Hello team,
Kindly assist to now below things;
1. If SEP console demonstrating that all endpoints in scope are reporting their protection protection status (active or inactive), where a system is found to be inactive, an alert is raised on the console.
2. If SEP console can shows inactive status protection is re-enabled in a timely manner.
Thank you
Hi all!
We have Symantec Endpoint Protection v 14.2.4815 on our endpoints. I'm trying to configure peer-to-peer authentication on some servers, to prevent network connection from hosts without Symantec.
When I activate firewall policy with "peer-to-peer authentication" enabled on that server, it begins to block all traffic from hosts that are not excluded, even if SEP is installed on them and host integrity check is passed.
Am I doing something wrong, or peer-to-peer authentication works in different manner?
Thanks in advance.
Elvin
Hi,
I do have a ticket raised on Symantec and i'm looking support on a current issue.
At the moment we have couple of servers with SEP 14.2 RU2, and SEP is unable to clean detected risks while doing schedule scans, however if we do run them manually the infected files are cleaned. This is some of things we already review:
Can some aditional information being provided regards on how the schedule scans actually work? Which components of the AV are involved, etc
Thank you.
Bonjour,
J'ai installé symantec endpoint protection manager version 14, je suis toujours renvoyer vers l'emplacement où il faut introduire le ficher .slf lors de l'activation de sa licence représentéé par le numéro de série.
Je ne possède pas le fichier .slf, c'est seulement le numéro de serie.
votre aide s'il vous plaît.
Hello ,
We are planning to upgrade our SEPM 14.2 to SEP cloud .Does we need to pay any addtional chnarges or it is free of cost ?
Thanks
Sujith
Hi all,
So we get Symantec Endpoint logs from a customer pushed to Splunk, i'm looking to learn what both of the below files are actually used for
| symantec:ep:risk:file |
| symantec:ep:security:file |
The reason i'm asking is because we're looking at what intervals these would expect to send logs to Splunk, any help is much appreciated.
Thanks
Jonathan
Hi Guys,
We have Symantec Endpoint Protection on our systems, however, looking through task manager I have found Elevation_Service.exe It is causing our laptops cpu usage to go up for no reason even though nothing is running in the task bar? We have run full system scans which took a couple hours and came out clean however I am still very concerned about it and wanted to ask other peoples opinions, Does it mean the chrome browsers have been hijacked? I have done some research and found out it is Google Chrome trying to do some sort of updates in the background causing load on the CPU. According to this site https://securedyou.com/what-is-google-chrome-elevation-service-exe/ I have followed what they suggested and got rid of it manually but it keeps coming back once you reboot the system? Any ideas or recommendations would be appreciated, can someone please confirm that this is not a virus and is harmless. Thank you
Hi Everyone
I installed SEPM 14.2.2 on Windows Server 2008 R2 this server has active directory controller before.
Can't create client install package have error "Failed to export to Group Default Group" following attached.
Please suggestion.
Hi
We recently upgraded our Sepm managers to 14.2 ru2 (no issues) and have started upgrading our clients now.
it has come to our notice that few of our clients end in BSOD post reboot and this is a show stopper .We have submitted the memory dump to Symantec support and the response we got is that it was because of AC definitions (which were btw latest defs in the clients which failed) and that the issue is occurring in some "win10" machines during reboot due to the sysplant.driver.
this information doesn't really help .we need to upgrade our clients at the earliest and disabling adc is not an option as we need it .Further fresh installation causes no issues in the same machines which landed in bsod during upgrade .however this cannot be followed for all our clients.
Any suggestions / solutions ?
Ps: we do have machines which upgraded successfully( running with the same Os/build config as the ones which resulted in Bsod ...so this rules out that it may be related to config or build of Os)
This is being investigated currently. Please subscribe to this KB for updates:
https://support.symantec.com/us/en/article.TECH257...?
Hello everyone,
we are using an ArcSight Smart Connector to pull all interesting SEP event information into our SIEM.
The Downloaded or created by field in SEPM is very interesting for our security analysts. I took a look in the Release Notes for SmartConnector version 7.12.0.8149.0 and it says that this field is supported, but I can't find it in the raw event details. Do I have to do something to get this kind of information into SIEM?
