Hello,
Does anyone has experience with Symantec Information Centric Security module and is it compatible with SEP? Can both be installed on the same client machines and not causing issues each other?
Thanks
Hi,
When adding exclusions in our SEPM we can't find them in registry under HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Symantec\Symantec Endpoint Protection\AV\Exclusions even in the SYMDIAG the new exclusions are not listed.
Does somebody have the same behaviour / problem ?
Regards,
Sébastien
Hello,
I have an issue with LiveUpdate service on my SEPM. We are running 2 SEPM version 14.2.1031.0100.
LiveUpdate is failing to download and install Virus Definitions since 22/12. I noticed it 1 week ago, I was able to resolve the issue at this time by reinstalling LiveUpdate and rebooting the server.
But now I cannot update the Virus Definitions at all. This is what I've tried :
- Installing virus definitions using a .jdb file. Result : the file is unzipped and then nothing happens.
- Reinstall LiveUpdate. Result : When I try to lauch a LiveUpdate session, I have an error "A LiveUpdate session is already running." but Virus Definitions are not downloading or installing. And no LUALL or LUCOM.exe process are running.
- Launch LUALL.EXE. Result : I see that the virus definitions are downloading, but not installing. LUALL process is blocked at 00 CPU usage. I am forced to restart the server to kill it. And liveupdate.log is not updating after everything has been downloaded.
Attached, the log.liveupdate for review. I did not find any error in this file, maybe you could help me.
If any suggestions, thanks in advance,
Regards,
Axel
Hi everyone,
our SEP detects a download insight when O365 Pro Plus tries to get its updates.
The tmp file name varies every time. We are getting Helpdesk calls about it and i want them to stop.
After checking 5 clients i'm sure that this file relates to the Office Updates (Semi Annual) as there is a log file from O365 ProPlus with the same timestamp.
When will these files are trustworthy?
Best regards
Stephan
Hello,
Does anyone has experience with Symantec Information Centric Security module and is it compatible with SEP? Can both be installed on the same client machines and not causing issues each other?
Thanks
Hi All,
When i am trying to exporting the Computer status logs. We are getting the query failed error.
I have followed the KB article https://support.symantec.com/us/en/article.tech101746.html but issue not got fixed.
Recently we have upgraded our server from 14.2 MP1 to 14.2 RU2.
We have only one SEPM and it's running on embedded DB.
Please let us know the fix for the issue.
Thanks
Hi Team,
Our SEP is integrated with AD, recently we did the sep upgrade to 14.2 and also AD server got changed.We updated the new AD details in SEP and tried 'Sync Now' option from the clients OU.But its throwing an error "The directory server from which one or more organisational units have been imported doen not exist.Ensure that the directory server exists,and then import the organisational units before trying to synchronize".
But we were able add new OU's which is not present in the current structure with the new AD details.
Please assist me on this.
Hi all,
We forgot the admin password to login into the SEP 14 Manager! I tried to change pass with "Forgot your password?" but we not received the email to change the password.
Any ideas to restore my access to SEP manager?
Many Tks!
Hi Team,
Our SEP is integrated with AD, recently we did the sep upgrade to 14.2 and also AD server got changed.We updated the new AD details in SEP and tried 'Sync Now' option from the clients OU.But its throwing an error "The directory server from which one or more organisational units have been imported doen not exist.Ensure that the directory server exists,and then import the organisational units before trying to synchronize".
But we were able add new OU's which is not present in the current structure with the new AD details.
Please assist me on this.
Hi everyone,
we are using an ArcSight Smart Connector to pull all interesting SEP event information into our SIEM.
It seems like the SEP field "severity" is not available in ArcSight or maybe I just can't find it.
The event in SEPM looks like this (see Symantec_event.jpg):
Schweregrad = Severity
Kritisch = Critical
Is this kind of information mapped to an ArcSight field?
Or does this Smart Connector version not read the information from the SEPM database?
I took a look in the SymantecEndpointProtectionDBConfig guide and it seems like the severity info should be mapped to ArcSight's "Device Severity" field, is it right?
But for this event the entry in Device Severity is "Warning" and not "Critical". So this must be a different info.
SEPM Version 14.2.4814.1101
MSSQL Version 11.00.7462
Smart Connector Version (Linux) 7.12.0.8149.0
Hope someone can answer my questions.
Kind regards
Dominik
Hi All,
Windows Server 2008 and Windows Server 2008 R2 are approached the end of their support lifecycle. so we plan to upgrade our SEPM server from 2008r2 server to 2012/2016.
What would be the best solution to upgrade the Window server?
SEPM version: 14.2 ru1
SEPM server: Windows 2008 r2
DB server: Windows 2008r2
Hi all,
Seeking assistance with implementing Symantec System Lockdown on a Windows 2012 R2 server that runs Oracle Database 11g Enterprise release 11.2.0.4.0 64 bit edition.
