Is it SEP 15 still?

December 17, 2019, 5:45 am

≫ Next: SEP 14/15 runs in Safe Mode?

≪ Previous: Live Update from GUP server

$

0

0

I need a solution

You'd think as a 10-year partner of Symantec I'd have an answer to this but alas, Symantec's communication to partners is spotty at best.  I get every email they send, but not once do I recall hearing that there was a renaming of the product.  Today I go to symantec.com and find that "Endpoint Protection" no longer exists, now it's Symantec Endpoint Security Enterprise, I'm 96.7% sure.  Is that correct, SEP 15 is basically now "SESE" ?  I know there's "SES Complete" as well but that's clearly understood, just the SES E" version I wanted to check on.  

And let's hope they never come up with Symantec Endpoint Xchange or what not.  

0

---

SEP 14/15 runs in Safe Mode?

December 17, 2019, 6:01 am

≫ Next: Logs not visible in client GUI using normal user

≪ Previous: Is it SEP 15 still?

$

0

0

I need a solution

Hi all.  I lack the ability to confirm this for myself anytime soon due to lack of a machine with SEP 14/15 that I can reboot , but does SEP fully run in safe mode?  I ask because of that recent security bulletin about whatever the ransomware name was where it reboots the computer and runs itself in safe mode so AV is bypassed.  I have to think SEP is robust enough to run at all times but as I said, I can't test :(

Thank you.  

0

Logs not visible in client GUI using normal user

December 17, 2019, 12:35 am

≫ Next: Liveupdate getting failed

≪ Previous: SEP 14/15 runs in Safe Mode?

$

0

0

I need a solution

Hi Symantec staffs,

Our customer reported to us that they could not see any log from client GUI.  After studying and searching, we found that we need local admin user, in order to see those logs.

Problems is that there is no warning or indicator showing from GUI about this ...

Q:  Is there any setting or workaround that we can show logs even with normal user?

If not, any method to show warning like "no log shown without local admin right"?

0

Liveupdate getting failed

December 17, 2019, 4:27 am

≫ Next: Memory Exploit Mitigation Detection Notification

≪ Previous: Logs not visible in client GUI using normal user

$

0

0

I need a solution

I have installed SEP 14.2.RU1MP1,  Set a policy to get update from SEPM or Internet.  When i click on Liveupdate on the SEP Client. it tries to connect to internet and fails.  

The Client host does not have internet.  But the SEP client is connected with SEPM and able to ping the SEPM server.  But not getting the definition. 

Ran a CleanWipe Tool and installed it, it was good for a week and still got the same Definition update iissue. 

0

Memory Exploit Mitigation Detection Notification

December 17, 2019, 7:19 am

≫ Next: How to prepare SEP 14 client for VDI desktop PC

≪ Previous: Liveupdate getting failed

$

0

0

I need a solution

Hi all,

how to deal with:

Notification Events

Earliest Event Time: 12/17/2019 15:43:00 to Latest Event Time: 12/17/2019 15:44:00

Memory Exploit Mitigation Events

Event Time Domain Group Computer IP Address Severity Client User Name Event Type Action Application Name Event Description Profile Serial Number Location Name 12/17/2019 15:44:12 Default My Company computer name .... Critical X... Attack: Structured Exception Handler Overwrite Blocked C:/Program Files (x86)/Internet Explorer/iexplore.exe Blocked Attack: Structured Exception Handler Overwrite attack against C:\Program Files (x86)\Internet Explorer\iexplore.exe 341A-12/11/2019 14:43:53 904 internal 12/17/2019 15:44:01 Default My Company computer namecomputer namecomputer namecomputer namecomputer namecomputer namecomputer name ..... Critical X... Attack: Structured Exception Handler Overwrite Blocked C:/Program Files (x86)/Internet Explorer/iexplore.exe Blocked Attack: Structured Exception Handler Overwrite attack against C:\Program Files (x86)\Internet Explorer\iexplore.exe 341A-12/11/2019 14:43:53 904 internal 12/17/2019 15:43:50 Default My Company .... Critical X.... Attack: Structured Exception Handler Overwrite Blocked C:/Program Files (x86)/Internet Explorer/iexplore.exe Blocked Attack: Structured Exception Handler Overwrite attack against C:\Program Files (x86)\Internet Explorer\iexplore.exe 341A-12/11/2019 14:43:53 904 internal

0

How to prepare SEP 14 client for VDI desktop PC

December 17, 2019, 8:32 am

≫ Next: Issues with 14.2 RU2 and Mac OS X 10.15.2

≪ Previous: Memory Exploit Mitigation Detection Notification

$

0

0

I need a solution

Hi,

I would like to know how to preapre SEP 14 client for VDI desktop.

