I need a solution
Hi Team,
We have found source of attackers in report.
In List we found Attacking Host ,Number of attack and Percentage,
how I know which attack one single IP srade in my Network.
↧
Source Of attack
↧
clients disappear
I need a solution
Hi,
I'm a newbie on this forum and with SEPM.
I manage SEPM 12.1.2 on Windows 2003 since several weeks with 31 clients. All works perfectly but yesterday all my clients were OFF line.
I restart the server but nithing change, so I decided to rebuild the database as shown on this procedure of Symantec :
http://www.symantec.com/business/support/index?pag...
Ater the rebuild, the clients were now appear ON line on the main screen (Start icon)
17 are ONLINE and 14 are OFFLINE but it's normal
but when I go on the client icon, all my client and my groups disappear !
I upgraded to 12.1.3 version of SEPM but it has not changed ...
How can I recover my groups and my clients ?
Thanks so much
↧
↧
live update can't find virus definition for SAV 10.2 client
I need a solution
Hello ,
since july 9,2013 my live update server can't find new updates for SAV 10.2 client.
need help urgently
regards
matheus
↧
endpoint protection client
I need a solution
on one faithful day i discovered that my symentec endpoint protection has lost association with the client on the network,i scanned from the server and this are the result i got after the scanning.
Endpoint protection client: client to manager communication are not working
Endpoint protection consoleendpoint protection manager drivers and services need attention
the symentec embedded database service need attention
some or all the symentec endpoint protection manager communication test have failed
the endpoint protection console is not using its configured port
the system does not meet the requirement for symentec protection manager
Right ow my network is prone to attack i need help to resolve this issue
↧
ASIGNAR POLITICAS DE CONTROL Y DISPOSITIVOS EN MODO USUARIO.
I need a solution
HOLA A TODOS;
QUIEISIERA SABER COMO ASGINO UNA POLITICA DE CONTROL Y DISPOSITIVOS PARA QUE UN CLIENTE EN MODO USUARIO QUE SE ENCUENTRA ASIGNADO EN UN "GRUPO A" NO PUEDA UTILIZAR DISCOS EXTERNOS USB, DE FORMA QUE CUANDO HAGA LOGIN EN OTRO CLIENTE DE OTRO "GRUPO B" TAMPOCO PUEDA UTILIZAR LOS DISPOSITIVOS DE DISCOS EXTERNOS USB. Y VICEVERSA, QUE OTROS CLIENTES QUE SI PUEDEN UTILIZAR DISCOS EXTERNOS USB TENER ACCESO A ELLOS CUANDO HAGAN LOGIN EN CUALQUIER CLIENTE DE CUALQUIER GRUPO
MUCHAS GRACIAS POR EL APOYO ESTOY URGIDO...
↧
↧
Symantec Endpoint Protection slows file transfer and network speed on VMs in VMware environment by a factor of four
I need a solution
We are experiencing significant reduction in file transfer rate and network speed with in our LAN between Virtual Machines running Windows 7 and Windows Server 2008 R2 guest OSs, Symantec Endpoint Protection (SEP) installed is 12.1.2015.2015.
VMs with all features of SEP installed have file transfer speed of about 30 MB/sec vs 120 MB/sec with no SEP installed.
Network speeds measured using the iperf utility shows a similar speed degradation of 4 times, 350 Mb/sec vs 1400 Mb/sec.
To simplify and exclude all extraneous factors we performed file transfer and network speed test where all VMs are hosted on the same VMware ESXi virtualization hosts (Version ESXi 5.1.0 Build 1117900). All VMs are x64 and the ethernet adapters are VMXNET 3, VMWare tools are installed and updated to the latest versions. Virtualization Host CPU usage is 20% and Memory Usage is 40% during the test.
The only article I found on the subject was http://www.symantec.com/connect/forums/sep-121-ru2.... We already had the power setting to high performance so the solution did not help our case.
We tried enabling only the relevant features of SEP, it did not result in any significant improvement. Only installing SEP Core or unistalling SEP completely seem to be the only solution.
This seems to be a much bigger trade off between Security and Network Speed than anticipated. Any suggestions and comments are welcome.
↧
command line options to disable SEP Policys
I need a solution
I see there are some command line option for disabling SEP features like the ones below. Is there a command that can be run on the client machine to disable just the "Application and Device control" policy on a SEP client running version 12.2?
To stop SEP client service
smc -stop
After typing this command there won't be any command prompt window, SEP yellow shied icon should disappear after typing this command.
To start SEP client service
smc -start
To disable SEP client firewall service
smc -disable –ntp
To enable client firewall service
smc -enable -ntp
If the SEP client UI is password protected:
smc -disable -ntp -p <password>
↧
After a restart the message still shows that you need to restart.
I need a solution
Some people bring the PC's home for the night, so they have to shut down, and do not come back on to the network the following days. I have upgraded nearly every machine's client to RU3, there are a small handful that even though they have already BEEN restarted, say that they need to be restarted.
Why is this happening?
↧
Remove Network Threat Protection
I need a solution
We have a group of computers on which an installer package including Network Threat Protection was used. It appears to be causing problems. Is there a way to permanently remove the Network Threat Protection portion of SEP from the management console?
↧
↧
Folder Exclusions and Heruistic Detections
I need a solution
I have a question about Heuristic detections. We have a folder exclusion in place to prevent detections for a piece of software. So far this has worked great for several years now. However starting about a week ago the clients started picking up a file in this folder and classifying it as Trojan.ADH.2. I'm not clear as to why the client is targeting this file because the folder has been excluded. In the log the file location specified is the excluded directory so I'm not sure how this is happening. Any Ideas?
