Cannot install new clients - setup is KO

February 5, 2020, 7:01 am

≫ Next: Finding Unmanaged Clients Without Configuring Unmanaged Detectors?

≪ Previous: Total Endpoints in SEPM Dashboard Doesn't Match Report

$

0

0

I need a solution

Hello everyone,

I am facing an issue with my SEP setup that I was using since 2018 to install new clients. It was working fine since last friday, and starting saturday the same setup.exe is failing to install SEP clients.

Here is what I found in %programdata%\Symantec\setup :

3rd Party Application Removal Begin
Initializing 3-PAR verification
Initializing 3-PAR object
Initialization completed successfully
Detection process beginning
Detection process failed
3rd Party Application Removal End
 

Also, funny thing is that if I manually change the date on my computer and set it in january, the installation runs smoothly.

I've tried reaching out to the support with no help. Symdiag is all green except for Remote Registry Service but it is not related.

Informations on our infrastructure :

2 SEPM v14.2.1031.0100

Clients installed in same version 

Does anyone have already faced this issue ?

Thanks in advance for any response,

Regards,

Axel

0

1580918288

44

---

Finding Unmanaged Clients Without Configuring Unmanaged Detectors?

January 28, 2020, 12:10 pm

≫ Next: Cannot install new clients - setup is KO

≪ Previous: Cannot install new clients - setup is KO

$

0

0

I need a solution

Is there a way in the SEPM console to view clients that are unmanaged without having to configure unmanaged detectors?  In my search I found this: 

"...Symantec Endpoint Protection Manager uses several methods to locate unmanaged clients. It can still locate unmanaged clients if no Unmanaged Detectors are defined, but the results are more accurate if there is an Unmanaged Detector on each local network segment...."
https://support.symantec.com/us/en/article.TECH105722.html

But it doesn't go on to say how to do that. It only talks about configuring unmanaged detectors.

0

1580313183

Cannot install new clients - setup is KO

February 5, 2020, 7:01 am

≫ Next: Offline clients definition updates

≪ Previous: Finding Unmanaged Clients Without Configuring Unmanaged Detectors?

$

0

0

I need a solution

Hello everyone,

I am facing an issue with my SEP setup that I was using since 2018 to install new clients. It was working fine since last friday, and starting saturday the same setup.exe is failing to install SEP clients.

Here is what I found in %programdata%\Symantec\setup :

3rd Party Application Removal Begin
Initializing 3-PAR verification
Initializing 3-PAR object
Initialization completed successfully
Detection process beginning
Detection process failed
3rd Party Application Removal End
 

Also, funny thing is that if I manually change the date on my computer and set it in january, the installation runs smoothly.

I've tried reaching out to the support with no help. Symdiag is all green except for Remote Registry Service but it is not related.

Informations on our infrastructure :

2 SEPM v14.2.1031.0100

Clients installed in same version 

Does anyone have already faced this issue ?

Thanks in advance for any response,

Regards,

Axel

0

1580918288

44

Offline clients definition updates

February 5, 2020, 10:12 am

≫ Next: SEP 15 Agent Bandwidth Utilization Clarification

≪ Previous: Cannot install new clients - setup is KO

$

0

0

I do not need a solution (just sharing information)

Here is our scenario: We have many Windows 10 laptops that very rarely see our internal company network nor do they see the internet. We have groups of these laptops that are taken to various locations throughout our region and setup on their own closed network using a router that is not connected to a WAN (no internet connectivity). This is done for the day then taken down at the end of the day. The one consistency that they have is that they all can connect to a single server that is set up on the closed network. When not in the field the servers do come back and get connected to our internal network and so they are able to keep Windows and SEP up-to-date. Though the laptops roam between which of the physical servers they are connected to, the servers will always have the same IP address on the closed network (lets use 10.1.1.2 for example). So tablets/laptops can always connect to 10.1.1.2 while on the closed network. I thought that making the servers GUPs and pointing the clients to look for a GUP at 10.1.1.2 might be a solution to how to keep their definitions up-to-date but upon further reading about GUP best practices I read this:

"If the SEP clients you need to update using a GUP are not able to connect to the HTTP port used by the SEPM for client management, consider another method of updating clients."

