Hi All,
I am currently facing an issue with a lot of machines. Whenever I tried to start the already stopped "smc" service of SEP. I am not able to do so & hence got this error:
"Could not start the Symantec Management Client service on local computer.
Error 1068: The dependency service or group failed to start."
Pleasesuggect any valid solution.
I have some new GUPs on 12.1.4013.4013.
For testing we have set the Heartbeat/Download intervals to 5 min / 5 min.
The few clients we have pointing to the GUP have not updated their definitions and have been reporting back to the GUP consistently for several hours.
The SEPM is updating the check-in time, but the clients are not getting the latest definitions from the GUPs.
What can we do to force the clients to get definitions from the GUP?
Please provide the prescan tool download link.
When I had update my management console to 12.1.4104.4130 i have been getting an error on the symhelp. I cannot find a clear solution
Title: The Endpoint Protection Console is not using its configured ports
Product: Endpoint Protection Console
Status: Error
Symantec articles:
Which Communications Ports does Symantec Endpoint Protection use?
http://www.symantec.com/docs/TECH163787
Troubleshooting communication problems between the management server and the client
HOWTO80740
Details:
------------------------------------------------------------------------------------------------------------------
Error Reporting Console (httpd.exe) is not using its configured port {43} with a state of 8445. The application is using the port.
------------------------------------------------------------------------------------------------------------------
Ok Tomcat Shutdown (SemSvc.exe) is using its configured port 8765 with a state of 'Listen'.
------------------------------------------------------------------------------------------------------------------
Ok Remote Console Logon (SemSvc.exe) is using its configured port 9090 with a state of 'Listen'.
------------------------------------------------------------------------------------------------------------------
Ok Remote Monitoring & Management (SemSvc.exe) is using its configured port 8446 with a state of 'Listen'.
------------------------------------------------------------------------------------------------------------------
Ok Remote Management Console (SemSvc.exe) is using its configured port 8444 with a state of 'Listen'.
------------------------------------------------------------------------------------------------------------------
Ok Client Communication (httpd.exe) is using its configured port 8014 with a state of 'Listen'.
------------------------------------------------------------------------------------------------------------------
Information No application is using RADIUS Communication(httpd.exe)'s optional configured port 1812 with a state of 'Listen'.
------------------------------------------------------------------------------------------------------------------
Information No application is using AjaxSwing(SemSvc.exe)'s optional configured port 8045 with a state of 'Listen'.
------------------------------------------------------------------------------------------------------------------
I have SEP 12.1.4100.4126 and want my clients to update from the SEPM when on the network and update from Symantec LiveUpdate server when not on the network. I have set up a second location "External" and clients switch to this location when they cannot contact the SEPM. My question is:
The location will be checked every 4 seconds - that is the default
What is best practice for this location check? To me every 4 seconds seems pretty extreme. Currently I have a small test group but this is going to be deployed to a few thousand endpoints and I don't want them hammering the SEPM every 4 seconds. Any advice or real world proven checkin times?
I have this weird issue happening only on Non persistent VDI Machines, here it goes:
When a VDI is turned on - it loads the image it had when it was created. AV definitions will show up for when the image was created.
Now, for some weird reason, this happens:
-If a user logs in to VDI-a, on the syslog will show that that machine connected to the SEPM and downloaded the latest definitions.
-If NO user logs in to VDI-b, on the syslog will show that that machine connected to Symantec's live update servers and downloaded the latest definitions.
VDI-a and b are the same image.
Attached are some screenshots.
I have one SEPM that is daily throwing an Unexpected Server Error. I've searched the Knowledge Base but haven't found anything that points at a solution to stopping this. The SEPM is functioning, you can log into without errors, all the tabs work and you can run logs and reports just fine.
We're just being notified through a Server Alert that it has an unexpected server error. Checking the scm-server-0.log file shows many days with just one line entry: 2014-06-03 16:19:55.778 THREAD 35 SEVERE: com.sygate.scm.common.communicate.CommunicationException: Unexpected server error. ErrorCode: 0x10010000
Some days there are extra lines of data but the additional information on the error haven't been any more help. I'm attaching the server log file.
I got a infected file on May 28th, 2014, which Symantec Endpoint Protection quarantined. I want to delete this infected file from my hard drive. I looked online on how to delete a quarantined file, but I am unable to do it. Firstly, when I go to the quarantine window, there is a lock button at the bottom left corner. When I click it, it does not unlock, so I cannot manage my quarantined files. When I hold the button down, it looks like it is unlocked, but when I let go of the button, it locks itself again. Also, I cannot access the Symantec folder under the Application Support folder because it is not there. Hence, I cannot delete the quarantined file from there either. I was wondering if I need to reinstall Symantec Endpoint Protection on my computer, and if the installation driver that I downloaded will allow me to reinstall the software? Thanks!!
Hi all. I've recently installed the Endpoint Protection Manager on my home pc (which runs with Norton 360). From there I've generated a client install executable with the manager and installed this on one of my servers (Windows Server 2008 R2). However I'm unable to see this client active in my Endpoint Protection Manager.
On my server I did not install the SEP firewall but I'm still using the Windows Firewall. I've tried opening the ports 8014 and 9090 on both firewalls and I've also tried disabling both firewalls at the same time (home pc and server) but I still was unable to have them communicate with each other.
I've also ran the Symantec Help v2.1 tool on both my home pc and my server with the following results:
Home PC: I got 2 warnings:
1. User Account Control is enabled
2. SQL Server or client is not installed on this machine. You can ignore this test if you are using embedded database.
Windows 2008 R2 Server: 2 errors 1 waring
error 1. Disable the Windows Autorun feature
error 2. Client to Manager communications are not working
warning 1. Windows Firewall Configuration
The exception was not found: SMC Service.
