DefaultFirewallRule

May 14, 2014, 9:55 pm

≫ Next: Symantec dropping antivirus ?

≪ Previous: Virus copying jpeg files to exe

$

0

0

I need a solution

Hi

We have SEP 12.1.4.MP1a and SEP clients has all three components virus, proactive and network threat with default firewall rule. When we have installed SEP client on exchange 2010 HUB & CAS server and users PC, the outlook disconnected with exchange and when we remove firewall policy from server groups everything was OK

Here is firewall screen what these last three default rule funtion and why they are they these are blocking commuicatiaon between exch & outloook

 

Thanks

 

---

Symantec dropping antivirus ?

May 14, 2014, 10:06 am

≫ Next: SVA vs SEPM Groups

≪ Previous: DefaultFirewallRule

$

0

0

I need a solution

I was just informed by a fellow employee here at work that she was in a major meeting where it was announced by the high-muckie-muck that Symantec is getting out of the "antivirus business" and that agencies needed to find other protection and products to keep a-v coverage.

Symantec drop SEP? OK, I know I know it's no longer "viruses" so much as malware and attacks - the world has changed and people need to get their heads into the 2010s and out of the 1990s like too many, including management here, is stuck in.

Is this a matter of "semantics" and just a battle of words - or is SEP going away as it exists today?

Enquiring minds want to know - ifit's right I really need to know - and if that's all wrong, where did the BS come from?

When was the last "virus" you found - say an infected file or a boot sector, etc.? Be careful - I mean VIRUS - an infection, not a file or app that doesn't belong. An infection impacts EXISTING files or boot areas, malware, Trojan Horses, etc. are different, they aren't viruses, malware isn't a virus. So when was the last VIRUS you had?

SVA vs SEPM Groups

January 21, 2014, 5:22 am

≫ Next: SEP Embedded Issue

≪ Previous: Symantec dropping antivirus ?

$

0

0

I need a solution

In the SEP 12,1 guide, it is mentioned to

"export the communication settings file from the client group that you plan to use for your Guest Virtual Machines (GVMs)".

But what will happen if the GVMs of one ESXi host are in multiple SEPM groups. Or even, if one group has GVMs from multiple ESXi?!

Will it work to have one SEPM groups for all SVA clients?!

SEP Embedded Issue

May 15, 2014, 11:57 am

≫ Next: Failure to export Network Threat Protection reports

≪ Previous: SVA vs SEPM Groups

$

0

0

I need a solution

I am currently trying to install and test a trial version of the SEP Windows Embedded Sygate 5.1 but since it is a trial version I cannot get direct support. I have tried this install on three different servers, one 2003 and two 08 R2 Standard. No matter the install I always get the same results. semsrv crashes with event id 4096 - The Java Virtual Machine has exited with a code of -1, the service is being stopped.

Below are my logs from

scm-server-0 :

2014-05-15 14:13:24.510 SEVERE: 1012/126 ================== StartClientTransport ===================
2014-05-15 14:13:24.557 SEVERE: 1012/126 Unkown Exception in: com.sygate.scm.server.servlet.StartupServlet
com.sygate.scm.common.communicate.CommunicationException: Unexpected server error! ErrorCode:  0x10010000
 at com.sygate.scm.common.communicate.Communicator.getRequestInputStream(Communicator.java:472)
 at com.sygate.scm.server.util.ClientTransportHelper.startClientTransport(ClientTransportHelper.java:178)
 at com.sygate.scm.server.servlet.StartupServlet.init(StartupServlet.java:61)
 at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:880)
 at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:768)
 at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3484)
 at org.apache.catalina.core.StandardContext.start(StandardContext.java:3710)
 at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1148)
 at org.apache.catalina.core.StandardHost.start(StandardHost.java:697)
 at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1148)
 at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:311)
 at org.apache.catalina.core.StandardService.start(StandardService.java:450)
 at org.apache.catalina.core.StandardServer.start(StandardServer.java:2213)
 at org.apache.catalina.startup.Catalina.start(Catalina.java:484)
 at org.apache.catalina.startup.Catalina.execute(Catalina.java:371)
 at org.apache.catalina.startup.Catalina.process(Catalina.java:134)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:324)
 at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:151)

Failure to export Network Threat Protection reports

May 15, 2014, 6:33 pm

≫ Next: SEP clients can't connect to server

≪ Previous: SEP Embedded Issue

$

0

0

I need a solution

Hi,

Please refer to attached file.

