Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all 10484 articles
Browse latest View live

User Disable Component is Mulfunctioning

April 13, 2013, 11:11 pm
$
0
0
I need a solution

Last two days i when from my office and every user was fine active and online and every thing is ok, but the next day one of the clients told me his pc is going slow so when i checked his symantic status was fine, but when i came to the Symantic manager its online and the auto protection is enable and firewall is enable and Tamper is enable but every thing other starting from Sonar , Network Prevention, Browser Prevention IE, Firefox is all saying Component is Mulfunctioning,

 

How can i enable and fix the  Component is Mulfunctioning ?

 

Thanks

Search

Quarantined Items

April 14, 2013, 6:29 am
$
0
0
I need a solution

My anti-virus has quarantined several viruses which is great and all but is there a way to permanently remove them from my computer? I don't want to click on the wrong thing and loose them back out into the rest of my files. Should I just delete them, export, or submit? Do I need to directly to the program and uninstall/delete it that way? I'm really confused, is it okay to leave them in quarantine? I would really appreciate any advice, thank you.

8614071
1365948705
2871181

SEP client not showing up the latest virus definition.

April 15, 2013, 10:55 pm
$
0
0
I need a solution

Hi Everybody,

 

Here is one of my client and its not able to install new anti virus definitions. The logs are attached below. 

 

I have analyzed the log but couldn't reach to a conclusion. Other machines of same location/subnet are downloading/installing latest updates. Kindly analyse  it 

 

 

 

 

 
Windows Version info:
 
Operating System: Windows 7 (6.1.7601 Service Pack 1)
 
Network  info:
 
 
8118 4/8/2013 9:46:20 AM Information 12070202 Symantec Management Client has been started.
8119 4/8/2013 9:46:24 AM Information 1207020E Location has been changed to Out Of Office.
8120 4/8/2013 9:47:37 AM Information 12070211 The server enabled Host Integrity checking.
8121 4/8/2013 9:50:32 AM Information 12070301 Connected to Symantec Endpoint Protection Manager ()
8122 4/8/2013 9:50:33 AM Information 1207020E Location has been changed to In office.
8123 4/8/2013 9:50:39 AM Information 12070301 Connected to Symantec Endpoint Protection Manager (cochocsep2)
8124 4/8/2013 9:50:45 AM Information 12071051 SONAR has been enabled
8125 4/8/2013 7:49:22 PM Information 1207021A Stopping Symantec Management Client....
8126 4/8/2013 8:49:17 PM Information 12070218 Network Threat Protection's firewall is enabled
8127 4/8/2013 8:49:18 PM Information 12070201 Symantec Endpoint Protection -- Engine version: 12.1.401
 
Windows Version info:
 
Operating System: Windows 7 (6.1.7601 Service Pack 1)
 
Network  info:
 
 
8128 4/8/2013 8:49:18 PM Information 12070202 Symantec Management Client has been started.
8129 4/8/2013 8:49:21 PM Information 12071000 Network Intrusion Prevention enabled
8130 4/8/2013 8:49:21 PM Information 12071000 Internet Explorer Browser Intrusion Prevention enabled
8131 4/8/2013 8:49:21 PM Information 12071000 Firefox Browser Intrusion Prevention enabled
8132 4/8/2013 8:49:22 PM Information 1207020E Location has been changed to Out Of Office.
8133 4/8/2013 8:50:34 PM Information 12070211 The server enabled Host Integrity checking.
8134 4/8/2013 8:56:03 PM Error 120B0001 Failed to contact server for more than 10 times.
8135 4/8/2013 9:05:08 PM Information 12070800 A LiveUpdate session ran successfully.  4 update(s) were available. 4 update(s) installed successfully. 0 update(s) failed to install.
8136 4/8/2013 9:05:08 PM Information 12070800 An update for Virus and Spyware Definitions Win32 from LiveUpdate was successfully installed.  The new sequence number is 130408003.
8137 4/8/2013 9:05:08 PM Information 12070800 An update for Intrusion Prevention Signatures from LiveUpdate was successfully installed.  The new sequence number is 130405001.
8138 4/8/2013 9:05:08 PM Information 12070800 An update for Revocation Data from LiveUpdate was successfully installed.  The new sequence number is 130408007.
8139 4/8/2013 9:05:08 PM Information 12070800 An update for Symantec Whitelist from LiveUpdate was successfully installed.  The new sequence number is 130408002.
8140 4/8/2013 9:20:08 PM Information 12070800 Virus and Spyware Definitions were updated recently, so the scheduled LiveUpdate was skipped.
8141 4/8/2013 9:27:05 PM Information 1207021A Stopping Symantec Management Client....
8142 4/8/2013 9:27:05 PM Information 12070204 Symantec Management Client is stopped.
8143 4/9/2013 8:27:11 AM Information 12070218 Network Threat Protection's firewall is enabled
8144 4/9/2013 8:27:11 AM Information 12070201 Symantec Endpoint Protection -- Engine version: 12.1.401
 
Windows Version info:
 
Operating System: Windows 7 (6.1.7601 Service Pack 1)
 
Network  info:
 