↧
virtual hotspot
I need a solution
need help creating exception or rule for firewall. i create virtual hotspot and my devices connect but cant surf the web on connected devcies.
↧
Cannot Uninstall SEP on My Client Machine
I need a solution
Hi,
Previous SEP on my client machine to normal. But somehow when I restart My Client Machine and I open the SEP icon, the notification appears "preparing to install". I then open the "services.msc" turns status and SEP does not start the notification appears like this :
Windows could not start the Symantec Endpoint Protection service on Local Computer.
Error 1068: The dependency services or group failed to start.
I made the decision to re-install the SEP, but when I want to uninstall cannot at all. notification always appear like this :
Another program is being installed.
Please wait until that installation is complete, and then try installing this software again.
please give me a solution to solve this issue ! ! !
Thanks,
Fikri Reza
↧
Application blocking using Finger print
I need a solution
Hi,
We tried blocking some applications through the application and device control policy in SEPM(12.1).For some porducts when we rename app file, symantec is not able to block that particular application.To block that app we need to get the file finger print of that app.When the app version changes the file finger print value also changes.
Every time do we need to check for the file finger print when the app version changes???? or is there any way to block without checking the file finger print when the version changes?
Or symantec can provide some in built signatures through updates to block those apps.
Please advise
↧
↧
LUA Distribution Center Cleanup fail in FTP Distribution Center
I need a solution
Hi,
I have a problem with the cleanup of a FTP Distribution Center. The user I have configured for that has enough rights to delete something. The manually deletion works. Does anyone have a solution for that problem?
Thanks!
With best regards,
Montgomery
↧
How discover the client computers that don't have SEP
I need a solution
Hi All,
I search a way to discover all the client computers in my network that don't have SEP installed. Someone can advice me in order to push the SEP Client remotely ?
Regards.
↧
How to get notified realtime by email when infected items is detected ?
I need a solution
Hi Folks,
How can I get email notification when there is infeceted items in the drive ?
↧
"Single Risk event"&"Network virus detected - Nothing to report" e-mails every hour !!
I need a solution
Hi,
We've been having problems with the e-mail reports sent by our SEPM.
At first we received a lot of single risk event e-mails, about all sorts of risks. We added most of them to the exception list because they were normal processes. After a few months we started receiving e-mails about a risk which happend several months ago, always the same risk. We received an e-mail about this every 3 minutes.
I tried rescanning the device in question
I tried removing the notification condition, waiting 24hours including logoff & logon and recreating the notification.
I tried agknowledging the event.
All yeild no result...
I tried updating to the latest version, since this mentioned a fix for this problem.
This only led to the report being sent every hour instead of every 3 minutes. (even after recreating the notification)
However now I also get an e-mail every hour saying there was a network virus found.
But when opening the report it says: "Nothing to report"
How can we resolve this completely?
Is there a way to clear the risks / notifications / ... ?
SEPM 12.1.3001.165
Windows server 2008 r2 x64 (fully up to date)
Thank you,
Domien
↧
↧
Install Error
I need a solution
I am trying to install Symantec End point on a machine and get the following error message in the install log:
MSI (s) (E4:CC) [10:35:12:729]: Note: 1: 1708
MSI (s) (E4:CC) [10:35:12:729]: Product: Symantec Endpoint Protection -- Installation operation failed.
MSI (s) (E4:CC) [10:35:12:744]: Windows Installer installed the product. Product Name: Symantec Endpoint Protection. Product Version: 12.1.2015.2015. Product Language: 1033. Manufacturer: Symantec Corporation. Installation success or error status: 1603.
MSI (s) (E4:CC) [10:35:12:744]: Deferring clean up of packages/files, if any exist
MSI (s) (E4:CC) [10:35:12:744]: MainEngineThread is returning 1603
MSI (s) (E4:AC) [10:35:12:744]: No System Restore sequence number for this installation.
=== Logging stopped: 7/24/2013 10:35:12 ===
MSI (s) (E4:AC) [10:35:12:760]: User policy value 'DisableRollback' is 0
MSI (s) (E4:AC) [10:35:12:760]: Machine policy value 'DisableRollback' is 0
MSI (s) (E4:AC) [10:35:12:760]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (E4:AC) [10:35:12:760]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (E4:AC) [10:35:12:760]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (E4:AC) [10:35:12:760]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (s) (E4:AC) [10:35:12:760]: Destroying RemoteAPI object.
MSI (s) (E4:90) [10:35:12:760]: Custom Action Manager thread ending.
MSI (c) (A8:10) [10:35:12:760]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (c) (A8:10) [10:35:12:760]: MainEngineThread is returning 1603
=== Verbose logging stopped: 7/24/2013 10:35:12 ===
Researched and found that the error 1603 was to do a clean wipe and reinstall. It still didn't work. Any ideas?
↧
Clients not auto-upgrading until user logs in?
I need a solution
I am testing the auto-upgrade from SEP 12.1 RU1 to SEP 12.1 RU3. For some reason the clients will not start the upgrade until a user actually logs into the client PC.
↧
SEP 12.1.2 administra el FW de windows
I need a solution
Buenas tardes, tengo SEP 12.12 en mi infraestructura pero en varios equipos w2k8 me aparece el mensaje que el firewall de windows esta siendo administrador por SEP 12.1.2 siendo que en otros equipos que tienen SEP 12.1.2 si me deja adminstrar el firewall de windows.
Estos equipos estan en un mismo grupo.
Espero me puedan apoyar.
↧
