Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all 10484 articles
Browse latest View live

Symantec Endpoint Protection: Untrusted Search Path (CVE-2018-18369)

December 10, 2019, 6:43 am
$
0
0
I need a solution

Our corporate security scan detected the following Symantec Endpoint Protection vulnerability on over 70 windows 2012r2 servers and 50 Windows 7/10 clients- Symantec Endpoint Protection: Untrusted Search Path (CVE-2018-18369)

The suggested solution is:  

  • symantec-endpoint-protection-upgrade-14_2_3332_1000

So, here's my question:  We have version 14.2.758.0000.105 installed on our servers and clients.  Yet, the solution states to upgrade to 14.2.3332.1000.  Doesn't make sense.  It's a lower version.

Has anyone else seen this?  If so, what can I do?

0
Search

atualização para versão 14 anti virus

December 10, 2019, 7:57 am
$
0
0
I need a solution

não estamos conseguindo baixar , a versão poderia nos ajudar?

A Symantec está com um sistema de login único através do portal - https://login.symantec.com/sso/idp/SAML2

Por favor, tente fazer o cadastro ou reset da conta pelo email da Informatica.

Informações do produto e manutenção

DETALHES DO PEDIDO

Nome do usuário final

REGSA METALURGICA INDUSTRIA E COMERCIO DE MOLAS LTDA

Endereço

AVENIDA CACHOEIRA 917 951 953 E 955 BARUERI SP BR 06413-000

Email do usuário final

INFORMATICA@REGSA.COM.BR

Número de cliente do usuário final

665786

ID do suporte

1871438

Número do pedido

US0000368302

DETALHES DO PARCEIRO

Nome do parceiro

ACORP DO BRASIL IMPORTACAO E EXPORTACAO LIMITADA

Endereço

Av. das Americas, 500 Bloco 10 Sala 304 Barra da Tijuca Rio de Janeiro BR 20030-001

Número do parceiro

175873

OC do parceiro

AC0681-19BCB1

VAR

TRENDON SOLUTION

0

symantec analysis

December 10, 2019, 8:08 pm
$
0
0
I need a solution

Dear all, 

How about the SMG.Heur!gen Malware and Remacc.Amyy Security Risk , is there influence for computers and network? Thanks a lot.

0

SEP client showing as out-of-date

December 5, 2019, 2:02 am
$
0
0
I need a solution

Hi, we were running SEP14.2 RU1MP1. The SEP Manager is running fine and is distributing updates to the SEP clients. The clients show that they are connected to the SEP Manager and are receiving updates and policies. The issue is that when you open the SEP client GUI, it says that the client is out of date. Virus and Spyware, PTP and NTP updates are all up-to-date. I have checked between the Endpoint client, SEP Manager, and from Symantec site. They are all the same with the latest definitions update versions. What can I check for? What is causing this issue? We do not even see the green dots on the SEP client icon as the client thinks that it is out-of-date. Note, it is happening on all the SEP clients. We have upgrared to SEP14.2RU2. The issue still exists.

 Thanks in advanced, MabundaG

0

symantec analysis

December 10, 2019, 8:08 pm
$
0
0
I need a solution

Dear all, 

How about the SMG.Heur!gen Malware and Remacc.Amyy Security Risk , is there influence for computers and network? Thanks a lot.

0

Client Deployment Wizard won't download client install package

December 11, 2019, 6:49 am
$
0
0
I need a solution

Hi folks,

I'm having an issue when creating an client install package for domains we manage.

The client deployment wizard opens, I select new package deployment, select the group and install feature sets I want, they I choose to Save Package,  then I choose single.exe file, but there is no option to browse to where we can save/download the setup.exe. The installation file creates but doesn't download.

This never happened on previous versions of SEPM. Only when upgraded to 14.2 RU2.

Anybody got a solution to this?