 
8145 4/9/2013 8:27:11 AM Information 12070202 Symantec Management Client has been started.
8146 4/9/2013 8:27:13 AM Information 12071000 Network Intrusion Prevention enabled
8147 4/9/2013 8:27:13 AM Information 12071000 Internet Explorer Browser Intrusion Prevention enabled
8148 4/9/2013 8:27:13 AM Information 12071000 Firefox Browser Intrusion Prevention enabled
8149 4/9/2013 8:28:23 AM Information 12070211 The server enabled Host Integrity checking.
8150 4/9/2013 8:34:19 AM Error 120B0001 Failed to contact server for more than 10 times.
8151 4/9/2013 8:48:25 AM Information 1207021A Stopping Symantec Management Client....
8152 4/9/2013 8:48:26 AM Information 12070204 Symantec Management Client is stopped.
8153 4/9/2013 9:33:18 AM Information 12070218 Network Threat Protection's firewall is enabled
8154 4/9/2013 9:33:19 AM Information 12070201 Symantec Endpoint Protection -- Engine version: 12.1.401
 
Windows Version info:
 
Operating System: Windows 7 (6.1.7601 Service Pack 1)
 
Network  info:
 
 
8155 4/9/2013 9:33:19 AM Information 12070202 Symantec Management Client has been started.
8156 4/9/2013 9:33:19 AM Information 12071000 Network Intrusion Prevention enabled
8157 4/9/2013 9:33:19 AM Information 12071000 Internet Explorer Browser Intrusion Prevention enabled
8158 4/9/2013 9:33:19 AM Information 12071000 Firefox Browser Intrusion Prevention enabled
8159 4/9/2013 9:34:31 AM Information 12070211 The server enabled Host Integrity checking.
8160 4/9/2013 9:36:31 AM Information 12070301 Connected to Symantec Endpoint Protection Manager (cochocsep2)
8161 4/9/2013 9:36:35 AM Information 1207020E Location has been changed to In office.
8162 4/9/2013 9:36:44 AM Information 12071051 SONAR has been enabled
8163 4/9/2013 9:36:44 AM Information 12070204 Symantec Endpoint Protection services shutdown was successful.
8164 4/9/2013 9:36:44 AM Information 12071051 SONAR has been enabled
8165 4/9/2013 9:53:06 AM Information 12070800 An update for {55DE35DC-862A-44c9-8A2B-3EF451665D0A} was successfully installed.  The new sequence number is 130405011.
8166 4/9/2013 9:53:06 AM Information 1207030C Downloaded new content update from the management server successfully. 
 
 
 
Remote file path: http://cochocsep2:80/content/{55DE35DC-862A-44c9-8A2B-3EF451665D0A}/130405011/Full.zip
8167 4/9/2013 1:27:36 PM Error 12071006 Could not scan 1 files inside F:\Master Software\MASTER SOFTWARE\ACRONIS\TrueImage2010_s_en.exe due to extraction errors encountered by the Decomposer Engines.
8168 4/9/2013 1:36:36 PM Error 12071006 Could not scan 1 files inside F:\Master Software\MASTER SOFTWARE\SYMANTEC ANTIVIRUS 32 bit\Symantec MR6MP2\vdefhub.zip due to extraction errors encountered by the Decomposer Engines.
8169 4/9/2013 1:37:06 PM Error 12071006 Could not scan 1 files inside F:\Master Software\MASTER SOFTWARE\SYMANTEC ANTIVIRUS 32 bit\Symantec MR7\vdefhub.zip due to extraction errors encountered by the Decomposer Engines.
8170 4/9/2013 1:42:21 PM Error 12071006 Could not scan 1 files inside F:\Master Software\Operating System\Acer6495T\DRV\Wireless LAN_Broadcom_5.100.235.19_W7x86W7x64_A.zip due to extraction errors encountered by the Decomposer Engines.
8171 4/9/2013 7:30:41 PM Information 1207021A Stopping Symantec Management Client....
8172 4/11/2013 9:57:07 AM Information 12071000 Network Intrusion Prevention enabled
8173 4/11/2013 9:57:07 AM Information 12071000 Internet Explorer Browser Intrusion Prevention enabled
8174 4/11/2013 9:57:07 AM Information 12071000 Firefox Browser Intrusion Prevention enabled
8175 4/11/2013 9:57:08 AM Information 12070218 Network Threat Protection's firewall is enabled
8176 4/11/2013 9:57:08 AM Information 12070201 Symantec Endpoint Protection -- Engine version: 12.1.401
 
Windows Version info:
 
Operating System: Windows 7 (6.1.7601 Service Pack 1)
 
Network  info:
 
 
8177 4/11/2013 9:57:08 AM Information 12070202 Symantec Management Client has been started.
8178 4/11/2013 9:57:12 AM Information 1207020E Location has been changed to Out Of Office.
8179 4/11/2013 9:58:20 AM Information 12070301 Connected to Symantec Endpoint Protection Manager (10.72.15.187)
8180 4/11/2013 9:58:22 AM Information 12071051 SONAR has been enabled
8181 4/11/2013 9:58:24 AM Information 12070211 The server enabled Host Integrity checking.
8182 4/11/2013 9:58:25 AM Information 1207020E Location has been changed to In office.
8183 4/11/2013 9:58:37 AM Information 12070800 A LiveUpdate session ran successfully.  No new updates were available.
8184 4/11/2013 11:00:04 AM Information 12070304 Disconnected from Symantec Endpoint Protection Manager (10.72.15.187)
8185 4/11/2013 11:00:06 AM Information 1207020E Location has been changed to Out Of Office.
8186 4/11/2013 11:00:31 AM Information 12070301 Connected to Symantec Endpoint Protection Manager (10.72.15.188)
8187 4/11/2013 11:00:34 AM Information 1207020E Location has been changed to In office.
8188 4/11/2013 6:22:09 PM Information 1207021A Stopping Symantec Management Client....
8189 4/13/2013 10:02:09 AM Information 12070218 Network Threat Protection's firewall is enabled
8190 4/13/2013 10:02:10 AM Information 12070201 Symantec Endpoint Protection -- Engine version: 12.1.401
 