Thanks

• sepm_cert.jpg

1400205434

SEP clients can't connect to server

May 15, 2014, 8:54 am

≫ Next: scm-ui.2013-10-10.log file in temp folder keeps growing in size more than 30 GB

≪ Previous: Failure to export Network Threat Protection reports

$

0

0

I need a solution

Hi,

I am curious as to find where is the root cause to the problem. The clients are unable to connect to the server and after restarting the SEPM 12.1 server service, it went back to normal.

Based on the catalina.out and scm-server-0.log, I have found that the error lies on the DB and as well as java.

I would like to know where did it go wrong.

 

• catalina.7z
• scm-server-0.7z

scm-ui.2013-10-10.log file in temp folder keeps growing in size more than 30 GB

October 23, 2013, 2:37 am

≫ Next: shortcut virus

≪ Previous: SEP clients can't connect to server

$

0

0

I need a solution

scm-ui.2013-10-10.log file in temp folder keeps growing in size more than 30 GB.Why does it grow ?how to avoid this to prevent the disk space.it keeps growing and not able to delete the file .

Everytime i need to restart the server to get auto deleted of this file in temp folder.

Can anyone help me why this file is getting generated in temp folder?

 

 

shortcut virus

May 15, 2014, 8:50 pm

≫ Next: GUProxy - Download failed

≪ Previous: scm-ui.2013-10-10.log file in temp folder keeps growing in size more than 30 GB

$

0

0

I need a solution

hi guys,

I am having problem with shortcut virus long time ago at my company.

when I scan the thumb drive with SEMP 12.1 version, the virus still in it.

even the pc infected.

I've tried to use SymHelp but nothing happen. 

can you guys show to me how to remove the virus automatically when I plug in the thumb drive?

or may I know the person incharge so that I can contact him/her immediately?

---

GUProxy - Download failed

May 14, 2014, 1:56 am

≫ Next: disable copy of .xyz files

≪ Previous: shortcut virus

$

0

0

I need a solution

I have just run into an issue with a GUP not downloading content from the SEPM.

The SEPM (10.4.71.47) and GUP (10.4.71.51) are running on Windows 2012 standard edition with SEP 12.1 RU4a (12.1.4104.4130) on the SEPM and SEP 12.1 RU4 (12.1.4100.1426) on the GUP client.

The GUP has correctly identified itself as a GUP, but has been unable to download content.  I have enabled debugging on the GUP and discovered the following.

******************************** Start of log File ********************************

2014/05/14 09:47:43.737 [2232:3704] GUProxy: Current GUP 10.4.71.51 staus is 1
2014/05/14 09:47:43.737 [2232:3704] GUProxy: GUP 10.4.71.51 chosen
2014/05/14 09:47:43.737 [2232:3704] AH: Setting the Browser Session end option & Resetting the URL session ..
2014/05/14 09:47:43.737 [2232:3588] GUProxy: accepted socket 3584 for 10.4.71.51 port 6610
2014/05/14 09:47:43.737 [2232:3212] GUProxy: Begin to handle accepted socket 3584
2014/05/14 09:47:43.737 [2232:3212] GUPROXY - GUProxy HTTP in - GET /content/{810D5A61-809F-49c2-BD75-177F0647D2BA}/140513035/Full.zip
2014/05/14 09:47:43.737 [2232:3212] GUPROXY - GUProxy File - /content/{810D5A61-809F-49c2-BD75-177F0647D2BA}/140513035/Full.zip
2014/05/14 09:47:43.737 [2232:3212] GUPROXY - GUProxy mangled file - #content#{810D5A61-809F-49c2-BD75-177F0647D2BA}#140513035#Full!zip
2014/05/14 09:47:43.737 [2232:3212] GUProxy - Add request into download queue.
2014/05/14 09:47:43.737 [2232:3172] GUProxy - Throttle changed to [0X0000000000098968] BPS since Thread Count added to [1]
2014/05/14 09:47:43.737 [2232:3172] GUPROXY - GUProxy - TARGET_IP: - 10.4.71.47;
2014/05/14 09:47:43.737 [2232:3172] GUProxy - GET SEPM info from SYLINK(1) ,GET /content/{810D5A61-809F-49c2-BD75-177F0647D2BA}/140513035/Full.zip  BEGIN with 0,total with 0
2014/05/14 09:47:43.753 [2232:3172] GUProxy - Download failed GET://10.4.71.47:8014/content/{810D5A61-809F-49c2-BD75-177F0647D2BA}/140513035/Full.zip  ResponseStatus=403
HTTP/1.1 403 Forbidden