Unfortunately it can be many months that pass before the laptops see our internal network and this is usually a manual process when we put hands on each device and update them. Obviously with the laptops being on a closed network there isn't much of an attack vector and it would be difficult for anything to spread from them as well but ideally we would be able to keep their SEP definitions up-to-date anyway in case staff deviate from our documented policies and processes and connect them another network or plug mass storage devices into them (we do have Windows Group Policy in place but there are some known ways around and we like to try to cover all of our bases).

Does anyone have any suggestions on how we might best keep the SEP clients up-to-date in this scenario?

0

SEP 15 Agent Bandwidth Utilization Clarification

February 5, 2020, 10:58 pm

≫ Next: SEP client showing Offline even after sylink replace multiple time

≪ Previous: Offline clients definition updates

$

0

0

I need a solution

Hello Everyone, I am very well familiar with SEP 15, its architecture and how it works.

I have one specific question which is regarding the bandwidth utilization for SEP 15 clients, specfically when it comes to downloading the content definations and uploading the logs to the Cyber defense manager in the cloud and getting the poliicies. I am unable to find any TECH note which talks about this aspect of bandwidth utilization, like how much approximate badwidth utlization will be for each agent

Does anyone have more info on this?

0

SEP client showing Offline even after sylink replace multiple time

February 6, 2020, 5:15 am

≫ Next: How to close account?

≪ Previous: SEP 15 Agent Bandwidth Utilization Clarification

$

0

0

I need a solution

Hi Everyone,

Often in our SEP environment client go offline and even after replacing sylink multiple times they don't show online. I have tried replacement of sylink by script and from manually sylink drop on client.

Is there any way I can check SEP logs to see communication dialogue exchange as in any kind of log file on sep client.

Kindly note- SEPM architecture is 2 Load balancing SEPM server and priority next is two 2 replication sepm server. we have around 16000 sep clients although these are only on 2 load balancing Sepm and not in replication server.
Also note policy updation on Sep client take around 8 to 10 hrs as we have added huge amount of device ids.

As there any way that I can have a workaround or quick fix to address this issue and bring SEP client online quickly like in matter if minutes.

0

How to close account?

February 5, 2020, 4:44 pm

≫ Next: Registry values to check status of Norton/Symantec AntiVirus

≪ Previous: SEP client showing Offline even after sylink replace multiple time

$

0

0

I need a solution

Hello,

I've created a security account to try it, without any subscriptions. Now, I receive many e-mails each days.

How can I close the account so I no more receive them?

Thanks in advance for the answer

0

Registry values to check status of Norton/Symantec AntiVirus

February 5, 2020, 9:28 pm

≫ Next: Latest from Symantec: Information is currently unavailable

≪ Previous: How to close account?

$

0

0

I do not need a solution (just sharing information)

This is a general question. I am trying to find information to determine TimeOfLastScan, PatternFileRevision and PatternFileDate etc settings directly in the registry for Norton AntiVirus on Windows 10.

I believe most Norton AntiVirus values should be located under HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\..., but the latest Norton AntiVirus 22.19.8.65 trial version does not appear to have the same location in the Registry?

I can only see HKEY_LOCAL_MACHINE\SOFTWARE\Norton\... and HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\.... But I cannot find these values I want to check programmatically (Time of last scan and pattern file date etc).

Have Symantec changed the design and Registry location for Norton AntiVirus at some point in the past? Or is the usual location missing because I am using the trial version?

Can someone please clarify why HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\... is no longer visible in the latest version of Norton (Symantec) AntiVirus?

Thank you.

Trevor

0

---

Latest from Symantec: Information is currently unavailable

January 30, 2020, 7:51 am

≫ Next: Are Symantec trying to lose customers?

≪ Previous: Registry values to check status of Norton/Symantec AntiVirus

$

0

0

I need a solution

Hello,

More anybody are seeing in your SEP Manager shows Information is currently unavailable for Window Definitions?

