If we have to allow all traffic with in corporate network ... .. would this rule in the firewall policy at the top of all rule work .
HOST
LOCAL : any
REMOTE : DNS DOMAIN NAME = ABCD.COM
APPLICATION : ANY
SERVICE :ALL
ACTION :ALLOW
Will this rule allow all traffic with a company network if the machine is part of domain .
We are using SEP of 12.1.2015.2015. And installed SEPM and SIC server on two separate servers. Now we are running full scan on a SEP client. How can I know if my SIC server is configured properly, and there is request submitting to SIC server in current scanning process?
I have enabled risk tracer and sometimes there is source IP in the risk log, but sometimes it is blank. What's the possible cause that SEP cannot find the source IP of the risk?
So I have been receiving daily virus alerts on a client machine for a while now, and the more I look into the matter, the less sense it makes. The machine in question is running Windows XP pro and SEP 11. The majority of our workstations now run Avast, but this old dinosaur is not really worth purchasing a license for. Anyway, every day SEP generates a virus alert which it labels as SafeStrip. After doing some research on SafeStrip and examining the infected computer and its registry, I have concluded that the threat is definitely not what SEP claims it to be. SafeStrip is extremely intrusive, and this computer exhibits no symptoms whatsoever; also, none of the registry entries which would usually be associated with SafeStrip are present. I started digging deeper, using process explorer to try and find a rogue process or something—any sign of some kind of infection—to no success. Still, every single time SEP scans, it generates that same alert and then claims the virus has been successfully deleted but continues this over and over again. Unfortunately, looking at the properties of the alert tells me nothing; it does not have any information whatsoever except that name “SafeStrip”. I unplugged the computer from the network and ran a full scan, finding, as expected, the same thing. Then I ran an active scan, and this, also, found and deleted “SafeStrip”. Next, I ran another active scan, keeping my eyes glued on the screen, hoping to get some hint of a path where the threat was being detected. To my immense surprise, I spotted the supposed path: 74.125.45.100. Now my general frustration over the matter grew into genuine bewilderment; recall that the computer was, at this point, unplugged altogether from the network. In addition to that, I attempted to ping that IP (from another computer, obviously, which was plugged into the network), and it timed out; I could find absolutely nothing out via command line about that IP address. A Google search reveals that that IP is associated with a piece of malware, but none of the entries it is supposed to create on the system are present, and, if they were, I would expect that to be the path in which SEP found the threat. What was SEP actually scanning when it displayed that IP address?
Any suggestions for removal would be much appreciated.
Hello to all,
We have Symantec endpoint manager in our organisation having approx. 1500 end users on symantec managed clients.
I have been making a script in C that will do alots of jobs for displaying the info about system. In view of that I need to find out the last updation date of Symantec anti virus on client machine.
this script will run on every client computer. It will use DOS command to find out the latest updation date of Symantec anti virus.
So,is there any DOS command to display the updation date of :-
1. Antivirus and Spyware protection
2. Proactive threat
3. Network threat
Thanks...
Correct me if I’m wrong, but the SEP12 firewall is a stateful FW, so that it looks at the connection state and packets that match specific rules. As such, does the SEP Firewall block any inbound connections by default? I myself don’t think so but was asked this question. I stated that the SEP12 firewall will allow or block traffic in a stateful “packet” inspection manner, based on predefined rules and or signatures. So if you have the ALLOW ALL rule selected, it will allow inbound and outbound. But by design, I don’t think it just says, anything inbound is blocked.
Let me know, thanks.
I'd like to enable the Symantec Vulnerability Protection add-on for IE on certain machines without users ever seeing a prompt.
Has anyone had any success in doing so?
I was thinking of trying to figure out a way to do it in group policy. Are there any other ways to accomplish this?
I have a couple of Mac clients with a fresh install that are checking in to the SEPM or appear offline even though under the "Managment" info, it shows that it's "connected". These Mac clients have the latest definitions but are not checking in properly. I'm on 12.1.2.
Any ideas?
Environment -
Windows 7 Professional 64-bit, SEP 12.1.2 MP1 unmanaged client.
Intel i5 3570K 3.4 GHz processor, 16 gigs memory, 256 gig SSD hard drive less that 50% full.
Problem
Occasionally, a manual full scan will complete immediately and reports 0 files scanned. The AV system log reports "Symantec Endpoint Protection has failed to load the latest virus definitions".
The scan can be retried and eventually it will report more or less a "normal" number of files scanned. We've run the support tool and it reports that everthing is OK.
This appears only to occur on Win 7 64-bit clients. We've been wrestling with this problem since May. We've had it happen on more than one Win 7 64-bit client.
It's not feasible or reasonable to have to reinstall the SEP client every few weeks to correct the issue. We have an incident open with support but no answers so far.
