Hi

Does Symantec offer any similar service/product to Trends Virtual Patching? 

Thanks

Hello.

So, I have a couple of MACs running SEP, and recentrly I pushed newest update (14.2 RU2) for them.

This version adds support for OSX Catalina (10.15), and, as far as I can see, on Catalina everything is really fine.

But older OSX versions (10.13, 10.14) face a couple of troubles:

1. Random reboots. I don't know, how it is called in OSX terminology, but I mean black screen with white text "Your computer restarted because of a problem. Press a key or wait a few seconds to continue starting up."

2. Firewall notifications. At my SEPM server, my firewall policy for MACs have entry "Display a notification on the computer when the client blocks an application" disabled. But, ignoring this, users began to face notifications about different remote connections with buttons "allow" and "deny". The strangest part is the header of notifications - it says "Norton Security" :) Tested a bit, withdrawing firewall policy via SEPM prevents notifications from spawning.

Maybe anyone else faced these issues? Any ideas?

So I am not exactly sure where to begin.

We have had the SEPM installed for years. I just recently started at my company and took over some of the IT duties that were orignally outsourced. I reached out to our management company (also our reseller) about obtaining updated software packages for the SEPM and my clients to upgrade their version. I was told that the license has moved and we need to be registered with our own account and that they started the process for me.

I receive the email confirmation for my account and attempt to access MySymantec for dowloads. I enter my support ID and it says that i have to wait for a Site Manager or Symantec Support Agent to approve my request. It has now been over 24 hours and I have not heard anything.

Chat bot is useless and it doesnt appear that any support agents are working or answering tickets, every place where it says to open a case or "call us" has broken links. I have my licsense number and a support ID but no way to get it registered or contact anyone for assistance.

Hi all,

 Aforetime, Google released Update 78 for Chrome and since then it's seems to be broken for symantec endpoint protection users.

The problem is you can't load any pages, You will get "Aw, Snap" Error.

Anyone know a permanent solution?

My symantec endpoint protection version is 14 (14.0 RU1 MP1) build 3897

Hi

Does Symantec offer any similar service/product to Trends Virtual Patching? 

Thanks

Hi,

I need your help regarding our Issue. We are comparing is the Risk Type from the Comprehensive Report and the Risk Logs extracted from the Monitor tab. In the Risk Logs there is a column name "Category Type" which we assumed is the same as the Risk type under the Comprehensive Report. Now, if we extract the Comprehensive Report and check the Risk Type and compare it with the Risk Logs that is filtered according to category type the expectation should be the same. We do this to determined the endpoints (there is no endpoint details under Risk type) affected under the Risk type. However, the results is different and the discrepancy is huge.

Hi All,

We are considering converting to MAC desktops.   Can anyone give feedback on SEP 14.2 support for MACs?   Are all SEP features supported?  How's the firewall support, etc?

Thanks,

Wally

Hi All,

Guys,

When an end-user receives a download insight pop up and clients click on "allow this file" and the file is a virus would SEP block it?

Hello - per the title, I have thus far been unable to get the SEP Intelligent Updater to install definitions for SEP.

This is the log I've received:

Tue Dec 31 04:10:51 2019 : ******************************************************************
Tue Dec 31 04:10:51 2019 :         Starting Intelligent Updater - Version 5.1.7.29
Tue Dec 31 04:10:51 2019 : ******************************************************************
Tue Dec 31 04:10:51 2019 : AUTH SYMSIGNED BEGIN: Started.
Tue Dec 31 04:10:51 2019 : AUTH SYMSIGNED CLASS3 BEGIN: Entering CriticalSection Initialization .
Tue Dec 31 04:10:51 2019 : AUTH SYMSIGNED CLASS3: Finding code signing : TRUE.
Tue Dec 31 04:10:51 2019 : AUTH SYMSIGNED END: Finished processing. Returns TRUE
Tue Dec 31 04:10:51 2019 : IU RES SYMSIGNED SUCCESS: Successfully verified Symantec Signature for the iuResource DLL
Tue Dec 31 04:10:51 2019 : IU RES LOAD: Successfully loaded the resource file..
Tue Dec 31 04:10:51 2019 : CONFIG LOAD SUCCESS: Successfully loaded the configuration file: iuConfig.xml.
Tue Dec 31 04:10:51 2019 :     IU INFO: File-name : 20191230-002-Core3SDSv5i64.EXE
Tue Dec 31 04:10:51 2019 :     IU INFO: Creation-date : 20191230
Tue Dec 31 04:10:51 2019 : AUTH DLL LOCATION: IU will read the DLL SAVIUAuth location from registry.
Tue Dec 31 04:10:51 2019 : REG FAILURE: Failed while opening the key  from registry. Return code: 2
Tue Dec 31 04:10:51 2019 : REG SUCCESS: Success while opening key 
Tue Dec 31 04:10:51 2019 : REG SUCCESS: Succeeded while fetching the path from registry.
Tue Dec 31 04:10:51 2019 : AUTH DLL: DLL found for Entry number 0.
Tue Dec 31 04:10:51 2019 : Identified as 32-bit product installation. Continuing...
Tue Dec 31 04:10:51 2019 : IU MODE: IU is running is FULL mode.
Tue Dec 31 04:10:57 2019 : CONFIG LOAD SUCCESS: Successfully loaded the configuration file: iuConfig.xml.
Tue Dec 31 04:10:57 2019 :     IU INFO: File-name : 20191230-002-Core3SDSv5i64.EXE
Tue Dec 31 04:10:57 2019 :     IU INFO: Creation-date : 20191230
Tue Dec 31 04:10:57 2019 : PROCESSING ENTRY: VIRSCAN.zip - Virus Definitions
Tue Dec 31 04:10:57 2019 : Entry details:
Tue Dec 31 04:10:57 2019 :     Update-File:             VIRSCAN.zip
Tue Dec 31 04:10:57 2019 :     Update-Desc:             Virus Definitions
Tue Dec 31 04:10:57 2019 :     Auth DLL Name:             SAVIUAuth
Tue Dec 31 04:10:57 2019 :     Auth DLL Location:         local
Tue Dec 31 04:10:57 2019 :     Auth Content-Type:         virus definitions core 3 sds x64
Tue Dec 31 04:10:57 2019 :     Deploy Content-Type:         virus definitions core 3 sds x64
Tue Dec 31 04:10:57 2019 :     Deploy DLL Name:         SAVIUDeploy
Tue Dec 31 04:10:57 2019 :     Deploy DLL Location:         local
Tue Dec 31 04:10:57 2019 : AUTH DLL LOCATION: IU will read the DLL location from registry - SAVIUAuth
Tue Dec 31 04:10:57 2019 : REG SUCCESS: Success while opening key 
Tue Dec 31 04:10:57 2019 : REG SUCCESS: Succeeded while fetching the path from registry.
Tue Dec 31 04:10:57 2019 : DEPLOY DLL LOCATION: IU will read the DLL location from registry - SAVIUDeploy
Tue Dec 31 04:10:57 2019 : REG SUCCESS: Success while opening key 
Tue Dec 31 04:10:57 2019 : REG SUCCESS: Succeeded while fetching the path from registry.
Tue Dec 31 04:10:57 2019 : AUTH SYMSIGNED BEGIN: Started.
Tue Dec 31 04:10:57 2019 : AUTH SYMSIGNED CLASS3 BEGIN: Entering CriticalSection Initialization .
Tue Dec 31 04:10:57 2019 : AUTH SYMSIGNED CLASS3: Finding code signing : TRUE.
Tue Dec 31 04:10:57 2019 : AUTH SYMSIGNED END: Finished processing. Returns TRUE
Tue Dec 31 04:10:57 2019 : AUTH SYMSIGNED SUCCESS: Successfully verified Symantec Signature for the authorization dll C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5323.2000.105\Bin\LuAuth.dll
Tue Dec 31 04:10:57 2019 : AUTH LOAD SUCCESS: Successfully loaded the authorization dll - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5323.2000.105\Bin\LuAuth.dll
Tue Dec 31 04:10:57 2019 : AUTH SYMSIGNED BEGIN: Started.
Tue Dec 31 04:10:57 2019 : AUTH SYMSIGNED CLASS3 BEGIN: Entering CriticalSection Initialization .
Tue Dec 31 04:10:57 2019 : AUTH SYMSIGNED CLASS3: Finding code signing : TRUE.