Connection: close

Date: Wed, 14 May 2014 09:47:43 BST

Content-Length: 2171

Content-Type: text/html

Mime-Version: 1.0

Proxy-Connection: close

******************************** End of log File ********************************

If you copy the url http://10.4.71.47:8014/content/{810D5A61-809F-49c2-BD75-177F0647D2BA}/140513035/Full.zip in to a internet browser it allows you to download the file.

Has anyone else come across a similar issue?

2737491

disable copy of .xyz files

May 16, 2014, 2:10 am

≫ Next: SEP 12.1.4 and Microsoft EMET

≪ Previous: GUProxy - Download failed

$

0

0

I need a solution

hello,

we have SEPM 12.1 RU4MP1 with a lot of client.

we want disable the copy of one or more type of files (using the extension of the file .xxx or .xyz) on usb devices.

is it possible ? how can we do this ?

SEP 12.1.4 and Microsoft EMET

May 12, 2014, 9:20 am

≫ Next: SEP 12.1 Browser IPS add-on and IE 9

≪ Previous: disable copy of .xyz files

$

0

0

I need a solution

We're looking for feedback from anyone that has deployed SEP 12.1 and the Microsoft Enhanced Mitigation Experience Toolkit (EMET) to their clients.   We're currently running SEP 12.1.4 on Windown 7 Pro 64-bit clients and are interested in using the EMET to further enhance security.

So, is anyone running SEP 12.1 and the EMET 4.1?  If so, are there any issues or incompatibilities that you have encountered between SEP and EMET?   Also, we would welcome any feedback about how the EMET was configured to avoid impacting the SEP client.

Thanks for your comments.

Wally

1400277516

SEP 12.1 Browser IPS add-on and IE 9

May 16, 2014, 3:11 pm

≫ Next: Force Enable SEP Add-On via GPO for Firefox and Chrome

≪ Previous: SEP 12.1.4 and Microsoft EMET

$

0

0

I need a solution

Hello all,

We're looking for feedback on how to keep IE 9 from disabling the SEP 12.1 client's browser intrusion prevention add-on.   We've seen reports that if the load time is greater than .2 seconds, IE will disable the add-on.

We're looking for GPO settings to prevent this behavior in IE 9.   I think it's related to the "Add-on Performance Advisor" ==> in Group Policy ==>Computer Configuration ==> Administrative Templates ==> Windows Components ==> Internet Explorer  choose "enable" for "Disable add-ons performance notifications".    We also have seen TECH164924 on how to disable the pop-up "The Symantec Intrusion Prevention add-on from Symantec Corporation is ready for use."  that gives the client the option to disable the browser IPS add-on.

So, is there anything else to prevent IE9 from either disabling the add-on or allowing the client to disable it.

Thanks,

Wally

Force Enable SEP Add-On via GPO for Firefox and Chrome

May 8, 2014, 7:13 am

≫ Next: Intrusion Prevention is blocking internet

≪ Previous: SEP 12.1 Browser IPS add-on and IE 9

$

0

0

I need a solution

I have tried adding this via GPO by adding {6D53EC84-6AAE-4787-AEEE-F4628F01010C} with a value of 1 after finding this thread https://www-secure.symantec.com/connect/forums/browser-intrusion-prevention-add-problem#comment-5861811.

 

This does not seem to apply, is there another way to attempt to do this via GPO that someone can help me with?  It applies to IE fine but I was hoping there is a way to also add this for Firefox and Chrome, any info would be greatly appreciated.  Currently running SEP client and manager both on version 12.1.4100.4126.105

 

Thanks,

Intrusion Prevention is blocking internet

February 6, 2014, 12:20 am

≫ Next: LiveUpdate Administrator ? v12.1 RU2 vs v12.1 RU4

≪ Previous: Force Enable SEP Add-On via GPO for Firefox and Chrome

$

0

0

I need a solution

Hi,

On few machines when IPS is on it blocks access to internet and even it does not ping to proxy but when i remove IPS it works perfectly, any idea

