Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all 10484 articles
Browse latest View live

SEP 12.1.2: Clients can't communicate with SEPM

April 11, 2013, 6:39 am
$
0
0
I need a solution

Hi all. 

Figures, I've been able to install and manage some SEP 12.1.2 deployhments at customer sites, but at my own site, I can't get clients to talk to SEPM and I'm not sure why. 

I have 3 client systems I'm working with and one SEPM server, all on same local subnet. 

Clients:

  • Win XP Pro, has been running Unmanaged SEP 11 for a long time
  • Win7 Pro - fresh install
  • Win8 Pro - Fresh install (with the KB2781197-removal workaround applied)
  • 3 Win2008 R2 Enterprise servers (1 as the host, two as VM's within)

SEPM:

  • Installed on 2008 R2 Enterprise server, which is a VM in a non-domain environment. 
  • VM host is also 2008 R2 Enterprise as mentioned above

Problem:

The Win XP and Win8 machines cannot communicate with SEPM.  Under Troubleshooting in the client UI, it shows them as Never connected to the server (over port 8014). 

 

The Windows 7 laptop CAN communicate, as can the host and VMs as well.  Again, SEPM is in a VM for what that's worth. 

The fact that the external laptop can do so should tell me that I don't need to worry about firewall settings etc for the VM running SEPM, right? 

The SEPM install is compmletely default, I haven't even created any policies or anything yet. 

Correction:  After discovering this issue, I edited the default Firewall policy to include the Local Subnet as a blanket Allow All policy. 

I ran SymHelp which I'm new to, which doesn't seem to test network communications issues since none of the feedback it gave seemed to relate to anything network-oriented.  It was all local SMC services and so on.  Actually I'll run it again and post results here. 

So my question is this, how do I go about troubleshooting this one?  A new Win8 system can't communicate, an old XP system can't, but a mew;u omsta;;ed Win7 can?  All using the same SEPM intall package?  (well, the XP was a 32bit). 

Thanks all. 

 

Search

SEP Blocking Hotel Authentication Portal Site

April 11, 2013, 7:08 am
$
0
0
I need a solution

So, I've had a lot of users reporting an issue with not being able to access the hotel wireless.

Occurs when they go to connect to the network, the re-direct page to authenticate to the hotel wireless does not come up. They are able to connect to the wireless network, but it says they are connected to the wireless network but doesnt redirect to any hotel wireless authentication page to complete the connection. Could be wrong but have had a suspicion that the problem lies with the SEP firewall.

This is happening with other hotels as well. They're able to connect to the wireless network.

The only traffic log found with blocked activity.

Traffic logs >
Date and Time : 4/11/2013 6:30am
Action: Blocked
Sev : 15
Remote Host : 0.0.0.0
Application : Nothing
 

Unmanaged Detector no trae informacion SEPM 12.1.2

April 11, 2013, 7:26 am
$
0
0
I need a solution

Hola.

Estoy utilizando la caracteristica de Umanaged Detector de la consola SYmantec 12.1.2, para detectar que equipos no estan siendo administrandos desde la consola.

Habilite este servicio en un equipo cliente de mi red, sigiendo las instrucciones de los KB http://www.symantec.com/business/support/index?pag... y http://www.symantec.com/business/support/index?pag..., pero no consigo tener datos de estas maqunas.

Alguien me puede indicar que puede suceder, o que procedimiento debo realizar para que esto funcione.

EL equipo que esta funcionando como Detector Unmanaged es Windows 7 y las version del cliente antivirus es 12.1.2015

Gracias por su colaboracion.

Unmanaged Detector SEPM 12.1.2 does not display information

April 11, 2013, 7:31 am
$
0
0
I need a solution

Hello.

I am using the Umanaged Detector feature of the Symantec 12.1.2, to detect that teams not being administered from the console.

Enable this service on a client computer on my network, following the instructions in the KB http://www.symantec.com/business/support/index?pag... and but I can not have data on these computers.

Someone can tell me that can happen, or do I do to make this work.

The computer that is running as Unmanaged Detector is Windows 7 and the antivirus client version is 12.1.2015

Thanks for your help.

SEPM 12.1 Client Version Unavailable

April 11, 2013, 8:46 am
$
0
0
I need a solution

OK I am looking at one of our client groups within SEPM imported from AD. The client version on nearly all of the computers says Client version unavailable? Does any one have any insight on why this would be? I have attached a screen shot.

 

I also have a second question. We have enabled an auto upgrade for another of the computer groups, and placed several SEP Client version 11 computers into the OU in AD. We updated the sylink file on the machines, however they are not showing up in the SEPM 12.1. Any ideas why the computers would not show up? They shoull be reporting to the SEPM server, and auto upgrading instead we do not see them at all. Thanks in advance.