Thank you.

0

• SEPM Windows Definitions.png

1580476128

Are Symantec trying to lose customers?

January 31, 2020, 12:13 am

≫ Next: How to close account?

≪ Previous: Latest from Symantec: Information is currently unavailable

$

0

0

I do not need a solution (just sharing information)

I have been trying for some time, as has my reseller, to get some response to my attempt to renew my licensing.  We have so far been unable to get any response.  Do Symantec want customers?  I really don't care about 're-branding', my concern is with the security of my servers.  Does the company still sell licenses or should I be looking for an alternative product?

0

How to close account?

February 5, 2020, 4:44 pm

≫ Next: Registry values to check status of Norton/Symantec AntiVirus

≪ Previous: Are Symantec trying to lose customers?

$

0

0

I need a solution

Hello,

I've created a security account to try it, without any subscriptions. Now, I receive many e-mails each days.

How can I close the account so I no more receive them?

Thanks in advance for the answer

0

Registry values to check status of Norton/Symantec AntiVirus

February 5, 2020, 9:28 pm

≫ Next: SymDiag---conncet for some servers

≪ Previous: How to close account?

$

0

0

I do not need a solution (just sharing information)

This is a general question. I am trying to find information to determine TimeOfLastScan, PatternFileRevision and PatternFileDate etc settings directly in the registry for Norton AntiVirus on Windows 10.

I believe most Norton AntiVirus values should be located under HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\..., but the latest Norton AntiVirus 22.19.8.65 trial version does not appear to have the same location in the Registry?

I can only see HKEY_LOCAL_MACHINE\SOFTWARE\Norton\... and HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\.... But I cannot find these values I want to check programmatically (Time of last scan and pattern file date etc).

Have Symantec changed the design and Registry location for Norton AntiVirus at some point in the past? Or is the usual location missing because I am using the trial version?

Can someone please clarify why HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\... is no longer visible in the latest version of Norton (Symantec) AntiVirus?

Thank you.

Trevor

0

SymDiag---conncet for some servers

February 10, 2020, 5:56 am

≫ Next: User Logon time increased (i.e, group policy processing time of registry and shared printers slow) after 13 Jan standard jdb update

≪ Previous: Registry values to check status of Norton/Symantec AntiVirus

$

0

0

I need a solution

I made scan my files with SymDiag .This software connect for a lot of server .I check one of it .Server listing folders.I think Apache should not allow for it.

http://port-205-196.nextconnex.net/
http://port-205-196.nextconnex.net/js/
http://port-205-196.nextconnex.net/include/
http://port-205-196.nextconnex.net/html/
http://port-205-196.nextconnex.net/css/
http://port-205-196.nextconnex.net/api/
http://port-205-196.nextconnex.net/api/v1/

0

User Logon time increased (i.e, group policy processing time of registry and shared printers slow) after 13 Jan standard jdb update

February 8, 2020, 5:48 am

≫ Next: SEPM 14

≪ Previous: SymDiag---conncet for some servers

$

0

0

I need a solution

We downloaded Symantec Update 13 Jan 2020 (reduced size for standard clients) and after pushing the update fol issues are being observed.

1. A large no of scripts placed in group policy which are downloaded during user logon are being identified as malware by Symantec. This issue is however solved intermittently by adding the scripts in exception list.

2. The outstanding issue is that now on our Windows Server 2012 R2 application servers, shared printers connect slowly (when you do it via \\PRINTSERVER\PrinterName) or otherwise when client side extension of printer policy is being executed during user logon. Due to this, user logon times has terribly increased and no log etc is available for troubleshooting. Also, we have even tried stopping sep client using smc -stop command and than try to reproduce the problem, interestingly the problem still is not resolved. However, when we completely removed symantec endpoint client from our server and reproduce the problem, it is gone.

3. After digging down a lot, I also found that not all kinds of printers are being slowly processed during group policy processing at user logon, rather only some HP Laserjet models are slow..

PLEASE HELP!!!