Thanks

LiveUpdate Administrator ? v12.1 RU2 vs v12.1 RU4

May 16, 2014, 8:56 pm

≫ Next: Adding a new Administrator to the SEPM

≪ Previous: Intrusion Prevention is blocking internet

$

0

0

I need a solution

3 SEPMs - Version 12.1.4104.4130 (2 SEPMs shared SQL DB "site partners" and a Failover Replication Partner SEPM w/SQL DB)
1 LUA - Latest Version
10,000 Clients - Versions 12.1.1000.157 - 12.1.4100.4126

SEPMs fetch updates from the LUA. Our Clients are not allowed to pull from internet.  They are scheduled to get updates from SEPM at 4am with a 7 hour randomization.  LiveUpdate button enabled on client for "on demand" update. Of course, when client reboots, it will check for updates from the LUA.

My question is...  In LUA, I currently have v12.1 RU2 selected as my product from the catalog.  I just noticed that v12.1 RU4 is an option in the catalog.  Should I select this version now and remove v12.1 RU2 or have both selected?

 

Thank you!
Anthony in NY

---

Adding a new Administrator to the SEPM

February 11, 2014, 7:19 am

≫ Next: Database error during upgrade to last SEP Manager 12.1.4

≪ Previous: LiveUpdate Administrator ? v12.1 RU2 vs v12.1 RU4

$

0

0

I need a solution

Hi,

 

I'm having an issue when I try to add a new Admin to the SEPM console.

 

I go through the steps and create the user (Admin Tab - Add an administrator - give it the name and other details, select Limited Administrator with View Reports, Select SEPM authentication and set the local password)

I try to login as the user I just created, so knowing that the ID and password is correct, however it just tells me the ID or password is not correct, when I know that it is.

Other Admins and I can all login fine, I just can't create the new one.  The only difference is that this new admin doesn't have a corresponding ID in AD, whereas we all do, however I don't think this should be required if SEPM authentication is being used?

Can anyone shed any light? I have tried setting it as different admin types and with different access levels but all with the same result.

Any help would be appreciated.

Thanks,

Adam

Database error during upgrade to last SEP Manager 12.1.4

May 16, 2014, 8:40 am

≫ Next: After Database restoration clients are not communicating with SEPM

≪ Previous: Adding a new Administrator to the SEPM

$

0

0

I need a solution

During the upgrade to last 12.1.4 on a Windows Server 2003 machine, I receive this database error:

Any idea on how to solve the issue?

Thanks in advance.

 

After Database restoration clients are not communicating with SEPM

April 9, 2014, 10:44 am

≫ Next: Have moved SEPM to another server but I have further question...

≪ Previous: Database error during upgrade to last SEP Manager 12.1.4

$

0

0

I need a solution

Hi,

I am facing some issues with SEPM so I run the Manager configuration wizard with the intention to repair the SEPM after completing the wizard I restored the database with backup as on date of 31 March 2014 around 900 clients are added to SEPM at that time .

Restoration of database completed sucessfully but the issue is that clients are not communicating with SEPM manager are all of them showing Offline and I am also getting error of Apache again and again on the server on which SEPM is installed.

Please guide me what I have to do to make these clients again communicating with SEPM abd to fix this Apache error.

 

Regards

Geekgadget

Have moved SEPM to another server but I have further question...

May 16, 2014, 6:16 am

≫ Next: Access of particular user

≪ Previous: After Database restoration clients are not communicating with SEPM

$

0

0

I need a solution

Hi all,

 

I followed the steps as outlined at http://www.symantec.com/business/support/index?page=content&id=TECH104389 (used Solution A) and this has worked very well.

 

However it was not very clear if I need to leave the old server running for a while to ensure all clients are connected to the new server as not all clients are able to connect it instantly e.g. some of them are turned off for a few days, others are left turned off for a week, etc.

My gut is telling me "leave the server on for a few weeks/months" but I'd like to know the 'official' way of doing this as I do not want to miss out any clients.

Thanks all.

 

Tony

Access of particular user

May 17, 2014, 4:31 am

≫ Next: SEP 12.1.3 -- Extreme Read I/O-activity slows clients down

≪ Previous: Have moved SEPM to another server but I have further question...

$

0

0

I need a solution

Is it be possible that any ftp can be block by symantec and only access with limited person?