Windows Version info:
 
Operating System: Windows 7 (6.1.7601 Service Pack 1)
 
Network  info:
 
 
8191 4/13/2013 10:02:10 AM Information 12070202 Symantec Management Client has been started.
8192 4/13/2013 10:02:11 AM Information 12071000 Network Intrusion Prevention enabled
8193 4/13/2013 10:02:11 AM Information 12071000 Internet Explorer Browser Intrusion Prevention enabled
8194 4/13/2013 10:02:11 AM Information 12071000 Firefox Browser Intrusion Prevention enabled
8195 4/13/2013 10:02:14 AM Information 1207020E Location has been changed to Out Of Office.
8196 4/13/2013 10:03:26 AM Information 12070211 The server enabled Host Integrity checking.
8197 4/13/2013 10:03:31 AM Information 1207020E Location has been changed to Out Of Office->Quarantine.
8198 4/13/2013 10:04:48 AM Information 12070301 Connected to Symantec Endpoint Protection Manager (10.72.15.187)
8199 4/13/2013 10:04:52 AM Information 1207020E Location has been changed to In office.
8200 4/13/2013 10:04:53 AM Information 12071051 SONAR has been enabled
8201 4/13/2013 10:05:09 AM Information 12070306 Received a new policy with serial number C36D-04/12/2013 07:54:45 338 from Symantec Endpoint Protection Manager.
8202 4/13/2013 10:05:09 AM Information 12070307 Applied new policy with serial number C36D-04/12/2013 07:54:45 338 successfully.
8203 4/13/2013 11:06:33 AM Information 12070304 Disconnected from Symantec Endpoint Protection Manager (10.72.15.187)
8204 4/13/2013 11:06:34 AM Information 1207020E Location has been changed to Out Of Office.
8205 4/13/2013 11:06:46 AM Information 1207020E Location has been changed to Out Of Office->Quarantine.
8206 4/13/2013 11:06:59 AM Information 12070301 Connected to Symantec Endpoint Protection Manager (10.72.15.188)
8207 4/13/2013 11:07:03 AM Information 1207020E Location has been changed to In office.
8208 4/13/2013 1:25:19 PM Information 1207021A Stopping Symantec Management Client....
8209 4/15/2013 10:19:23 AM Information 12070218 Network Threat Protection's firewall is enabled
8210 4/15/2013 10:19:24 AM Information 12070201 Symantec Endpoint Protection -- Engine version: 12.1.401
 
Windows Version info:
 
Operating System: Windows 7 (6.1.7601 Service Pack 1)
 
Network  info:
 
 
8211 4/15/2013 10:19:24 AM Information 12070202 Symantec Management Client has been started.
8212 4/15/2013 10:19:27 AM Information 12071000 Network Intrusion Prevention enabled
8213 4/15/2013 10:19:27 AM Information 12071000 Internet Explorer Browser Intrusion Prevention enabled
8214 4/15/2013 10:19:27 AM Information 12071000 Firefox Browser Intrusion Prevention enabled
8215 4/15/2013 10:19:28 AM Information 1207020E Location has been changed to Out Of Office.
8216 4/15/2013 10:20:40 AM Information 12070211 The server enabled Host Integrity checking.
8217 4/15/2013 10:20:44 AM Information 1207020E Location has been changed to Out Of Office->Quarantine.
8218 4/15/2013 10:24:48 AM Information 12070301 Connected to Symantec Endpoint Protection Manager ()
8219 4/15/2013 10:24:50 AM Information 1207020E Location has been changed to In office.
8220 4/15/2013 10:24:50 AM Error 12070302 The Symantec Endpoint Protection is unable to download the newest policy from the Symantec Endpoint Protection Manager.
8221 4/15/2013 10:24:52 AM Information 12071051 SONAR has been enabled
8222 4/15/2013 10:24:54 AM Information 12070301 Connected to Symantec Endpoint Protection Manager (10.72.15.187)
8223 4/15/2013 11:16:39 AM Information 12070800 An update for {810D5A61-809F-49c2-BD75-177F0647D2BA} was successfully installed.  The new sequence number is 130414006.
8224 4/15/2013 11:16:39 AM Information 1207030C Downloaded new content update from the management server successfully. 
 
 
 
Remote file path: http://10.72.15.187:8014/content/{810D5A61-809F-49c2-BD75-177F0647D2BA}/130414006/Full.zip
8225 4/15/2013 11:26:30 AM Information 12070304 Disconnected from Symantec Endpoint Protection Manager (10.72.15.187)
8226 4/15/2013 11:26:53 AM Information 12070301 Connected to Symantec Endpoint Protection Manager (10.72.15.188)
8227 4/15/2013 6:37:59 PM Information 1207021A Stopping Symantec Management Client....
8228 4/16/2013 9:49:35 AM Information 12070218 Network Threat Protection's firewall is enabled
8229 4/16/2013 9:49:36 AM Information 12070201 Symantec Endpoint Protection -- Engine version: 12.1.401
 
Windows Version info:
 
Operating System: Windows 7 (6.1.7601 Service Pack 1)
 
Network  info:
 