Since all VDI desktops will be deployed from Golden image I have prepared.

If I pre-installed SEP client in Golden image, will all deployed VDI desktop encountered ID duplication issue ?

If yes, how can I prepare SEP client for Golden image ? I don't want to install for each VDI desktop.

Thanks

0

Issues with 14.2 RU2 and Mac OS X 10.15.2

December 17, 2019, 11:48 am

≫ Next: Need to change SEPM Admin account username

≪ Previous: How to prepare SEP 14 client for VDI desktop PC

$

0

0

I need a solution

Prior to updating to 10.15.2 on a users computer 14.2 RU2 worked fine. After the update SEP would no longer open. I had them run a removal and tried a reinstall but still seem to be running into issues during the install. I've attached a doc with some of the info regarding the error.

Was there supposed to be a 14.2 RU2 refresh by chance for 10.15.2 or is it supposed to continue working with the new iteration of Catalina.

Any feedback would be helpful.

0

• error 12-17.docx

Need to change SEPM Admin account username

December 18, 2019, 2:54 am

≫ Next: Configure External Logging On Failover Servers

≪ Previous: Issues with 14.2 RU2 and Mac OS X 10.15.2

$

0

0

I do not need a solution (just sharing information)

Hi All,

Is there any impact if we change the default admin accounts user name in SEPM console?

0

---

Configure External Logging On Failover Servers

December 12, 2019, 11:48 am

≫ Next: Need to change SEPM Admin account username

≪ Previous: Need to change SEPM Admin account username

$

0

0

I need a solution

Windows Server 2016

SEPM 14.2 RU2

Two servers set up for failover and load balancing

Is there a way for the non-Master Logging Server  (for SPLUNK in this case) if the MASTER logging server fails other than manually changing Master Logging Server on the secondary server?  Our Cyber team is questioning this possiblilty.

I am hoping there is a config file somewhere that I can change to make this happen.  Even if both are always logging, that is ok too.

Thanks!

0

Need to change SEPM Admin account username

December 18, 2019, 2:54 am

≫ Next: Device is auto-reconnecting problem

≪ Previous: Configure External Logging On Failover Servers

$

0

0

I do not need a solution (just sharing information)

Hi All,

Is there any impact if we change the default admin accounts user name in SEPM console?

0

Device is auto-reconnecting problem

December 18, 2019, 9:15 am

≫ Next: REST API 401 User Not Authorized

≪ Previous: Need to change SEPM Admin account username

$

0

0

I need a solution

Could someone tell me why a device we have on our network reconnects automatically when I run the smc.exe -stop command in a cmd window?

When I issue the command, I quickly hover over the client in the system tray and the green dot disappears and within about 3 or 4 seconds, it automatically turns itself back on again.  I don't want this to happen.  When I issue the -stop command, I need it to stop and unload the client.

Also it's not picking up the latest policy even though it's in the correct OU.  I've moved it out of the group and back in again and it's not picking up the policy.

I know I entered version 12.1 as our current version and yes, I know you're going to tell me to upgrade to the latest verison but in this circumstance I cannot do this on such a mission-critical platform.

What setting in 12.1 do I have to set to STOP it from reconnecting automatically?

0

REST API 401 User Not Authorized

December 18, 2019, 1:16 pm

≫ Next: Symantec Blocking Team Viewer

≪ Previous: Device is auto-reconnecting problem

$

0

0

I need a solution

I have been able to connect to my SEPM API using Postman, however when I try to access anything else I get this error:

{
  "errorCode": "401",
  "appErrorCode": "",
  "errorMessage": "The user is not authorized to access this resource"
}

I am using a full admin account to access the API. 

I have looked at this documentation:

• https://apidocs.symantec.com/home/saep#_get_a_list_of_symantec_endpoint_protection_manager_groups
• https://<server>:<port>/sepm/restapidocs.html#/api...

I cannot find anywhere to give a user permission to access specific APIs. Is there a setting in the SEP Management Console that I'm missing?

0

Symantec Blocking Team Viewer

December 18, 2019, 7:46 pm

≫ Next: block specific URL

≪ Previous: REST API 401 User Not Authorized

$

0

0

I need a solution

We are using symantec endpoint protection 14.2.3335.1000. Recently symantec blocking Team Viewer and we want to unblock it. Please advise how to unblock it.