Do you have an answer for me? I will ask the support for ArcSight too.
SEPM Version 14.2.5569.2100
MSSQL Version 11.00.7462
Smart Connector Version (Linux) 7.12.0.8149.0
Kind regards
Dominik
Hello,
In my current configuration, local admins can add their own exection on their SEP client. I want forbide this but first I would like to delete all exceptions already created on the clients. I can see them from the SEPM throught the Policies menu > Exceptions > clicking on an exception policy > on the Exeptions part, when I click on Add > Windows Exceptions > Application > then in the View list I select "user-allowed applications". But there is no way to remove them.
Does anyone know how to do it or I have to contact all my users one by one to tell them to remove their exceptions manually?
Thanks.
Hello ,
We are planning to upgrade our SEPM 14.2 to SEP cloud .Does we need to pay any addtional chnarges or it is free of cost ?
Thanks
Sujith
Hi all,
So we get Symantec Endpoint logs from a customer pushed to Splunk, i'm looking to learn what both of the below files are actually used for
| symantec:ep:risk:file |
| symantec:ep:security:file |
The reason i'm asking is because we're looking at what intervals these would expect to send logs to Splunk, any help is much appreciated.
Thanks
Jonathan
Hi Guys,
We have Symantec Endpoint Protection on our systems, however, looking through task manager I have found Elevation_Service.exe It is causing our laptops cpu usage to go up for no reason even though nothing is running in the task bar? We have run full system scans which took a couple hours and came out clean however I am still very concerned about it and wanted to ask other peoples opinions, Does it mean the chrome browsers have been hijacked? I have done some research and found out it is Google Chrome trying to do some sort of updates in the background causing load on the CPU. According to this site https://securedyou.com/what-is-google-chrome-elevation-service-exe/ I have followed what they suggested and got rid of it manually but it keeps coming back once you reboot the system? Any ideas or recommendations would be appreciated, can someone please confirm that this is not a virus and is harmless. Thank you
Hi Everyone
I installed SEPM 14.2.2 on Windows Server 2008 R2 this server has active directory controller before.
Can't create client install package have error "Failed to export to Group Default Group" following attached.
Please suggestion.
Hi
We recently upgraded our Sepm managers to 14.2 ru2 (no issues) and have started upgrading our clients now.
it has come to our notice that few of our clients end in BSOD post reboot and this is a show stopper .We have submitted the memory dump to Symantec support and the response we got is that it was because of AC definitions (which were btw latest defs in the clients which failed) and that the issue is occurring in some "win10" machines during reboot due to the sysplant.driver.
this information doesn't really help .we need to upgrade our clients at the earliest and disabling adc is not an option as we need it .Further fresh installation causes no issues in the same machines which landed in bsod during upgrade .however this cannot be followed for all our clients.
Any suggestions / solutions ?
Ps: we do have machines which upgraded successfully( running with the same Os/build config as the ones which resulted in Bsod ...so this rules out that it may be related to config or build of Os)
This is being investigated currently. Please subscribe to this KB for updates:
https://support.symantec.com/us/en/article.TECH257...?
Hello everyone,
we are using an ArcSight Smart Connector to pull all interesting SEP event information into our SIEM.
The Downloaded or created by field in SEPM is very interesting for our security analysts. I took a look in the Release Notes for SmartConnector version 7.12.0.8149.0 and it says that this field is supported, but I can't find it in the raw event details. Do I have to do something to get this kind of information into SIEM?
Do you have an answer for me? I will ask the support for ArcSight too.
SEPM Version 14.2.5569.2100
MSSQL Version 11.00.7462
Smart Connector Version (Linux) 7.12.0.8149.0
Kind regards
Dominik
Hello,
In my current configuration, local admins can add their own exection on their SEP client. I want forbide this but first I would like to delete all exceptions already created on the clients. I can see them from the SEPM throught the Policies menu > Exceptions > clicking on an exception policy > on the Exeptions part, when I click on Add > Windows Exceptions > Application > then in the View list I select "user-allowed applications". But there is no way to remove them.
Does anyone know how to do it or I have to contact all my users one by one to tell them to remove their exceptions manually?
Thanks.