 
8230 4/16/2013 9:49:36 AM Information 12070202 Symantec Management Client has been started.
8231 4/16/2013 9:49:39 AM Information 12071000 Network Intrusion Prevention enabled
8232 4/16/2013 9:49:39 AM Information 12071000 Internet Explorer Browser Intrusion Prevention enabled
8233 4/16/2013 9:49:39 AM Information 12071000 Firefox Browser Intrusion Prevention enabled
8234 4/16/2013 9:49:40 AM Information 1207020E Location has been changed to Out Of Office.
8235 4/16/2013 9:50:52 AM Information 12070211 The server enabled Host Integrity checking.
8236 4/16/2013 9:50:52 AM Information 1207020E Location has been changed to Out Of Office->Quarantine.
8237 4/16/2013 9:51:49 AM Information 12070301 Connected to Symantec Endpoint Protection Manager ()
8238 4/16/2013 9:51:52 AM Information 12070304 Disconnected from Symantec Endpoint Protection Manager (cochocsep1)
8239 4/16/2013 9:53:06 AM Information 12070301 Connected to Symantec Endpoint Protection Manager (10.72.15.187)
8240 4/16/2013 9:53:09 AM Information 1207020E Location has been changed to In office.
8241 4/16/2013 9:53:18 AM Information 12071051 SONAR has been enabled
 
THE LATEST DEFINITION ON CLIENT IS OF 8th APRIL. Kindly advise.
 
 

Block usb devices

April 16, 2013, 1:07 am
$
0
0
I need a solution

Hello,

How to block usb devices,excluding mouse & keyboard from sep manager.

 

 

best regards

trott

8620951
1366102227
2775651

Symantec Endpoint Protection Additional Site

April 16, 2013, 1:10 am
$
0
0
I need a solution

when i tried to build symantec endpoint protection additional site replication database With SQL Database is failed

SEP 12 - How to Exception Processes and/or Services?

April 16, 2013, 7:46 am
$
0
0
I need a solution

Hi,

 

I am creating a new exception policy - as well as some directories, vendor also requires some processes to be added as well as services, but not supplied the full path to them.

How can I add these to the policies?

- Do I have to choose type as 'file' and specifiy the full path to the .exe or

- Do I (for processes) choose 'application' and add the ******.exe name?

 

This second approach states it needs to take a few hours to add to database first.  The problem I forsee with the first approach is, if multple processes are ran from different locations I would need to a line for each (?), if I can somehow find this information, so exception'ing' out the ******.exe out by name would be better/preferred.

 

Is this possible guys?

 

Thank You!

 

 

Replication of SEPM 12.0 server..clients not connecting

April 16, 2013, 8:03 am
$
0
0
I need a solution

I added a second computer to use as SEPM for clients to connect to.  I added the server (server 2) as an additional site using the Embedded Database server.  When I launch the console on Server 2, I can see all the clients saying they are online with a remote site (Server 1).  I set Priorites on Server 2 so that Server 2 would be 1 and Server 1 would be priority 2.  I waited 24 hours for replication.  Server 2 shows that replication occurred with Server 1, however Server1 does not show that replication occurred on its end.

I then shut down the Embedded database server and the SEPM on Server 1 to see if clients were connecting with Server 2.  Clients try to connect with Server 2 but I get the followng error in client.

 

The request was not in the expected format

 

I can reach the console to Server 2 from a web browser on the client and verifed the Secars is working as well.

 

Any other suggestions as to why my clients are not connecting to the new server?

Issues Pushing Policies

April 16, 2013, 8:45 am
$
0
0
I need a solution

Good Morning All,

 

I am having some issues this AM with policies propogating to my end users.  If I am understanding correctly SEP 12.1.2 correctly, I should be able to create policy exclusions on the SEP Management Server, and then have my workstations check in on a regular basis to get policy changes.  On a handful of workstations this does not appear to be happening.  Here are some examples.

 

1. I changed Sonar from Prompting my end users to allow changes on their systems, to LOG.  After 24 hours, I still have machines getting prompted by such things as the  "SEP 12.1 RU2 MP1" client update that I just attempted to push out.

2. I added a bunch of items to my exclusions file that after 24 hours, some machine continue to get prompted on, and others don't.  Items such as the sep64.msi were denied even thought being specifically set to monitor in the exclusions file. 

 

How have others solved pushing updates to their end users and not have SEP intercept it??  According to the SEP Management Console, these end users are checking in, but it does not appear they are getting the updated policies I am setting.

 

Joe

Search

GUP not Update

April 16, 2013, 8:48 am
$
0
0
I need a solution

Hi team,

In my scenario 14000 client's and 900 Gup.

Issue: alternate day few GUP update or Gup updated but client not taking update fron GUP In 12.1 RU2 .

 so my Backdated  client count increases can give what is excat sloulation .

So we will troubaleshoot .

"Scan when a file is backed up"

April 16, 2013, 8:49 am
$
0
0
I need a solution

There's a checkbox option on the Symantec clients called "Scan when a file is backed up" that I don't quite understand.

How does Symantec know a file is being backed up versus simply being read and written? What backup technologies does Symantec monitor to know a file is being backed up?

What clients does SEP 11 support

April 16, 2013, 9:04 am
$
0
0
I need a solution

I need to know what clients SEP 11 supports?

SYMC 11.0.2 DB Size and Upgrade Problem

April 16, 2013, 9:17 am
$
0
0
I need a solution

Someone from Symantec, please takeover this case until my server upgrade to latest version is done.

 

History:
1) SEPM is working fine 11.0.2.000 1567
2) I have recieved SEPM license for V12 in March and still I cant upgrade due to DB size which was 8GB few days back and now 11.7GB. I cant control it.
3) I dont have 3 times disk space of DB size, I want to reduce the DB size but it is growing unexpectedly.
4) I have recovered the First installation password for DB.