Anyone else seeing this? Our gut feeling is that there is something in Win 7 that is conflicting with the SEP client, either random restore points being created when the manual scan tries to run or something like the "Computer Maintenance" task. Or, it could simply be a code defect in the SEP client.
Comments welcome, except uninstall/reinstall suggestions. Been there, done that.
Regards,
Wally
The wizard was interrupted before Symantec AntiVirus Corporate Edition could be completely installed. Your system has not been modified. To complete installation at another time, please run setup again. Click Finish to exit the wizard."
Hi,
We are having a problem where users are getting undelivered emails.
The CBL blacklisted us due to spam caused possibly by a DDOS Trojan called "pushdo"
http://cbl.abuseat.org/lookup.cgi?ip=200.7.92.115&.pubmit=Lookup
We are running SEPM version 11, can SEPM v11 detect this Tojan?
Help required urgently.
Thanks
Stuck on "processing updates" this is getting annoying have to wait for so long. Any way to speed this up? The updates 1-5 downloaded properly, now it says "processing updates" why is it stuck there?
RU3
Hi,
Currently all of my cliens are in computer mode. I would like to convert a subset of machines to user mode and have different firewalls policies based on who the user is. Is this a reasonable way to use user mode? Can I setup a SEP group to use user mode? If not, how would I convert several machines to user mode? I am running SEP 12.1 on Windows 7.
Thanks,
Bob
Creating objects one at a time is painfully slow and tedious. Copy-pasting a single policy at a time is likewise slow and tedious.
Looking forward to the many, many THOUSANDS of objects I will need to create, I would like to be able to clone any one of my TEMPLATE object *trees* into a new, untitled object with all the generic policies I assigned to the TEMPLATE. (Even better would be to clone one object tree into several hundred identical object trees.)
Oh, yes - and I want it yesterday! :-)
Hello? Is this thing turned on?
Cannot install SEP with attached error. Please advise if can fix the problem following Microsoft KB at http://support.microsoft.com/kb/872903 ?
OS:Microsoft Windows Server 2008 Standard.
SEP:12.1.2015.2015
The following Symantec products and components are installed on your computer:
> Centralized Reputation Settings
> Intrusion Prevention Signatures (hub)
> Virus and Spyware Definitions Win32
> Intrusion Prevention Signatures
> Virus and Spyware Definitions Win32 (hub)
> Symantec Endpoint Protection Client
> Revocation Data
> Submission Control Thresholds
> SONAR Definitions
> Symantec Whitelist
Initializing...
Connecting to liveupdate.symantecliveupdate.com...
Connected to LiveUpdate server successfully.
There are 10 update(s) to be downloaded.
Downloading catalog file (1 of 10) finished.
Downloading catalog file (2 of 10) finished.
Downloading catalog file (3 of 10) finished.
Downloading catalog file (4 of 10) finished.
Downloading catalog file (5 of 10) finished.
Downloading catalog file (6 of 10) finished.
Downloading catalog file (7 of 10) finished.
Downloading catalog file (8 of 10) finished.
Downloading catalog file (9 of 10) finished.
Downloading catalog file (10 of 10) finished.
Update available for Virus and Spyware Definitions Win32.
Update available for Intrusion Prevention Signatures.
0 update(s) have been downloaded.
Processing updates...
Failed to install update for Virus and Spyware Definitions Win32.
Failed to install update for Intrusion Prevention Signatures.
Session summary: 2 update(s) available, 0 update(s) installed.
LiveUpdate session is complete.
I have installed SEPM 12.1.2015.2015 with embedded DB.
I would like to know what program files I have to back up in case server or DB corrupted
Will appreciate if more details
I have an IIS Server that is consistently spiking in CPU at over 50% with just basic AV and SEP client verion 12.1.2. Any idea why that would be? Are there exceptions I need to look into?
The situation is this:
Symantec kept filling up the HDD with .gz files. One of our other sysads extended the drive not knowing that it would wipe the drive and corrupt the database. I had to do a complete reinstall of SEPM 11.0.6. After finally getting it to install correctly and getting rid of the "Cant connect to reporting Component" error, I am left with one last error that keeps popping up every 15 seconds or so. this is the log entry that keeps showing up.
Failed to create a folder to which to publish the package in
com.sygate.scm.server.task.packagetask
com.sygate.scm.server.util.serverexception: Faild to create a folder to which to publish the package
at com.sygate.scm.server.task.packagetask.publishpackage (Packagetask.java:594)
at com.sygate.scm.server.task.packagetask.run (packagetask.java:303)
at java.util.timethread.mainloop (timer.java:512)
I have tried to run the upgrade.bat file and reconfigure the server as well as tried to recreate the install packages but to no avail.
We are running Windows Server 2003 x64. The latest Java is installed and this server as well as the rest of the network is standalone in the sense that there is no way for us to connect to the internet. There are no 3rd party applications approved for the network.
Thank you in advance.