Virus and Risks summary

April 11, 2013, 9:19 am
$
0
0
I need a solution

Hi everybody,

 

i`m having some trouble with SEPM 12.1 console. The virus and Risks summarys is showing alerts for some machines, with tha alerts dates being last year.

The curious thing is that I have more machines with exactly the same file in the same folder in other machines and SEPM doesnt report that as an alert.

I`ve created some group exceptions to all of this machine, but i imagine this ones arent applying them correctly. I`ve already checked the registry of those machines and the exceptions are there.

 

Any suggestions?

 

Thanks

SVCHOST.exe notification of being blocked...Help!!! Tasklist is attached!

April 11, 2013, 10:22 am
$
0
0
I need a solution

I keep getting a popup that svchost.exe is being blocked. I have ran the scan along with malware and avg and nothing is popping up. I seen on other forums that people posted their tasklist to others to look at. I attached mine.... if you could tell me if you notice anything fishy that would be greatly appreciated. Thanks!!!!@

 

Building a test SEPM 12.1

April 11, 2013, 11:48 am
$
0
0
I need a solution

Hi Everyone,

I am interesting in building a test SEPM using 12.1.  Is there a way to pool licenses already assigned to production SEPM?  Do I need to buy separate licenses for any clients I connect to a test SEPM.  Just looking to see how others handle licensing when it comes to a test SEPM.

Thanks in advance,

Bob

8607281
1365706765
1076201
Search

SEPM 12.1 Database Backup

April 11, 2013, 12:46 pm
$
0
0
I need a solution

I have a SEPM 12.1 console with a SQL Server 2008 database instance. Previously we backed up the database by exporting SQL backups via SQL Server Management Studio. Currently we have it backing up by selecting the 'Database Backup' option in the SEPM. I'm wondering what the pros or cons are of each and if one is better than the other. I see that most Symantec articles reccomend backing up the database from the SEPM but wondering if the export options is sufficient. Thanks.

SEP Weekly report file format -- Change file type?

April 11, 2013, 1:31 pm
$
0
0
I need a solution

SEPM sends out a weekly report.  It emails an .mht attachment.

We're having issues with that getting caught in our spam filters simply due to the file type.  And I can't easily open it -- For some reason I have to clear my temporary files and then I'm able to view it.

Is there a way to change the file type on those weekly reports?  I'm looking around SEPM but I don't see anything.

License shortage incorrectly indicated, system not reporting status of all clients

April 11, 2013, 1:59 pm
$
0
0
I need a solution

My location is running SEP on one server, upgraded approximately two months ago to 12.1.2015.2015.  We have purchased hundreds of licenses.  We are not synced with LDAP or Active Directory.  Until the day we upgraded to 12.1, SEPM was reporting that we had about 50 less installed clients than licenses owned.

After upgrading to 12.1, we immediately began receiving warnings that we have insufficient licenses, to the tune of 700+ licenses.

As recommended elsewhere, weeks ago, I ran a database purge (down to 1 day, then back to 30 days), and now the console reports that we have only 50+ computers reporting their endpoint status.  I can prove that we have more than 50 managed installations on computers on just one part of one floor of our office, and that they are receiving updates daily, so something seems very wrong.

My goal is to make the number of installed client licenses actually report correctly, and I'd like the console to reflect the fact that we have WAY more than 50 managed clients that are connecting and receiving daily updates and have it report their conditions.

I understand that queries can be run against the database, but I haven't found the manner in which to submit queries yet.

I have reindexed the databases twice.

Would someone be willing to guide me to instructions that I can use to (1) force any unmanaged clients that might have slipped through to be forced into a managed state, (2) create a list of machine names of all computers that SEPM counts as installed, so I can find the mistakes, and (3) force the system to correctly count and report our clients?

Thanks!

-David

Anti-virus Standard Protection

April 11, 2013, 8:23 pm
$
0
0
I need a solution

In Mcafee , there is Anti-virus Standard Protection:Prevent remote creation/modification of executable and configuration files
May we know if there is same policy or rule in Symantec 12.1.2015 ? In Application and Device Control or in Firewall rule ?
How to configure?
Sample log in Mcafee
1/14/2013 11:12:42 AM Would be blocked by Access Protection rule  (rule is currently not enforced)  Domain\username System:Remote D:\share\Bank\Passwords.exe Anti-virus Standard Protection:Prevent remote creation/modification of executable and configuration files Action blocked : Delete

Some Remote site GUP clients does not update virus definition

April 11, 2013, 9:05 pm
$
0
0
I need a solution

Hello everyone,

I have a serious problem since April first week.

We have done some maintenance on SEP 11 Management server on last week and everything seems to be fine after that.

But today i have noticed that most of our GUP client running on Windows 2003 Servers were not updated the virus definition. 

I tried to run "luall -control" control command on GUP and it says download definition success.