However when I check the exceptions of Windows Firewall, the SMC Service is there and the box is checked. Which is confusing to me.
I don't understand why they won't communicatie with each other, even with both firewalls switched off. What am I doing wrong here?
We are running SEP 12.1.4013.4013 on management servers and all clients. I have been experiencing problems getting a vulnerability scanner (Nessus) to run on a server with a SEP IPS policy applied, even though I have added the scanner IP to the "excluded hosts" list.
I have seen a similar issue reported in thid article (https://www-secure.symantec.com/connect/forums/ips-blocking-traffic-internal-vulnerability-check-server) and read the associated documentation (http://www.symantec.com/docs/HOWTO81159). I have also read the Installation and Administration Guide PDF included with the SEP software. The documentation clearly states: "The client allows all inbound traffic and outbound traffic from these hosts, regardless of the firewall rules and settings or IPS signatures." (emphasis added)
I have followed the steps in HOWTO81159 to setup the vulnerability scanner IP as an excluded host, but the IPS signatures still block the outbound traffic. The location-specific settings are set to "server control" and I have verified the SEP policy version has had enough time to sync with the client. But it's not until I totally remove the IPS policy from the group that the scanner is in, that the scanner works successfully.
Has anyone else been able to successfully exclude a host IP (especially a Nessus scanner) from an IPS policy and actually prove that it works?
Many thanks!
Scott
PS. I currently have an open ticket with Symantec Support on this issue (who have so far said that I can't exclude a host from the IPS rules - contrary to the documentation and HOWTO article above?!?), so I'm seeking practical experience from the community.
Is there an update to this?
www.symantec.com/business/support/index?page=conte...
I'm running 12.1.4100.4126 on all of my GUPs and they're all offline. They won't stay running for more than about 4 hours.
Haven't done this in awhile so have to ask for clarification. I need to export a couple 11.0.7 packages that I just created in my 11.0.5 SEPM where I'm looking at the descriptions for 2 of the Policy Settings, below, from the Help page. For the first option's "description" that says "After you deploy...", will the new SEP 11.0.7 client appear in the selected group only if the second option, "Add clients automatically...", is enabled? So what happens if you uncheck this second box to automatically add clients to the selected group?
Lets you export a managed package with security policies from a specific group or groups. If you select multiple groups, a separate subdirectory of installation files is created for each group. After you deploy the exported client software, the client computers automatically appear in the group that you selected for installation.
Automatically installs the managed package to new clients that are added to the selected group.
What throws me off is the "description" for the 2nd option which appears as though it'll set some policy on the selected group after the export so should I move existing 11.0.5 clients to this group at a later date in my SEPM that it'll apply the new 11.0.7 package to them as well. Not true, right?...until I explicitly "assign" the 11.0.7 packages to a group(s). Is this just semantics where the verbage in the description for the 2nd option isn't quite right? Ultimately, I only want to upgrade a few clients to 11.0.7 to address a known issue where we'll be doing manual installs using the setup.exe packages I export. Want everyone else to remain at 11.0.5 until I get the nerve to upgrade my SEPM to 12.1.4.
I have some new GUPs on 12.1.4013.4013.
For testing we have set the Heartbeat/Download intervals to 5 min / 5 min.
The few clients we have pointing to the GUP have not updated their definitions and have been reporting back to the GUP consistently for several hours.
The SEPM is updating the check-in time, but the clients are not getting the latest definitions from the GUPs.
What can we do to force the clients to get definitions from the GUP?
As seen here: http://www.openssl.org/news/secadv_20140605.txt
OpenSSL has once again found a decades old bug within their software that allows a MIM attack to change the keys used to make unencrpting the traffic trivial. From the Heartbleed bug, we know that SEP 11 and SEP 12 use OpenSSL. Are there going to be patches to fix this for these products? If so when? And are there workarounds in the mean time?
How can i import the new version client packages in my exisiting server?
Existing version is 12.1.4 and client which i require to add is 12.1.4 mp1, How to import?
Hello,
We are getting NTP alerts regarding the heartbleed vulnerabilty - [SID:27517] Attack: OpenSSL Heartbleed CVE-2014-0160 4 attack
The alerts are generated by LNSSCOMM.EXE (GFI Languard). However, checking their site, none of their products are impacted the bug.
\DEVICE\HARDDISKVOLUME3\PROGRAM FILES (X86)\GFI\LANGUARD 11 AGENT\LNSSCOMM.EXE
http://www.gfi.com/support/products/gfi-languard/O...
Anyone have any ideas what might be causing this?
Thanks,
Mike
Good day;
I am hoping that someone of you BRILLIANT people can assist me in generating a report from teh SEP Management console to get Historical dataout of the SEP Reports, using the advanced setting. If there is a way to get it per Customer then per Client, and did I mention per Server for everytime the virus definition files were updated, thank would be GREAT!
Please reply as soon as you can;
dslman57
After clicking "Active Scan" in SEP 11.0.7 on a Win7 Pro box, a popup appears with title "Symantec Endpoint Protection" that has the message "Scan Failure: Unable to read the configuration." I searched the KB and forums but came up empty.
Note that SEP was uninstalled/reinstalled twice where we even resorted to CleanWipe in the end which didn't make a difference. Anyone come across this issue before?
SEP detects threats in Manual scan but left alone in schedule scan.Both the scan are done with latest same defenetion sets and administrative previlages.On Scedule scan it left the threat as Left alone with 0 bytes file size in risk log while doing manual right click scan it detects the threat and shows the file size.The file not locked with any software.
Regards,
Kannan.R
From what I can find it doesn't appear that I can install SEP on WinCE. Can SEP be installed on Micros WS4 or WS5 model 9700 running Windows CE?