Problem Discription:
1) I cant connect ODBC. See my settings below:
  User: DBA
  Password: first password
  Server Name: RH-OCS
  Databas Name: SEM5
  C:\Program Files\Symantec\Symantec Endpoint Protection Manager\db\sem5
  TCP/IP: 192.168.1.106

  Error: if I enter IP: Connection failed: connection error: error in TCPIP port options
  If I check IP then: Connection failed: Unable to start database server.

2) I must need to unload the DB to reduce size, my question, if My DB is 11.7GB, how much it will after shrink?
3) Why it is growing too fast unexpectedly?
 

Please note from last two months I am not able to step up just because of DB size and disk space issue. I cant increase disk space so I must deal with DB. Secondly I tried to tune up DB maintinance, log entries to reduce DB size but nothing works.

Thank you very much.

SEMP service stoping once a week.

April 16, 2013, 10:32 pm
$
0
0
I need a solution

So we use SEMP and the service keeps stoping once a week. This has been happening the past few weeks. In event manager we get a java -1 error at the same time the SEMP service stops. This is the last parts of the scm_log and scm-server log. Any help would be apreciated, thanks.

SCM_LOG

2013-04-14 02:34:47 StandardWrapperValve[ConsoleServlet]: Servlet.service() for servlet ConsoleServlet threw exception
javax.servlet.ServletException: Servlet execution threw an exception
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:221)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:145)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:596)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:433)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:955)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:139)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:596)
at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:198)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:594)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:433)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:955)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2460)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:133)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:596)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:119)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:594)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:594)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:433)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:955)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:127)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:596)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:433)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:955)
at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:157)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:875)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
at java.lang.Thread.run(Thread.java:619)
----- Root Cause -----
java.lang.OutOfMemoryError: GC overhead limit exceeded
 
2013-04-14 02:34:51 StandardWrapper[:ConsoleServlet]: Waiting for 1 instance(s) to be deallocated
 
