20FE98\Sep64.msi
Property(S): UILevel = 2
Property(S): ACTION = INSTALL
Property(S): BFEServiceRunning = 1
Property(S): Supports32BitDlls = 1
Property(S): SYMVERSIONNT64 = 1000
Property(S): IdcXmlPath = C:\Windows\Temp\idc.xml
Property(S): PackageIntegrityError = 80070003
Property(S): EMBEDDEDSYSTEM = 0
Property(S): AlreadyElevated = 1
MSI (s) (E0:94) [10:08:02:935]: Note: 1: 1708
MSI (s) (E0:94) [10:08:02:935]: Product: Symantec Endpoint Protection -- Installation operation failed.
MSI (s) (E0:94) [10:08:02:935]: Windows Installer installed the product. Product Name: Symantec Endpoint Protection. Product Version: 14.2.4815.1101. Product Language: 1033. Manufacturer: Symantec Corporation. Installation success or error status: 1603.
MSI (s) (E0:94) [10:08:02:951]: Deferring clean up of packages/files, if any exist
MSI (s) (E0:94) [10:08:02:951]: MainEngineThread is returning 1603
MSI (s) (E0:C0) [10:08:02:951]: No System Restore sequence number for this installation.
=== Logging stopped: 11/2/2019 10:08:02 ===
MSI (s) (E0:C0) [10:08:02:951]: User policy value 'DisableRollback' is 0
MSI (s) (E0:C0) [10:08:02:951]: Machine policy value 'DisableRollback' is 0
MSI (s) (E0:C0) [10:08:02:951]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (E0:C0) [10:08:02:951]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (E0:C0) [10:08:02:966]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (E0:C0) [10:08:02:966]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (s) (E0:C0) [10:08:02:966]: Destroying RemoteAPI object.
MSI (s) (E0:CC) [10:08:02:966]: Custom Action Manager thread ending.
MSI (c) (9C:08) [10:08:02:966]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (c) (9C:08) [10:08:02:966]: MainEngineThread is returning 1603
=== Verbose logging stopped: 11/2/2019 10:08:02 ===
out of date definitions message
hi everyone
under sepm>policy>virus and spyware protection policy>miscellnious>notifications
i can get the end user to get a message after x amount of days that the definitions are out of date
but i can only get the message to appear once every reboot, not after. is there a way to get the messae to "annoy" the end user to take action? say a few times a day?
thank you
Definitions Causing a reboot
Hi All,
Just a curious question. We found the few of our servers prompted for a reboot as after they were moved to a different OU. Was told that definition update caused or prompted for reboot.
Just wanted to know if a def update can prompt for a reboot ? If yes what kind of def update would cause it ?
Current SEP version : 14.2.3335.1000
Heur.AdvML.B detection - adding to exceptions policy
Hello,
Just a question. We have false detection Heur.AdvML.B and we are trying to add exception but it doesn't work as File risk exception and also as Application (by Hash). How can we exclude this from scan?
block any files by hash
About SEP 14.2 RU1 MP1, could be possible to block any file, using the file's hash?
In fact. I need, to be able to block files by hash regardless of the file type.
Remove false positive detection of 7+ Taskbar Tweaker.
I have used 7+ Taskbar Tweaker for many years. It is nhow being falsely detected by Symantec as malicious.
Please can you remove the false positive detection of 7+ Taskbar Tweaker?
Update SEP 15 Client using LUA
Hi guys!
I'm trying to update the definition content from an internal LUA but the client just download the catalog and then show that there are no updates available.
I'm using Endpoint Security Console, Client 14.2.5280.2000, and LUA 2.3.7.51
Hope anyone could help me.
Regards!
Upgrades client With packages, groups are grayed out
Hi
When I try to use upgrade clients in the management console all the groups are grayed out and some are ticked. The issue with this is servers are ticked and we do not want the upgrade pushed to them. Has anyone else had this?
Thanks
Need to Block External SCSI Drives
HI,
I need to block block external SCSI drives using SEP device control policy.
i have tried to block but External & Internal Class ID's were same in SEP predefined category (Disk Drives
If i block disk drives category, all internal HDD also got blocked. Is there any option to block this channel
Regards,
Chandrasekhar
Meka Ransomware Protection
Hello,
Does anyone know of Symantec blocking MEKA Ransomware?
It is part of the STOP / Djvu family but could't find specifics.
Any help is appreciated.
Thanks,
symantec solution of file analysis
Dear all,
When we click some attachment which contained virus at specific email, symantec protection will detect and show warning message and then it will stored at the path of C:\Users\anderson\AppData\Local\Microsoft\Windows\Temporary Internet Files. And where can I find it's original email if the user forget what's happen
Thanks a lot.
Edge Chromium policy
Hello
In new Symantec Endpoint Protection cloud console I see there are default browser isolation policies for Firefox, IE, Chrome and Edge but not Edge Chromium. How can I get default policy for Edge Beta / Dev versions? It is hard to define every rule for it manually.
Best regards
symantec solution of file analysis
Dear all,
When we click some attachment which contained virus at specific email, symantec protection will detect and show warning message and then it will stored at the path of C:\Users\anderson\AppData\Local\Microsoft\Windows\Temporary Internet Files. And where can I find it's original email if the user forget what's happen
Thanks a lot.
SEP on Server 2008 R2 transfer to new build Server 2016
We are wanting to build a new virtual server (2016) to replace the vm server (2008R2).
Trying to find some good information so I get this down ASAP.
SEP15 integration with ArcSight
Hi,
Do anyone have any information on how to integrate SEP15 Cloud with on premis ArcSight SIEM?
Thanks
Lost all device groups and policies
Something incredible happened today.
Since I've migrated all related devices from SEPM to Cloud management - I've decided to uninstall SEPM on my DC1.
After I uninstalled SEPM, I went to Integration -> Enrollment to remove the link with SEPM. There was two options:
1. Just to break the link
2. Break the link and remove devices and policies
I've selected second thinking it will remove obsolete SEPM devices and device groups.
However, it also removed Cloud managed devices and device groups.
Bravo.
Now I need to start from scratch for 40 devices and 3 device groups.
SEP Blocked Nexus -Tenable from SCANNING:
Hello guys,
I post this a a challenge/issue that i'm facing, thus we have SEP on our working Environment as the protection for all endpoints.
Also we have NEXUS Tenable tool for Vuleneability scanning torwads our endpoints. Thus I'm facing an issue that Tenable is blocked by SEP and fails to scan the endpoints especially servers.
Kindly how can i whitelist Tenable IP or how can i resolve this...?
New risk event does not get cleared
Hello,
did anyone ever face the problem that a risk event keeps coming up via email but the actual file has been quarantined long time ago and running a full scan does not find anything? The event seems to be stuck somewhere in the database and is not cleared.
Any ideas?
Thanks in advance.