Tue Dec 31 04:10:57 2019 : AUTH SYMSIGNED END: Finished processing. Returns TRUE
Tue Dec 31 04:10:57 2019 : DEPLOY SYMSIGNED SUCCESS: Successfully verified Symantec Signature for the deployment dll C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5323.2000.105\Bin\LueEim.dll
Tue Dec 31 04:10:57 2019 : DEPLOY LOAD SUCCESS: Successfully loaded the deployment dll - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5323.2000.105\Bin\LueEim.dll
Tue Dec 31 04:10:58 2019 : AUTHORIZATION FAILED: VIRSCAN.zip is not authorized for deployment. Error code : 104
Tue Dec 31 04:10:58 2019 : IGNORE ENTRY: Ignoring entry for VIRSCAN.zip because it is not authorized for deployment
Tue Dec 31 04:10:58 2019 : Cleaning up the AuthorizationEngine
Tue Dec 31 04:10:58 2019 : After release
Tue Dec 31 04:10:58 2019 : Done cleaning up authorization engine
Tue Dec 31 04:10:58 2019 : PROCESSING ENTRY: VIRSCAN.zip - Virus Definitions
Tue Dec 31 04:10:58 2019 : Entry details:
Tue Dec 31 04:10:58 2019 :     Update-File:             VIRSCAN.zip
Tue Dec 31 04:10:58 2019 :     Update-Desc:             Virus Definitions
Tue Dec 31 04:10:58 2019 :     Auth DLL Name:             ISAuthDLL
Tue Dec 31 04:10:58 2019 :     Auth DLL Location:         local
Tue Dec 31 04:10:58 2019 :     Auth Content-Type:         virus definitions core 3 sds x64
Tue Dec 31 04:10:58 2019 :     Deploy Content-Type:         virus definitions core 3 sds x64
Tue Dec 31 04:10:58 2019 :     Deploy DLL Name:         ISDeployDLL
Tue Dec 31 04:10:58 2019 :     Deploy DLL Location:         local
Tue Dec 31 04:10:58 2019 : AUTH DLL LOCATION: IU will read the DLL location from registry - ISAuthDLL
Tue Dec 31 04:10:58 2019 : REG SUCCESS: Success while opening key 
Tue Dec 31 04:10:58 2019 : REG FAILURE: Failed while fetching the path from registry.
Tue Dec 31 04:10:58 2019 : DEPLOY DLL LOCATION: IU will read the DLL location from registry - ISDeployDLL
Tue Dec 31 04:10:58 2019 : REG SUCCESS: Success while opening key 
Tue Dec 31 04:10:58 2019 : REG FAILURE: Failed while fetching the path from registry.
Tue Dec 31 04:10:58 2019 : IGNORE ENTRY: Ignoring entry for VIRSCAN.zip because of registry read failure. Error occurred while reading the path for the Authorization DLL from the registry.
Tue Dec 31 04:10:58 2019 : The product corresponding to this entry in iuconfig.xml is not installed on the system.
Tue Dec 31 04:10:58 2019 : PROCESSING ENTRY: VIRSCAN.zip - Virus Definitions
Tue Dec 31 04:10:58 2019 : Entry details:
Tue Dec 31 04:10:58 2019 :     Update-File:             VIRSCAN.zip
Tue Dec 31 04:10:58 2019 :     Update-Desc:             Virus Definitions
Tue Dec 31 04:10:58 2019 :     Auth DLL Name:             Norton X64 AuthDLL
Tue Dec 31 04:10:58 2019 :     Auth DLL Location:         local
Tue Dec 31 04:10:58 2019 :     Auth Content-Type:         SDSDefs
Tue Dec 31 04:10:58 2019 :     Deploy Content-Type:         SDSDefs
Tue Dec 31 04:10:58 2019 :     Deploy DLL Name:         Norton X64 DeployDLL
Tue Dec 31 04:10:58 2019 :     Deploy DLL Location:         local
Tue Dec 31 04:10:58 2019 : AUTH DLL LOCATION: IU will read the DLL location from registry - Norton X64 AuthDLL
Tue Dec 31 04:10:58 2019 : REG SUCCESS: Success while opening key 
Tue Dec 31 04:10:58 2019 : REG FAILURE: Failed while fetching the path from registry.
Tue Dec 31 04:10:58 2019 : DEPLOY DLL LOCATION: IU will read the DLL location from registry - Norton X64 DeployDLL
Tue Dec 31 04:10:58 2019 : REG SUCCESS: Success while opening key 
Tue Dec 31 04:10:58 2019 : REG FAILURE: Failed while fetching the path from registry.
Tue Dec 31 04:10:58 2019 : IGNORE ENTRY: Ignoring entry for VIRSCAN.zip because of registry read failure. Error occurred while reading the path for the Authorization DLL from the registry.
Tue Dec 31 04:10:58 2019 : The product corresponding to this entry in iuconfig.xml is not installed on the system.
Tue Dec 31 04:11:25 2019 : Done with IU Operations