SCM-Server log
 
2013-04-10 20:19:34.957 SEVERE: Unknown response. in: com.sygate.scm.server.task.SecurityDataTask
com.sygate.scm.server.util.ServerException: Unknown response.
at com.sygate.scm.server.task.SecurityDataTask.processThreatCon(SecurityDataTask.java:301)
at com.sygate.scm.server.task.SecurityDataTask.run(SecurityDataTask.java:90)
at java.util.TimerThread.mainLoop(Timer.java:512)
at java.util.TimerThread.run(Timer.java:462)
2013-04-11 00:19:34.713 SEVERE: Unknown response. in: com.sygate.scm.server.task.SecurityDataTask
com.sygate.scm.server.util.ServerException: Unknown response.
at com.sygate.scm.server.task.SecurityDataTask.processThreatCon(SecurityDataTask.java:301)
at com.sygate.scm.server.task.SecurityDataTask.run(SecurityDataTask.java:90)
at java.util.TimerThread.mainLoop(Timer.java:512)
at java.util.TimerThread.run(Timer.java:462)
2013-04-11 04:19:34.595 SEVERE: Unknown response. in: com.sygate.scm.server.task.SecurityDataTask
com.sygate.scm.server.util.ServerException: Unknown response.
at com.sygate.scm.server.task.SecurityDataTask.processThreatCon(SecurityDataTask.java:301)
at com.sygate.scm.server.task.SecurityDataTask.run(SecurityDataTask.java:90)
at java.util.TimerThread.mainLoop(Timer.java:512)
at java.util.TimerThread.run(Timer.java:462)
2013-04-11 08:19:34.554 SEVERE: Unknown response. in: com.sygate.scm.server.task.SecurityDataTask
com.sygate.scm.server.util.ServerException: Unknown response.
at com.sygate.scm.server.task.SecurityDataTask.processThreatCon(SecurityDataTask.java:301)
at com.sygate.scm.server.task.SecurityDataTask.run(SecurityDataTask.java:90)
at java.util.TimerThread.mainLoop(Timer.java:512)
at java.util.TimerThread.run(Timer.java:462)
2013-04-11 12:19:34.436 SEVERE: Unknown response. in: com.sygate.scm.server.task.SecurityDataTask
com.sygate.scm.server.util.ServerException: Unknown response.
at com.sygate.scm.server.task.SecurityDataTask.processThreatCon(SecurityDataTask.java:301)
at com.sygate.scm.server.task.SecurityDataTask.run(SecurityDataTask.java:90)
at java.util.TimerThread.mainLoop(Timer.java:512)
at java.util.TimerThread.run(Timer.java:462)
2013-04-11 16:19:34.685 SEVERE: Unknown response. in: com.sygate.scm.server.task.SecurityDataTask
com.sygate.scm.server.util.ServerException: Unknown response.
at com.sygate.scm.server.task.SecurityDataTask.processThreatCon(SecurityDataTask.java:301)
at com.sygate.scm.server.task.SecurityDataTask.run(SecurityDataTask.java:90)
at java.util.TimerThread.mainLoop(Timer.java:512)
at java.util.TimerThread.run(Timer.java:462)
2013-04-11 20:19:35.111 SEVERE: Unknown response. in: com.sygate.scm.server.task.SecurityDataTask
com.sygate.scm.server.util.ServerException: Unknown response.
at com.sygate.scm.server.task.SecurityDataTask.processThreatCon(SecurityDataTask.java:301)
at com.sygate.scm.server.task.SecurityDataTask.run(SecurityDataTask.java:90)
at java.util.TimerThread.mainLoop(Timer.java:512)
at java.util.TimerThread.run(Timer.java:462)
2013-04-14 00:00:46.861 SEVERE: Unknown Exception in: com.sygate.scm.server.task.PackageTask
java.lang.OutOfMemoryError: GC overhead limit exceeded
at com.sybase.jdbc2.tds.Tds.paramArray(Tds.java:2946)
at com.sybase.jdbc2.jdbc.ParamManager.<init>(ParamManager.java:100)
at com.sybase.jdbc2.jdbc.SybPreparedStatement.countParams(SybPreparedStatement.java:1166)
at com.sybase.jdbc2.jdbc.SybPreparedStatement.<init>(SybPreparedStatement.java:69)
at com.sybase.jdbc2.jdbc.SybCallableStatement.<init>(SybCallableStatement.java:44)
at com.sybase.jdbc2.jdbc.SybConnection.prepareCall(SybConnection.java:961)
at com.sybase.jdbc2.jdbc.SybConnection.isClosed(SybConnection.java:1157)
at org.apache.commons.dbcp.DelegatingConnection.isClosed(DelegatingConnection.java:346)
at org.apache.commons.dbcp.PoolingDataSource$PoolGuardConnectionWrapper.isClosed(PoolingDataSource.java:190)
at com.sygate.scm.server.db.util.DatabaseUtilities.closeConnection(DatabaseUtilities.java:502)
at com.sygate.scm.server.metadata.MetadataManager.getLastestUsnForCollection(MetadataManager.java:173)
at com.sygate.scm.server.configmanager.ConfigManager.getLatestUsnForCollection(ConfigManager.java:1315)
at com.sygate.scm.server.task.PackageTask.run(PackageTask.java:224)
at java.util.TimerThread.mainLoop(Timer.java:512)
at java.util.TimerThread.run(Timer.java:462)
2013-04-14 00:00:48.078 SEVERE: Unknown Exception in: com.sygate.scm.server.task.AgentOnlineStatusTask
java.lang.OutOfMemoryError: GC overhead limit exceeded
at java.lang.StringCoding$StringEncoder.encode(StringCoding.java:232)
at java.lang.StringCoding.encode(StringCoding.java:272)
at java.lang.String.getBytes(String.java:946)
at com.sybase.jdbc2.utils.PureConverter.fromUnicode(PureConverter.java:54)
at com.sybase.jdbc2.tds.TdsDataOutputStream.toBytes(TdsDataOutputStream.java:973)
at com.sybase.jdbc2.tds.TdsOutputStream.stringToByte(TdsOutputStream.java:285)
at com.sybase.jdbc2.tds.DbrpcToken.send(DbrpcToken.java:60)
at com.sybase.jdbc2.tds.Tds.rpc(Tds.java:850)
at com.sybase.jdbc2.jdbc.SybCallableStatement.sendRpc(SybCallableStatement.java:446)
at com.sybase.jdbc2.jdbc.SybCallableStatement.executeQuery(SybCallableStatement.java:100)
at com.sybase.jdbc2.jdbc.SybConnection.isClosed(SybConnection.java:1160)
at org.apache.commons.dbcp.DelegatingConnection.isClosed(DelegatingConnection.java:346)