Whitelist listening mode produces below calling application and target and hash value as an example. This happens for all the oracle calling processes on the server
D:\oracle\product\11.2.0\dbhome_1\BIN\tnsping D:\oracle\product\11.2.0\dbhome_1\perl\bin\perl.exe Target MD5=00000000000000000000000000000000
Appending the above as a whitelist item does not whitelist the application. Listening mode logs the item as an unapproved application.
Adding a whitelist hash for perl.exe also does not work. Listening mode in lockdown logs the same result.
Have tried putting in an File Name exception of D:\Oracle\* but this does not work either
Thanks and regards.
Just renewed SEP 14 for another year.
We can see the renewal on MySymantec>My Products, but can't figure out how to download the license key.
"Getting started" says to click on the "Key Icon", but we don't have a "Key Icon".
In the past we've used licensing.symantec.com, registered the product and downloaded the license key.
What are we doing wrong? Any special settings needed in IE11 for MySymantec? Do we need to activate the renewal, if so, how?
Any help would be greatly appreciated.
Hello,
Has anyone else been getting these errors in the cloud console:
ERROR Unable to get data for 'Seat count usage' as an unexpected error occurred SEP 15 cloud
Please let me knwo if anyone else has fixed this. Seems to be only cosmetic.
Hi All,
Windows Server 2008 and Windows Server 2008 R2 are approached the end of their support lifecycle. so we plan to upgrade our SEPM server from 2008r2 server to 2012/2016.
What would be the best solution to upgrade the Window server?
SEPM version: 14.2 ru1
SEPM server: Windows 2008 r2
DB server: Windows 2008r2
Hi all,
Seeking assistance with implementing Symantec System Lockdown on a Windows 2012 R2 server that runs Oracle Database 11g Enterprise release 11.2.0.4.0 64 bit edition.
Whitelist listening mode produces below calling application and target and hash value as an example. This happens for all the oracle calling processes on the server
D:\oracle\product\11.2.0\dbhome_1\BIN\tnsping D:\oracle\product\11.2.0\dbhome_1\perl\bin\perl.exe Target MD5=00000000000000000000000000000000
Appending the above as a whitelist item does not whitelist the application. Listening mode logs the item as an unapproved application.
Adding a whitelist hash for perl.exe also does not work. Listening mode in lockdown logs the same result.
Have tried putting in an File Name exception of D:\Oracle\* but this does not work either
Thanks and regards.
I have been trying to create a SEP15 /Cloud tenant, however I am lost with the terminology that Symatec are usng for these products now.
I've discussed this with our previous technical account rep (before the Broadcom takeover and seemigly everyone at Symatec has resigned or been sacked) and he advised that Sep15 (cloud based) was a different product to Symantec Cloud with SEPC being a SMB based solution.
I've created an Endpoint tenant here: https://sep.securitycloud.symantec.com/v1/#/landing and this dash refers to itself as "endpoint Security" yet it also mentions clients for 'Endpoint Protection" as well As "Endpoint Security". All of the clients I have deployed so far are reporting to the dash as "Symantec Endpoint Security" clients.
The Sep Cloud home page also seems to redirect to the same landing page. The page at: https://sepc.securitycloud.symantec.com/app/#/landing seems to redirect to the same dash as above once you log on
I am finding that some of the features seem lacking compared to what I am used to with on-prem SEP14, particulary around reporting, so I want to make sure I am in the right product before I get too much further. If I am deploying SEP15, should this be 'Endpoint Protection", "Endpoint Security" or SEPc?
I've asked Symantec support and they don't seem to know the difference either
thanks
Hi Team,
Symantec endpoint protection 14.2console dashboard endpoints counts keep going offline and coming back online in a day muptile time. we have SEPM 14 RU1 MP1 version, and this was there with previous version as well. is there fix for this.
Thanks,
Sateesh Simpi
I have been trying to create a SEP15 /Cloud tenant, however I am lost with the terminology that Symatec are usng for these products now.
I've discussed this with our previous technical account rep (before the Broadcom takeover and seemigly everyone at Symatec has resigned or been sacked) and he advised that Sep15 (cloud based) was a different product to Symantec Cloud with SEPC being a SMB based solution.
I've created an Endpoint tenant here: https://sep.securitycloud.symantec.com/v1/#/landing and this dash refers to itself as "endpoint Security" yet it also mentions clients for 'Endpoint Protection" as well As "Endpoint Security". All of the clients I have deployed so far are reporting to the dash as "Symantec Endpoint Security" clients.
The Sep Cloud home page also seems to redirect to the same landing page. The page at: https://sepc.securitycloud.symantec.com/app/#/landing seems to redirect to the same dash as above once you log on
I am finding that some of the features seem lacking compared to what I am used to with on-prem SEP14, particulary around reporting, so I want to make sure I am in the right product before I get too much further. If I am deploying SEP15, should this be 'Endpoint Protection", "Endpoint Security" or SEPc?
I've asked Symantec support and they don't seem to know the difference either
thanks
Hi Team,
Symantec endpoint protection 14.2console dashboard endpoints counts keep going offline and coming back online in a day muptile time. we have SEPM 14 RU1 MP1 version, and this was there with previous version as well. is there fix for this.
Thanks,
Sateesh Simpi