0

SEPM 14

February 10, 2020, 2:18 am

≫ Next: SEP installer for Mac OS X Catalina fails

≪ Previous: User Logon time increased (i.e, group policy processing time of registry and shared printers slow) after 13 Jan standard jdb update

$

0

0

I do not need a solution (just sharing information)

Hi there,

Please advise if we can enable Memry Exploit Mitication  ( Network and host exploit mitigation) for prod servers.

0

---

SEP installer for Mac OS X Catalina fails

February 10, 2020, 11:08 am

≫ Next: Unable to push the package to Windows server

≪ Previous: SEPM 14

$

0

0

I need a solution

Hi,

we are testing the new SEP 14.2.2MP1 and the installer for Catalina keeps giving me an error 'The application "Symantec Endpoint Protection Installer" can't be opened'. I checked in 'System Preferences|Security & Privacy' if the installer needs special permission but it is not listed there. Anyone else has seen this issue and how can it be resolved?

Thanks

0

Unable to push the package to Windows server

February 11, 2020, 12:17 am

≫ Next: Peer-to-peer authentication

≪ Previous: SEP installer for Mac OS X Catalina fails

$

0

0

I need a solution

We are pushing package from SEPM console to one of the windows servers, on console it is showing as successful but when we are checking on server service is not available and symantec is not in installed applications.

Wish to have a good solution soon.

Thanks in Advance

0

Peer-to-peer authentication

February 10, 2020, 10:16 pm

≫ Next: SEP 14.2 RU2 - Client unable to take action on infected files

≪ Previous: Unable to push the package to Windows server

$

0

0

I need a solution

Hi all!

We have Symantec Endpoint Protection v 14.2.4815 on our endpoints. I'm trying to configure peer-to-peer authentication on some servers, to prevent network connection from hosts without Symantec.

When I activate firewall policy with "peer-to-peer authentication" enabled on that server, it begins to block all traffic from hosts that are not excluded,  even if SEP is installed on them and host integrity check is passed. 

Am I doing something wrong, or peer-to-peer authentication works in different manner?

Thanks in advance.

Elvin

0

SEP 14.2 RU2 - Client unable to take action on infected files

February 11, 2020, 8:30 am

≫ Next: IP for embedded SQL DataBase

≪ Previous: Peer-to-peer authentication

$

0

0

I do not need a solution (just sharing information)

Hi,

I do have a ticket raised on Symantec and i'm looking support on a current issue.

At the moment we have couple of servers with SEP 14.2 RU2, and SEP is unable to clean detected risks while doing schedule scans, however if we do run them manually the infected files are cleaned. This is some of things we already review:

• SEP Policy for schedule scans
• Permissions on the files/volumes
• Run a command line using system account

Can some aditional information being provided regards on how the schedule scans actually work? Which components of the AV are involved, etc

Thank you.

0

IP for embedded SQL DataBase

February 3, 2020, 5:03 am

≫ Next: SEP Status & Alerts from the Dashboard

≪ Previous: SEP 14.2 RU2 - Client unable to take action on infected files

$

0

0

I need a solution

Hello All,

I want to change the IP of my SEPM embedded DB (now its "localhost" and want to make the real IP of the hosting server: Telnet localhost 2638 => OK / Telnet IP_Addresse 2638 KO) 

I want to do so to be able to retrieve data using JDBC, I made all the necessary changes :

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\SQLANYs_sem5\parameters : Changed the value of localonly to no

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\conf\Catalina\localhost\ROOT.xml : Changed the value of host=127.0.0.1 to host=IP_Addresse

C:\Program Files\Symantec\Symantec Endpoint Protection Manager\bin\ODBCUTIL.properties : Changed the value tcpip(IP=127.0.0.1 to tcpip(IP=IP_Addresse

ODBC Data Source Administrator /SystemDSN /SymlantecEndpointProtectionDSN /Network : Changed host value from 127.0.0.1 to IP_Addresse

Is this possible to change the IP or im missing something

Thank you in advance

Kind regards

N.Achraf 

0

1580827159