I have tested all communiction between GUP and Manangement server and all OK.

Please help me.

with regards,

Tommy

 

 

To Be Embedded or Not To Be???

April 12, 2013, 6:16 am
$
0
0
I need a solution

I'm upgrading the current SEP 11 to SEP 12.1.2 supporting about 1500 clients.  The SEPM will be built on a VM with Win2008 R2 as the OS.  Now I know by reading that the embedded DB can support up to 5000 clients, but I'm not feeling comfortable suggesting the embedded.  Reason 1, I installed SEPM w/ embedded DBin my test environment, and I'm having a bit of a struggle accessing the DB through the SQL Client Tools I installed.  Reason 2... The current SEPM DB is embedded on the SAME VM (don't know which genius thought of that).  If that VM gets corrupted, the whole SEPM is crashed.

So if I make the recommendation to a separate SQL Server, the impact of the DB should be minimal and much more secure.

Suggestions?  Recommendations?  Solution.  Thanks!!!

8610981
1365794901
2849531

SEPM 12.1.2 with Clients in DMZ Zone

April 12, 2013, 10:30 am
$
0
0
I need a solution

We have several SEP clients in a DMZ zone - public facing - our firewall group have given us the notification that our internal SEPM cannot communicate with the clients int he external DMZ.  We have 2 firewalls   internal | DMZ1 | DMZ2  to get through.

 

They want to see a "relay" (I'm thinking group update provider??) in DMZ1 to distribute updates via our internal SEPM.  Does the GUP provide the status of the clients it manages to the internal SEPM or is it for ONLY providing content updates?

 

 

Thank you

Search

Symantec Intrusion Protection 11.359 - 4 prevents firefox process from stopping

April 12, 2013, 11:14 am
$
0
0
I need a solution

I am having a problem with Firefox 17.0.5.  When I close Firefox the Firefox.exe process does not end.  I norowed it down to the Symantec Intrusion Protection 11.359 - 4 plug in by disableing all prigins and enableling one at a time.  I now have all the other pligins enabled and do not have a problem.  This problem onlu happens in Firefox.  What do I need to do to solve the problem?

Thanks

Service Accounts In Installing SEP 12

April 12, 2013, 12:54 pm
$
0
0
I need a solution

I have been integrated into Symantec through implementing Altiris (Endpoint Management).  Utilizing best practice, I know that the service account has administrator rights, not only to the NS (Altiris server), but administrator rights to all the nodes the Altiris Agent is going to be installed on.  Utilizing Microsoft SQL, the account for the DB has to have DBO rights.  It has always been suggested that the Altiris Service Account and the DBO account for SQL be the same account to make the installation a bit easier.

I'm now getting doctrinated into Endpoint Protection.  Understanding best practice, the SQL account is a DBO, and the SEP Service Account has administrator rights to the SEPM server and all nodes receiving the SEP clients.  Is it also recommended that the two accounts, SQL and SEP service, be the same to make the installation, again, "easier'???   I, remember working with a SEP consultant on a different project a while back, and he suggested that when installing SEPM that the account used be the same DBO account.

Recommendations?  Suggestions?  Solution. 

Can a GUP be shared between two SEPM's SEP 11 & SEP 12

April 12, 2013, 1:55 pm
$
0
0
I need a solution

Can 1 GUP be shared between 2 seperate SEPMs. One on SEP 11 and One on SEP 12?

 

I say no. What say you?

Some issue on SEPM Risk report:duplcate records, and what does Occurrences mean

April 12, 2013, 8:26 pm
$
0
0
I need a solution

Dear all,

I am a freshman in SEPM admin, could you kindly help me understand some issues about the SEPM risk report? Thank you in advance.

  1. I can find about 5% of records in SEPM Risk report are duplicate values: 471 records in 8283. why it happened?
  2. what does the volumn: occurrences mean? does it mean how many times the event happed at the specific time?
  3. the actual action is cleaned by deletion, but it still kept reporting the issue, does it mean, the SEP did not find the source of the issue, and the virus file was created again and again?

   record_1.png

record_2.png

SEPM Clients getting updates before SEPM Server obtains the definiions

April 12, 2013, 9:38 pm
$
0
0
I need a solution

Hi,

 

We are using SEPM 12.1.x.x version. We have some 2000 Client computers managed by the SEPM Server. These 2000 computers are distibuted in some 300+ groups. The Windows definitions as can be seen from the "Home" page of SEPM is

Latest from Symantec: 11/04/2013

Latest on Manager: 11/04/2013

 

That means all the client computer should be updated till  11/04/2013. But it can be seen that some group has machines updated till 12/04/2013. Can anyone explain from  where did this last update reach from ?

 

Regards,

Anish

8613131
1365828596
2648931
2648931
8613171
Viewing all 10484 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>