TIA,

Simon

0

How to install SEP Package in the SEPM endpoint

December 10, 2019, 4:57 pm
$
0
0
I need a solution

Good day everyone, I have a working SEPM and all SEP clients across my infrastructure are communication properly to this SEPM. My question would be how can I install the SEP on the Windows 2016 server where I also have my SEPM client installed. I noticed that this server is not protected by SEP and if I add this Win2016 server in the Clients -> Install a client -> (and the entire wizard of adding and remote pushing SEP), at the end of the process, it will just fail. So I just want to install SEP manually be it managed or un-managed. Thanks a lot folks!

0

Chrome Version 79.0.3945.79 Aw, Snap

December 10, 2019, 8:42 pm
Search

Installing Windows clients with Microsoft SCCM/SMS

December 11, 2019, 7:42 am
$
0
0
I do not need a solution (just sharing information)

Follow “Steps1” to “Step 4” from below procedures provided by Symantec Support.

Step

Description

Step 1

Export a managed client installation package from Symantec Endpoint Protection Manager that contains the software and policies to install on your client computers. By default, a managed client installation package contains a file named Sylink.xml, which identifies the server that manages the clients.

Step 2

Create a source directory and copy the Symantec client installation package into that source directory. For example, you would create a source directory and copy the Setup.exe file that you exported from Symantec Endpoint Protection Manager.

Step 3

In SCCM/SMS, create a custom package, name the package, and identify the source directory as part of the package.

Step 4

Configure the Program dialog box for the package to specify the executable that starts the installation process, and possibly specify the MSI with parameters.

Once you completed the above procedures, follow below recommendations.

Step

Description

Step 5

Open System Center Configuration Manager (SCCM) 2016Console and look for Applications from the Software Library.

  • Click Software Library, Overview, Application Management;

Step 6

Right Click, Applications and select CreateApplication

Step 7

Create Application Wizard will open

  1. From General, select Automatically detect information about this application from installation files;
  2. Click Browse and locate any dummy MSI file, then
  3. Click Next

Step 8

From Import Information, Click Next

Step 9

From General Information

  • Enter the Application details;
  • Select Install for system if resource is device; otherwise install for user; then
  • Click Next

Step 10

From Summary, Click Next

 

Step 11

From Completion Window, Click Close to complete the Application Wizard.

Symantec EndPoint Protection Application is now created with below details.

Step 12

From Applications List;

  • Right Click on Symantec EndPoint Protection; then
  • Select Properties

Step 13

From Symantec EndPoint Protection Properties

  • Look for Deployment Types;
  • Click Add;
  • Then follow Create Deployment Type Wizard

Step 14

Create Deployment Type Wizard will open

  • From Specific settings for this deployment type, Select Script Installer from the dropdown;

Step 15

From General Information

  • Enter Name and Administration comments; then
  • Click Next

Step 16

From Content,

  • From Content locations, click Browse then locate the location of Setup.exe;
    • Sample: \\sccm01\Sources\Applications\Symantec\Client Installations\My Company_Head Office_WIN64BIT
  • From specify the command used to install this content, Click Browse, select Setup.exe file; then
  • Click Next

Step 17

From Detection Method

  • Click Add Clause

Step 18

Detection Rule Pop-up will open,

  • From Specify the file or folder to detect this application,
    • Click Browse, locate the Setup.exe file from local SCCM folder;
    • Click Ok twice; then
    • Click Next

Step 19

From User Experience,

  • Select Install for system if resource is device; otherwise install for user;
  • Click Next four times until Completion; then
  • Click Close

Step 20

From Symantec EndPoint Protection Properties

  • Delete the MSI File;
  • Click Yes; then
  • Click OK

Note* Make sure to keep Symantec EndPoint Protection with Script Type only.

Now you have working Symantec EndPoint Protection application and start deploying

0

How can I get a list of clients that are listed in Symantec Endpoint Protection Manager 14.1 ?