at org.apache.commons.dbcp.PoolingDataSource$PoolGuardConnectionWrapper.isClosed(PoolingDataSource.java:190)
at com.sygate.scm.server.db.util.DatabaseUtilities.closeConnection(DatabaseUtilities.java:502)
at com.sygate.scm.server.task.AgentOnlineStatusTask.updateDatabase(AgentOnlineStatusTask.java:156)
at com.sygate.scm.server.task.AgentOnlineStatusTask.run(AgentOnlineStatusTask.java:86)
at java.util.TimerThread.mainLoop(Timer.java:512)
at java.util.TimerThread.run(Timer.java:462)
2013-04-14 00:00:55.846 SEVERE: Unknown Exception in: com.sygate.scm.server.task.SecurityAlertNotifyTask
java.lang.OutOfMemoryError: GC overhead limit exceeded
2013-04-14 00:00:56.548 SEVERE: Unknown Exception
java.lang.OutOfMemoryError: GC overhead limit exceeded
2013-04-14 00:01:02.695 SEVERE: Unknown Exception in: com.sygate.scm.server.task.AgentLogCollector
java.lang.OutOfMemoryError: GC overhead limit exceeded
2013-04-14 00:01:03.490 SEVERE: Unknown Exception in: com.sygate.scm.server.task.AgentLogCollector
java.lang.OutOfMemoryError: GC overhead limit exceeded
2013-04-14 00:01:03.880 SEVERE: Unknown Exception
java.lang.OutOfMemoryError: GC overhead limit exceeded
2013-04-14 00:01:04.692 SEVERE: Unknown Exception in: com.sygate.scm.server.task.AgentLogCollector
java.lang.OutOfMemoryError: GC overhead limit exceeded
2013-04-14 00:01:32.522 SEVERE: Unknown Exception in: com.sygate.scm.server.task.StateCheckpointTask
java.lang.OutOfMemoryError: GC overhead limit exceeded
2013-04-14 00:07:33.613 SEVERE: Unknown Exception in: com.sygate.scm.server.task.StateCheckpointTask
java.lang.OutOfMemoryError: GC overhead limit exceeded
2013-04-14 00:19:34.359 SEVERE: Unknown Exception in: com.sygate.scm.server.util.ProxyServerConfigManager
java.lang.OutOfMemoryError: GC overhead limit exceeded
2013-04-14 00:19:35.139 SEVERE: Unknown Exception in: com.sygate.scm.server.task.SecurityDataTask
java.lang.OutOfMemoryError: GC overhead limit exceeded
2013-04-14 00:19:35.498 SEVERE: Unknown Exception
java.lang.OutOfMemoryError: GC overhead limit exceeded
2013-04-14 00:19:36.294 SEVERE: Unknown Exception
org.apache.commons.dbcp.SQLNestedException: Cannot get a connection, pool error Could not create a validated object, cause: GC overhead limit exceeded
at org.apache.commons.dbcp.PoolingDataSource.getConnection(PoolingDataSource.java:104)
at org.apache.commons.dbcp.BasicDataSource.getConnection(BasicDataSource.java:880)
at com.sygate.scm.server.db.util.DatabaseUtilities.getDefaultDatabaseConnection(DatabaseUtilities.java:285)
at com.sygate.scm.server.db.util.DatabaseUtilities.getDefaultDatabaseConnection(DatabaseUtilities.java:276)
at com.sygate.scm.server.db.util.DatabaseUtilities.getNextUSN_SP(DatabaseUtilities.java:639)
at com.sygate.scm.server.db.util.DatabaseUtilities.getNextUSN(DatabaseUtilities.java:623)
at com.sygate.scm.server.util.logging.ServerSystemLogRecord.doLog(ServerSystemLogRecord.java:119)
at com.sygate.scm.server.util.logging.DbLogHandler.publish(DbLogHandler.java:119)
at java.util.logging.Logger.log(Logger.java:458)
at com.sygate.scm.server.util.ServerLogger.log(ServerLogger.java:394)
at com.sygate.scm.server.util.ServerLogger.log(ServerLogger.java:373)
at com.sygate.scm.server.util.ServerLogger.log(ServerLogger.java:368)
at com.sygate.scm.server.db.util.DatabaseUtilities.getDefaultDatabaseConnection(DatabaseUtilities.java:307)
at com.sygate.scm.server.db.util.DatabaseUtilities.getDefaultDatabaseConnection(DatabaseUtilities.java:276)
at com.sygate.scm.server.db.util.DatabaseUtilities.getNextUSN_SP(DatabaseUtilities.java:639)
at com.sygate.scm.server.db.util.DatabaseUtilities.getNextUSN(DatabaseUtilities.java:623)
at com.sygate.scm.server.util.logging.ServerSystemLogRecord.doLog(ServerSystemLogRecord.java:119)
at com.sygate.scm.server.util.logging.DbLogHandler.publish(DbLogHandler.java:119)
at java.util.logging.Logger.log(Logger.java:458)
at com.sygate.scm.server.util.ServerLogger.log(ServerLogger.java:394)
at com.sygate.scm.server.util.ServerLogger.log(ServerLogger.java:373)
at com.sygate.scm.server.task.SecurityDataTask.run(SecurityDataTask.java:103)
at java.util.TimerThread.mainLoop(Timer.java:512)
at java.util.TimerThread.run(Timer.java:462)
Caused by: java.util.NoSuchElementException: Could not create a validated object, cause: GC overhead limit exceeded
at org.apache.commons.pool.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:1008)
at org.apache.commons.dbcp.PoolingDataSource.getConnection(PoolingDataSource.java:96)
... 23 more
2013-04-14 00:19:35.498 SEVERE: DomainId: null
SiteId: 27195BC8AC100023018BF72372CA550A
ServerId: 81C6C9E8AC10002301704BE4282F3AD2
SystemEventId: 1281
EventDesc: GC overhead limit exceeded
MessageId: -1
ErrorCode: -1
java.lang.OutOfMemoryError: GC overhead limit exceeded
2013-04-14 00:21:15.587 SEVERE: Unknown Exception in: com.sygate.scm.server.task.AgentLastCheckInTask
java.lang.OutOfMemoryError: GC overhead limit exceeded
2013-04-14 02:34:47.497 SEVERE: Unknown Exception in: com.sygate.scm.server.consolemanager.RequestHandler
java.lang.OutOfMemoryError: GC overhead limit exceeded
2013-04-14 02:34:50.258 SEVERE: Unknown Exception in: com.sygate.scm.server.consolemanager.RequestHandler
java.lang.OutOfMemoryError: GC overhead limit exceeded
2013-04-14 02:34:50.726 SEVERE: Shuting down server ...