Both SEP and the Intelligent Updater are of the newest version (14.2 RU2 build 5323 and 20191229-003-core3sdsv5i64 respectively) and I had used LiveUpdate prior to opening the Intelligent Updater.

While I realise that it's probably unnecessary to use the IU when the SEP has access to LiveUpdate, my current setup will not have internet connection after commissioning and would not be able to update definitions the same way. Is that the only way in which the IU can be used? Is my current error due to having already updated definitions? 

Many thanks for your time.

Hi,

We have Client Server topology for Symantec Endpoint Protection Server 14.1 

One of the lcient is getting "Reputation check for unproven files failed because of network errors for the last 3 days." the client contains sensitive info and is not connected to the internet. I was reading online that for Reputation Check, you need access to the internet. 

The client has no internet connectivity. What should I do to get rid of this error?

Thanks

Jamshed

Can anyone confirm that clients running an older version of SEP 14 should still recieve virus definition updates from the SEPM automatically after an upgrade to SEPM?  Usally I like to perform a staged migration from the older client to the newer client after an update.  After the most recent update clients running 1 version behind have stopped recieving virus definition updates from the SEPM, however they have stayed in contact with the server.  I did upgrade one client to prove my theory, once it was upgraded it started reciving virus definition updates.  Additionally if I run LiveUpdate striaght from the server the virus definitions update on an old client.  Aditionally if I change the LiveUpdate settings policy to only use the default Symantec LiveUpdate server, ie go out to the internet, the clients will recieve the definition updates.

Hi all,

I have had an issue with Backup Exec 20.5 failing on one Windows 2012 R2 server where it loses connectivity to that server and fails. The other 2 servers backing up are ok. I traced it back to Endpoint Protection Version 14 and the Network Threat Protection. If I disable that in Endpoint on the backup server and the remote server that is failing the backup works. Any ideas how to fix network threat protection so I can run it again on both servers and backup successfully? Am I able to put a network threat protection firewall exception in for those two servers to get it to work again? If someone could step me through what to add and where in the firewall settings that would be great!

Cheers,

JP

Several months ago, i reached out to several of our suppliers looking to renew a support contract and/or purchase a new version of SEP.   All have responded to me that Symantec is no longer selling the product and this went into effect when the Broadcom transaction took effect.  

I called several "partners" listed on the Symantec websites but they have responded with "we cannot get proposals anylonger".

We have the option of changing platforms (ESET has been agressive with teir sales pitch) but we've been using Symantec for years and I really dont want to have to change if we dont have to.

Can anyone confirm if this is true or not? 

Our small organization's single Server 2012 file server has been running SEPM since 2014.

I've been here since 2017.

Since I;ve been here, the server has been sluggish.

It's a VM with 3TB disk space on 2 volumes and 6GB dedicated RAM.

The only other VMs are a very small linux VM and a small Win7 VM used only for remote login.

I've played around with stripping out unnecessary apps and even moved the paging file with only marginal sucess.

Today it was particularly lethargig and I noticed in resource monitor, that almost all of the disk activity (which was quite high) was rrelated to SEPM.

A google search turned up an issue where someone had "Live Update Administrator" and SEPM both running on the same server, and that was causing excessive disk activity.

That post was from 2010. Our services are not named the same.

I was wondering if "Live Update" is the same as "Live Update Manager" as we have bothe "Live Update" and "Symantec Endpoint Manager" services runningas well as a few others that begin with "Symantec..."

I wanted to stop the "Live Update" service to see what happened but I can't. Looks like I'll have to uninstall it.

It shows up as a seperate installed ap in "add and remove..."

I want to make sure from someone here, before i do that, though.

Thanks-

KK

Hi,

I want to know the best way forward where we have a number of Windows 10 clients which will either never connect to a network or may rarely do so.  I am thinking of making them unmanaged clients in this case,which will be no plroblem from an update point of view as they will be able to update using the intelligent updater files from Symantec, however we also need to manage the USB devices so that only  certain ones can be utilised.  The list of approved USB drives will be subject to regular changes and we will need to have the ability to add / remove them in the field on the unmanaged clients.

From what I have read, this sounds as though this will need to be done by creating the appropriate policy on a computer with the SEP Manager inistalled,and then the policy shipped out to the client and imported, but this sounds potentially cumbersome so I was wondering if there is another way of doing this on the unmanaged client directly using the latest version of SEP.

Please can someone advise me the best way forward,

Thanks

Chris

Dear Everyone,

I would like to ask help on how can I achieve correct SEP firewall policy which will prevent clients to report to the other SEP manager in our other sites. Out current setup is 1 SEPM each site and no replication. All sites are connected via MPLS.

We're using custom port for client server communication.

Thank you for those who responded.

Greetings,

We have remote locations that use Vonage for their phone systems, and SEP keeps blocking the update to the Vonage software. Anybody else seen this? I know there were issues with SEP blocking MS updates.

Cheers

I have a client that has old settings of installation Endpoint Protection 12.1.6607.6300 and i cant installl any other antivirus, please sent me the cleanwipe or a procedure to remove it. Server and other clients in my network are uninstalled full.