December 6, 2019, 9:01 am
$
0
0
I need a solution

Hi,

We have SEP 14.1 running in our environment of around 4000 clients. We have close to 30 SEP Groups inside SEPM. We are currently need to generate a report of all clients,

Wha I  want is to have a list of all the clients reporting to Symantec Endpoint Protection Manager just getting the list from  My Company group.

Is that possible ?

 

Thank you

 

0

atualização para versão 14 anti virus

December 10, 2019, 7:57 am
$
0
0
I need a solution

não estamos conseguindo baixar , a versão poderia nos ajudar?

A Symantec está com um sistema de login único através do portal - https://login.symantec.com/sso/idp/SAML2

Por favor, tente fazer o cadastro ou reset da conta pelo email da Informatica.

Informações do produto e manutenção

DETALHES DO PEDIDO

Nome do usuário final

REGSA METALURGICA INDUSTRIA E COMERCIO DE MOLAS LTDA

Endereço

AVENIDA CACHOEIRA 917 951 953 E 955 BARUERI SP BR 06413-000

Email do usuário final

INFORMATICA@REGSA.COM.BR

Número de cliente do usuário final

665786

ID do suporte

1871438

Número do pedido

US0000368302

DETALHES DO PARCEIRO

Nome do parceiro

ACORP DO BRASIL IMPORTACAO E EXPORTACAO LIMITADA

Endereço

Av. das Americas, 500 Bloco 10 Sala 304 Barra da Tijuca Rio de Janeiro BR 20030-001

Número do parceiro

175873

OC do parceiro

AC0681-19BCB1

VAR

TRENDON SOLUTION

0

How can I get a list of clients that are listed in Symantec Endpoint Protection Manager 14.1 ?

December 6, 2019, 9:01 am
$
0
0
I need a solution

Hi,

We have SEP 14.1 running in our environment of around 4000 clients. We have close to 30 SEP Groups inside SEPM. We are currently need to generate a report of all clients,

Wha I  want is to have a list of all the clients reporting to Symantec Endpoint Protection Manager just getting the list from  My Company group.

Is that possible ?

 

Thank you

 

0

Questions on Memory Exploit Mitigation

December 11, 2019, 9:02 pm
$
0
0
I need a solution

Hello there,

We are planning to enable MEM protection in our environment with on-prem SEPM. I have gone through a few articles listed below for Memory exploit mitigation but still have a few queries. Can someone please help me on this ? Thanks.

1.  Currently MEM policy is conifgured as "Set the protection action for all techniques to log only" but I don't find any logs related to MEM in SEPM (Monitors > Logs > Network and Host Exploit Mitigation log type > Memory Exploit Mitigation log content > View Log). Does that mean MEM doesn't see any exploits from the listed applications ?

2. Does MEM protects both 32 bit & 64 bit applications running on 32 bit or 64 bit operating systems ?

3. I see some posts and articles where MEM blocks the legitimate applications, causing the applications to crash etc.. So MEM detections are more of false positivies ?

4. Is it advisable to enable MEM protection in production environment ?

Articles I checked so far:

https://support.symantec.com/us/en/article.howto127047.html

https://support.symantec.com/us/en/article.howto127057.html#v121578842

https://support.symantec.com/us/en/article.HOWTO127178.html

https://support.symantec.com/us/en/article.TECH251437.html

Let me know if there are any other MEM articles which will be helpful. 

0

How can I get a list of clients that are listed in Symantec Endpoint Protection Manager 14.1 ?

December 6, 2019, 9:01 am
$
0
0
I need a solution

Hi,

We have SEP 14.1 running in our environment of around 4000 clients. We have close to 30 SEP Groups inside SEPM. We are currently need to generate a report of all clients,

Wha I  want is to have a list of all the clients reporting to Symantec Endpoint Protection Manager just getting the list from  My Company group.

Is that possible ?

 

Thank you

 

0

Questions on Memory Exploit Mitigation

December 11, 2019, 9:02 pm
$
0
0
I need a solution

Hello there,

We are planning to enable MEM protection in our environment with on-prem SEPM. I have gone through a few articles listed below for Memory exploit mitigation but still have a few queries. Can someone please help me on this ? Thanks.