 

Slow network after upgrading to Endpoint Protection 12.1.2 MP1from previous version

April 16, 2013, 11:57 pm
$
0
0
I need a solution

We have all options installed on our clients. with the previous version (prior to 12.1.2 MP1) our LAN network worked fine. we were able to run our ERP software which resides on our domain controller.

After upgrading SEPM to the latest version, it sent upgrades to all clients & servers on our network. after which, we have difficulties running our ERP software.

after several hours of checking, found that when i disable Network Threat Protection, the ping time to our domain controller is 1ms. when the NTP is activated, the ping time is 54ms.

after googling around & still could not find solution for what may have gone wrong, i have disabled NTP on all our XP workstations. the surprising fact is that this network slowness only affects XP PCs & not Win7 PCs or Servers.

My setup is as follows:

All servers have basic protection. ie. Antivirus & proactive Threat protection.

All clients have full protection. ie. all options.

 

what after upgrade is causing my ERP software to work very very slowly (after one click, we have to wait for 1min or so). whereas other network based software like browsing internet, email client IM etc works properly.

I have also added our ERP application to exception list but of no use.

 

Guys please help me as this is the first time in 4 years that i have such issues with SEP.

 

regards SRI.

 

NAC ver 12.1 RU2 MP1

April 17, 2013, 12:59 am
$
0
0
I need a solution

Is latest version of NAC out? I dont see it in fileconnect (SPSEE license)

 

Search

SEP 12.1.2 Content Database is almost 40Gb

April 17, 2013, 4:01 am
$
0
0
I need a solution

I'm a little concerned that in 2 months the Content database has grown to almost 40GB, is this considered normal?

We have 7 clients as present as it's still being tested - but we keep 30 days worth of definitions - is it somehow storing the definition data despite already having a inetpub>content folder of 110GB (we've provisioned sufficient storage for the defititions at that location)?

 

SEPMs are 12.1.2

SQL is 2012

Threats targeting Skype detected at early stages of propagation

April 17, 2013, 4:07 am
$
0
0
I need a solution

Dear All,

 Did Symantec released any update for the below reported Threat posted by CTRL

 

 

 

Recently, Cyberoam Threat Research Labs (CTRL) has identified two new samples of malware at their early stage of propagation, assuring comprehensive network security to its customers. Both these malwares were found to use 'Skype' as their major source of transmission and were spreading rapidly. During the last year, CTRL had researched over 138 vulnerabilities and released suitable signatures for extending appropriate security protection to Cyberoam customers. Find the detailed analysis of reports below.

 

BitCoin Mining malware - A new rapidly spreading variant

 

Once again the security researchers from Cyberoam Threat Research Team have identified a piece of fresh malware. The malware is found to play various roles, but the most interesting one is its BitCoin mining capability.

 

Read more

 

 

 

 

 

 

Skype delivers a new variant of malware yet again; a new sample of Dorkbot worm detected

 

This Monday, a unique and fresh threat alert has been discovered, wherein a Skype Worm, predecessor to an earlier worm form 'Dorkbot', has been detected. This time around, however, it uses a different message to spread but the end result remains the same.

 

Read more

 

 

 

 

 

 

To stay updated to such malware outbreaks, subscribe to Cyberoam Blog.
Visit www.cyberoam.com for more information on Cyberoam UTMs and its other offerings.

 

 

 

 

 

 

 

 

 

 

 

Client-Patch Only for SEP 12.1 RU2 MP1

April 17, 2013, 5:58 am
$
0
0
I need a solution

Hello, I would like to know where I can find Client-Patch only for SEP 12.1 RU2 MP1 (.MSP file) French Version.

I saw the English version but not the French.

Thanks.

Hundreds of "left alone" compressed tmp files - C:\Windows\TEMP\pde783B.tmp

April 17, 2013, 6:21 am
$
0
0
I need a solution

We appear to have hundreds of false positive temp files flagged as a Trojan Horse.  When we examine the Temp folder location, the flagged pde type files are not found.  So I'm confused as to the left alone report.  The detections also create confusion for our senior management, who have asked if SEP 12.1 is allowing malicious files to remain on a production system.  So information on this detection would be appreciated.  I've included some of the details below.  Again, this is seen on multiple systems.

Thanks,

 

 Risk Information

 

Risk name:

 

Trojan Horse

Risk severity:

 

1

Discovered:

 

02-19-2004 00:00:00

Download site:

 

N/A

Downloaded or created by:

 

N/A

File or path:

 

C:\Windows\TEMP\pde7408.tmp

Application:

 

 

Version:

 

 

File size:

 

0

Category set:

 

Malware

Category type:

 

Virus

Hash:

 

 

Hash algorithm:

 

SHA-1

Company:

 

N/A

Risk Detection

 

Date found:

 

04-17-2013 06:05:30

Description:

 

"Still contains 1 infected items"

Actual action:

 

Left alone

Specified primary action:

 

Leave alone (log only)

Specified secondary action:

 

Leave alone (log only)

Detection source:

 

Manual Scan

Risk detection method:

 

Signature-based Detection

URL tracking:

 

Off

Source computer:

 

 

Event type:

 

Compressed File

Database insert date:

 

04-17-2013 06:14:10

Event client date:

 

04-17-2013 06:05:30

Permitted application reason:

 

N/A

Risk Reputation

 

First seen:

 

Reputation was not used in this detection.

Reputation:

 

Reputation was not used in this detection.

Prevalence:

 

Reputation was not used in this detection.

Performance impact:

 

High

Overall rating:

 

High

Detection reason:

 

Antivirus engine

Minimum sensitivity level:

 

N/A

 

Side effects

 

 

 

 

Status

Operation

Data Type

Location

Successful

Leave Alone

File

C:\Windows\TEMP\pde7408.tmp

 

 

Endpoint Protection creates Audit Failures EventID 4656

April 17, 2013, 8:40 am
$
0
0
I need a solution

I'm having a problem with Endpoint Protection 12.1.2015.2015 creating over 100,000 Audit Failure Security logs, EventID 4656, when doing a full scan. The security log was 205 MB after a scan of only C:\Windows; it didn't include audited folders anywhere else on the computer.

Because of the security requiments I need to follow, I have Failure Auditing enabled for almost everything in C:\Windows, and some other folders. I found the Symantec article below, but that turns off Handle Manipulation auditing, which seems to turn off all file and folder auditing, which isn't acceptible.
 http://www.symantec.com/business/support/index?page=content&id=TECH190672

A couple of questions:

When this does a scan, why does it try to open files with WriteData, AppendData, WriteEA and WriteAttributes? Shouldn't a scan only be reading the file unless a virus or malware is found?

Why does it run under the account of the logged on user rather than Local System (which is what all the Symantec services are setup with)? I even tried a scheduled scan (with a user logged on) and it ran under the user account. If it ran under the account configured in the service I don't think this would be a problem since that account has full control.

Is there a way to fix this?

Viewing all 10484 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>