Hi all,
How do I configure folder exceptions for a linux OS? Anyone that has done this before?
Does the Exception policy work and if so how would I add the folders as an example. Would just adding the exact
path shown below work?
/usr/sap/hostctrl
/usr/sap/DAA
/usr/sap/hostctrl
Thanks
T
I have been trying for some time, as has my reseller, to get some response to my attempt to renew my licensing. We have so far been unable to get any response. Do Symantec want customers? I really don't care about 're-branding', my concern is with the security of my servers. Does the company still sell licenses or should I be looking for an alternative product?
Failed to read C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\temp\threatcon.zip
This is under investigation. Please subscribe to the following KB for updates.
https://support.symantec.com/us/en/article.TECH257...?
I have updated to latest version of Symantec and is that Firewall turned off notifications pop up messages. Symantec works fine and all FW logs are captured. Any help
Our servers, without stable connection to Internet, are installed with SEP 14.X standard client, and get virus definition update from our internal SEPM server.
I did not know there is a so-called "dark network client" until recently. When I saw the difference between the 2 versions, I was pretty shocked:
https://support.symantec.com/us/en/article.howto12...
Can anyone explain to me the difference about virius definition?
Standard client is "download latest definition only", "use definition in the cloud";
while the dark web client is "full set of definition".
If our servers cannot connect to Internet, does that mean their SEP (standard client) are not able to detect some virus due to lack of some definitions?!?!?!
Hi All,
I want to change the SEPm Web Access Certificate. the current certificate is self sign.
* it is a different certificate from the client - server communication right ?
Thanks,
Failed to read C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\temp\threatcon.zip
This is under investigation. Please subscribe to the following KB for updates.
https://support.symantec.com/us/en/article.TECH257...?
I have updated to latest version of Symantec and is that Firewall turned off notifications pop up messages. Symantec works fine and all FW logs are captured. Any help
Dear everybody,
I need solution to migrate rest of SEP clients from old SEPM12 server to new SEPM14 server. Problem is we cannot do it by ourself since we are not responsible for Windows clients platform managed by different 3rd parties.
In example, I found solution how to migrate the clients with Trend Micro OfficeScan XG without additional administrator efforts, just need to replace IP address that belongs to new AV server in OfficeScan server configuration. Clients will receive the configuration file with new server IP address then the client will report to new AV server. I think this approach is working because new server has the same certificate for it's clients that is used by old server.
Does anybody know the approach to migrate the clients using Symantec capabilities only?
After updating to 14.2.2 MP1, all the Remote Desktop Servers we support have gone south
There is a Symantec Service Framework created for every user - And it's using anywher from 1.5 - 5% utilization
This creates ana almost 100% utilization in small environments
I've had to remove SEP 14.2.2 MP1 - will re-install older version later
Seem to only affect Server 2012 and above
Server 20008 R2 seems to be ok
Any idea or workaround to fix this ?
Steve
Hello All,
I want to change the IP of my SEPM embedded DB (now its "localhost" and want to make the real IP of the hosting server: Telnet localhost 2638 => OK / Telnet IP_Addresse 2638 KO)
I want to do so to be able to retrieve data using JDBC, I made all the necessary changes :
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\SQLANYs_sem5\parameters : Changed the value of localonly to no
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\conf\Catalina\localhost\ROOT.xml : Changed the value of host=127.0.0.1 to host=IP_Addresse
C:\Program Files\Symantec\Symantec Endpoint Protection Manager\bin\ODBCUTIL.properties : Changed the value tcpip(IP=127.0.0.1 to tcpip(IP=IP_Addresse
ODBC Data Source Administrator /SystemDSN /SymlantecEndpointProtectionDSN /Network : Changed host value from 127.0.0.1 to IP_Addresse
Is this possible to change the IP or im missing something
Thank you in advance
Kind regards
N.Achraf
Hello team,
Kindly assist to now below things;
1. If SEP console demonstrating that all endpoints in scope are reporting their protection protection status (active or inactive), where a system is found to be inactive, an alert is raised on the console.
2. If SEP console can shows inactive status protection is re-enabled in a timely manner.
Thank you
Hi,
I am using SEPM 14.0(RU1 MP2) and SEP 14.0 RU1 MP2. I have enabled "Application and Device control" under client management to control unknow software installation by users.
Because of this even my windows updates shows as download pending and if I download it and starts installaing it gives a error (0x80070005) which intern informs about "The error code is also described as ACCESS DENIED and it usually appears when you lack of permissions of file or registry which are demanded when reinstalling updates. ... Error 0x80070005 occurs when you attempt to install system updates and you do not get the required permissions to do the operation."
And when I disable Application and device control under SEP change settings, the windows updates installs properly, Need help to identiy the issue and resolve it.
The error are attached as image.
Regards
Varun
Hello All,
I recently updated my SEPM client to the newest version (released 1.27.20) - 14.2.2_MP1. (14.2.556.2100)
Since then, most of my clients are coming up as "Client Version Unavailable" in the management client . However, when I log into one of the 'unavailable' clients, I show that they have the updated version. Why can't I see it in the management client?
Hi
We recently upgraded our Sepm managers to 14.2 ru2 (no issues) and have started upgrading our clients now.
it has come to our notice that few of our clients end in BSOD post reboot and this is a show stopper .We have submitted the memory dump to Symantec support and the response we got is that it was because of AC definitions (which were btw latest defs in the clients which failed) and that the issue is occurring in some "win10" machines during reboot due to the sysplant.driver.
this information doesn't really help .we need to upgrade our clients at the earliest and disabling adc is not an option as we need it .Further fresh installation causes no issues in the same machines which landed in bsod during upgrade .however this cannot be followed for all our clients.
Any suggestions / solutions ?
Ps: we do have machines which upgraded successfully( running with the same Os/build config as the ones which resulted in Bsod ...so this rules out that it may be related to config or build of Os)
This is being investigated currently. Please subscribe to this KB for updates:
https://support.symantec.com/us/en/article.TECH257...?
Hello everyone,
we are using an ArcSight Smart Connector to pull all interesting SEP event information into our SIEM.
The Downloaded or created by field in SEPM is very interesting for our security analysts. I took a look in the Release Notes for SmartConnector version 7.12.0.8149.0 and it says that this field is supported, but I can't find it in the raw event details. Do I have to do something to get this kind of information into SIEM?
Do you have an answer for me? I will ask the support for ArcSight too.
SEPM Version 14.2.5569.2100
MSSQL Version 11.00.7462
Smart Connector Version (Linux) 7.12.0.8149.0
Kind regards
Dominik
Hello,
In my current configuration, local admins can add their own exection on their SEP client. I want forbide this but first I would like to delete all exceptions already created on the clients. I can see them from the SEPM throught the Policies menu > Exceptions > clicking on an exception policy > on the Exeptions part, when I click on Add > Windows Exceptions > Application > then in the View list I select "user-allowed applications". But there is no way to remove them.
Does anyone know how to do it or I have to contact all my users one by one to tell them to remove their exceptions manually?
Thanks.
What happens when you exceed your license? Looks like we're over by about 15 clients right now.
Our SEPM is synced with Active Directory, are licenses counted just on computers that actually have a SEP client or when they pop up in AD before ever getting a client pushed to them?
A "Symantec Endpoint Protection Product Versions" report shows we have a total of 1207 computers. But, in the SEPM dashboard under "Endpoint Status" the "Total Endpoints" shows 1539. Our license is for 1500 computers and we're getting pinged that we're "overdeployed". Why the discrepancy?