1.  Currently MEM policy is conifgured as "Set the protection action for all techniques to log only" but I don't find any logs related to MEM in SEPM (Monitors > Logs > Network and Host Exploit Mitigation log type > Memory Exploit Mitigation log content > View Log). Does that mean MEM doesn't see any exploits from the listed applications ?

2. Does MEM protects both 32 bit & 64 bit applications running on 32 bit or 64 bit operating systems ?

3. I see some posts and articles where MEM blocks the legitimate applications, causing the applications to crash etc.. So MEM detections are more of false positivies ?

4. Is it advisable to enable MEM protection in production environment ?

Articles I checked so far:

https://support.symantec.com/us/en/article.howto127047.html

https://support.symantec.com/us/en/article.howto127057.html#v121578842

https://support.symantec.com/us/en/article.HOWTO127178.html

https://support.symantec.com/us/en/article.TECH251437.html

Let me know if there are any other MEM articles which will be helpful. 

0
Search

Live Update from GUP server

December 11, 2019, 10:11 pm
$
0
0
I need a solution

Hello,

We have GUP server installed in the location but still, the client system is taking an update from Live Update Server instead from GUP server. Please let me know what could be the issue.

0

Script to uninstall SEP Cloud agent?

December 12, 2019, 7:23 am
$
0
0
I need a solution

We currently use SEP Small Business edition and we are having issues uninstalling the Symantec Cloud agent that is listed in the control panel. I am able to remove the main program using this Powershell command:

(Get-WmiObject -Class Win32_Product -Filter "Name='Symantec.cloud - Endpoint Protection'" -ComputerName . ).Uninstall()

I am trying to remove the leftover cloud agent using the following Powershell command:

(Get-WmiObject -Class Win32_Product -Filter "Name='Symantec.cloud - Cloud Agent'" -ComputerName . ).Uninstall()

When I run this command, it does not uninstall the Symantec Cloud agent and get the following:

__GENUS          : 2
__CLASS          : __PARAMETERS
__SUPERCLASS     :
__DYNASTY        : __PARAMETERS
__RELPATH        :
__PROPERTY_COUNT : 1
__DERIVATION     : {}
__SERVER         :
__NAMESPACE      :
__PATH           :
ReturnValue      : 1603
PSComputerName   :

Return value should be 0 when it is cleanly uninstalled. Anyone have any ideas? I believe the agent can be removed from the SEP managed website however it involves going to each computer and installing it.

I have several computers I need to uninstall this software want and want to script it out into a GPO if possible.

0

Snatch Ransomware

December 12, 2019, 7:31 am

SEP Client Communication Issues 14.2.53.23.2000

December 12, 2019, 7:38 am
$
0
0
I need a solution 
Good Morning,

I have a problem with the SEP for Mac OS client, the console has been updated to fix the vulnerability and to address the 
issue of the database not working to back up, after the upgrade, Windows and Windows environment testing and environments 
were performed. Mac, Windows has worked normally so far, but after testing in Mac environment, it does not work, 
Client for Mac OS 10.14 has been installed and it installs normally no longer communicates with console, updates vaccine, 
no longer has communication with the manager, not to impact my environment, had to reinstall the client before
14.2.1031.0100.

I wonder if anyone is also having a problem regarding this?
0

SEP Clients are not connecting to SEPM

December 6, 2019, 11:43 am
$
0
0
I need a solution

SEP clients are not attempting to connect to  SEPM that is specified in Sylink. The clients are attempting to connect to all other SEPMs which are not listed in MSL/Sylink but not to the ones listed in Sylink <ServerList>. Network connecitivity to other SEPMs is restrcited in our environment and the clients showing offline.

We are unable to identify why the SEP clients are not attempting to connect to the SEPM that is listed in Sylink <ServerList>. Please help.

SEP Version 14.2 RU1

0
Viewing all 10484 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>