0

block specific URL

December 19, 2019, 12:54 am

≫ Next: Improving Linux scan times??

≪ Previous: Symantec Blocking Team Viewer

$

0

0

I need a solution

Hi,

Im trying to block a specific internal URL with SEP FW. I followed several docs i found here but cant get it to work somehow.
Can someone explain how to get this to work?

I just added a new FW rule, action block, dns domain https://www.mydomain.com/blah/blah.

LEVD

0

Improving Linux scan times??

December 13, 2019, 9:28 am

≫ Next: block specific URL

≪ Previous: block specific URL

$

0

0

I need a solution

Hello community,

We have been working with SEP 14.2.x on Linux machines for a little while now, and one of the consistent complaints is that scan times are taking too long...sometimes 72 hours. As it turns out, many of the machines with excessive scan times have NFS Shares. I have seen this article: https://support.symantec.com/us/en/article.TECH240... and realize that exclusions can be made, but unfortunately, there is no easy way for me to ask our thousands of Linux users, what directories are actually NFS Mounts.

My question, is anyone using SEP 14.2.x on their Linux machines in a corporate environment? If so, what policies have you implemented to improve the scan times, and or performance, of those Linux machines...or do you only rely on Autoprotect and skip scheduled scans altogether? If not, is there a more robust, centrally managed, AV solution for Linux machines?

We would like to stick with SEP as our Antivirus solution on Linux machines, but at this point, it feels like the SEP Linux Client will remain the overlooked Redheaded Step Child (no offense to any real readheaded step children), of SEP 14's supported operating systems, at least for the foreseeable future.

Any thoughts or suggestions will be greatly appreciated.

-Mike

0

---

block specific URL

December 19, 2019, 12:54 am

≫ Next: Symantec Endpoint Protection Manager database Slow Issue

≪ Previous: Improving Linux scan times??

$

0

0

I need a solution

Hi,

Im trying to block a specific internal URL with SEP FW. I followed several docs i found here but cant get it to work somehow.
Can someone explain how to get this to work?

I just added a new FW rule, action block, dns domain https://www.mydomain.com/blah/blah.

LEVD

0

Symantec Endpoint Protection Manager database Slow Issue

December 19, 2019, 7:57 am

≫ Next: Symantec Endpoint Protection 14.2 RU2 LIVEUPDATE failed via Proxy connection

≪ Previous: block specific URL

$

0

0

I need a solution

Hi,

Recently we are having issue with SEPM portal slowness.

we have done root cause analysis and we have find that we have enought 16GB of memory on windows server but Symantec Embedad Database using only 550MB. As per symantec guide line we have access database and we have check that maxcachsize is configured as 512MB. we have check with following command select property('MaxCacheSize');

But we are searching for the resolution that can upgrade the cache size.

Please help to resolve this issue.

Thanks

Shivang  

0

Symantec Endpoint Protection 14.2 RU2 LIVEUPDATE failed via Proxy connection

December 19, 2019, 8:05 am

≫ Next: SEP client Communication restoration of new migrated server

≪ Previous: Symantec Endpoint Protection Manager database Slow Issue

$

0

0

I need a solution

Hi anyone,

After update from 14.2 RU1 to 14.2 RU2 (buil 5335) the the onnection to the LiveUpdate server failed via Proxy connection

This is urgent case, anyone can help?

Note: old version 14.2 RU1 liveupdate working fine with the same network enviroments.

Thanks in advance.

I have attached the capture liveupdate failure.

0

• liveupdate_1.png

SEP client Communication restoration of new migrated server

December 19, 2019, 10:20 am

≫ Next: uninstall

≪ Previous: Symantec Endpoint Protection 14.2 RU2 LIVEUPDATE failed via Proxy connection

$

0

0

I need a solution

Good evening Everyone!

can anyone help me out here regarding SEP client communication settings, recently I hve just build new SEPM 14.2 on Win12R2 with enough HW resources, prioir we're using old SEPM 14.0, 

Now I'm stuck here while moving existing SEP client from old server to new server, as we're here 500+ SEP clients are installed in office. 

Solutions I have already tried:

- Manually replacing syslink ( it takes too much time) 

- By adding New Server management list (but not succeed ) 

Regrads,

Ahsan 

0

uninstall

December 19, 2019, 1:05 pm

≫ Next: SECURITY at RISK in combination with SEP and App volumes VmWare + Slow login/app performance. 

≪ Previous: SEP client Communication restoration of new migrated server

$

0

0

I need a solution

 how the heck do I uninstall when It says contact the developer, but there is NO way to reach anyone!

0