Quantcast
Channel: Symantec Connect - Products - Discussions
Viewing all 12029 articles
Browse latest View live

Distrptr.dat high I/O

January 2, 2016, 6:28 am
$
0
0
I do not need a solution (just sharing information)

My system began to run very slow.  The Norton products would take minutes to repsond to 'right-clicks' on the context menu.  Other programs began taking minutes or longer to run.  scanpst.exe (Microsoft's Outlook personal folder scanning and checking tool) went from 6 minutes to over 70 minutes to run.

Resource Manager showed that nav.exe was writing > 7MB/sec to distrptr.dat and distrptr.dat.log.

I downloaded the NRnR.exe tool, removed and re-installed Norton AV.  Everything ran fine for about 1 month at which time I was informed my subscription had expired (it was atuomatically renewed less than 60 days earlier).  Contacted support, they resolved the license issue and things were good for about 2 weeks.  At that time the disk I/O for distrptr.dat was once again over 6MB/sec. 

I ran NRnR.exe once again to remove and re-install the product.

At this point, if I have any other issue with this I'm going to remove it completely and install McAfee which is a shame as I've been a loyal Norton user since the ealry 90s.

0
Search

Pre-reqs for Remote Push from SEPM Server

January 2, 2016, 7:18 am
$
0
0
I need a solution

Hi Guys , I am trying to do remote push from SEPM server , on some machines I can push the package fine on others I can't . The error I get is the failed login when I supply the Domain Admin password. OS of machines are Windows 7 majority , 8.1 and 10. SEPM version is 12.1.6 MP3.

Please tell me if I am missing anything from the below pre-reqs for remote push.

1) Disabling Firewall completely or opening required ports

2) Enabling remote registery service

3) Enabling file and printer sharing

4) Disable UAC or enable the Local Account token filter policy

5) Enabling Network Discovery

Am I missing anything ?

Thanks 

0

Symantec clients are disable number are increasing in HOME page

January 3, 2016, 12:50 am
$
0
0
I need a solution

HEllo guys,

In our envirnment,the symatec clients are disable,the number is increasing in HOME page.and also i check in  security status the NTP policy is disable.

once the machine is login,it will connected to SEPM sevrver,it will be okke right?

0

Dashboard-Info

January 3, 2016, 7:16 pm
$
0
0
I need a solution

Hello

On SEP 12.1.6 home page dashboard info display about Windows Defination as below screen

the laetest from Symanetc showing informaiton is currently unavailable and its due to internet access from SEPM server

becasue we block every thing except live update URL to downlaod new singanture but what is URL for this info Latest from Symantec

it is getting info so we can allow this URL so we get proper info for this

111.png

Thanks

0

Symantec Endpoint Protection Manager database has gone down

January 4, 2016, 12:44 am
$
0
0
I need a solution

The Symantec Endpoint Protection Manager database has gone down and needs immediate attention.

I enable service and but in the next hour, it stopped again.

0

Migrate from Endpoint protection 12.1.1 to Protection Suite Enterprise 4.1

January 3, 2016, 10:12 pm
$
0
0
I need a solution

Hi,

1. Symantec Endpoint protection manager  version 12.1.1101

We currently use the above  Symantec product. This product   is installed on the  Windows  server 2008 machine.

But now we have purchased the Protection Suite Enterprise Edition 4.1.

Is there in our situation some kind of migration possible? What is the best way to install the Protection Suite? Without losing contact with all the alrealdy deployed Endpoint clients .

Please share any documents if anyone have.

Thanks you in advance,

With regards,

Ravi G C

0

VDI - Scheduled Scan running after Refresh

January 4, 2016, 4:36 am
$
0
0
I need a solution

Hi Guys,

Other than truning off scheduled scans altogether, is there any way to stop SEP from running a scan after the desktop is refreshed? 

Scans are scheduled to run each weekend, but a desktop may be refreshed to a point in time from a couple of weeks ago and the scheduled scan kicks in as SEP thinks it has been run since the date it was refreshed to.  Technically correct, but the image it is being refreshed back to already had a scan just run on it before it was shut down.

I need to turn these scans off as they are not required - is there any way to do this, e.g. if a scheduled scan is missed, it will wait for the next time it is scheduled to run, rather than immediately when the User next logs in after the desktop is refreshed?

Thanks,

Paul.

0

Notification Condition - "Log the notification" option does not log in Windows events??

January 4, 2016, 7:58 am
$
0
0
I need a solution

Hi guys,

I have a question about how the "Log the notification" option works..

I have configured a Single risk event Notification condition..

I set up the Notification condition with an email address and I also checked Log the notification.

The console detected a Trojan risk during a client scan, and while I received the email notification, it did not log the risk into the Windows Events..

How can make sure that these type of events create a Windows event?

0
1451926054
Search

Windows 10

January 4, 2016, 10:26 am
$
0
0
I need a solution

I have Symantec Endpoint on my laptop. I never uninstalled it before I upgraded to Windows 10, I found out after the fact that it wasn't compatible with Windows 10. I've been trying to uninstall it for a month now and I still can't uninstall it. I've seen the forums about doing it manually and I've tried it but I can't make the changes required to uninstall it from the registry. It does the schedule scans that I had setup before but I can’t go into the program and do anything with it. I just get the error message letting me know it’s not compatible. Before anyone ask yes I have admin rights to my own laptop.

0

Re-enabling tamper protection via registry or command line

January 4, 2016, 1:14 pm
$
0
0
I need a solution

We are currently running citrix with provisioning services to stream our disk images. I am currently following this document in order to fix the duplicate HardwareID/Computer accounts reporting into the symantec console.

https://support.symantec.com/en_US/article.tech123419.html

Step 1 - Disable Tamper Protection on the SEP client; this must be done to allow the file and registry changes in steps below

I have set up a test client and disabled tamper protection and tested the script provided. This does work to set the hardware IDs and creates a unique computer account in the symantec console.
 

Im not really a huge fan of leaving tamper protection off on my citrix servers however, so my question is is there a way either by command line, registry key, or some other method to reenable tamper protection after I have set the hardware IDs.

0

SEPClientBlockNAC

January 4, 2016, 6:29 pm
$
0
0
I need a solution

Hi

We have SEP 12.1.4 SEPM server and SEP clients and we are puhsing Cisco NAC (ISE) agent through MS SCOM on users PC but SEP client on user PC is blocking or not able install this Cisco NAC or ISE agent on user PC which has SEP. Do we have to create exception in firewall of SEP client, Exception or applicaiton exception in SEP policies

Thanks

0

SEP 11 install rollback in windows 7 32 bits

January 4, 2016, 4:19 pm
$
0
0
I need a solution

i have a problen when install SEP version 11.0.4 after re-install LUsetup.exe

the install of SEP rolling back in installing process

i was looking for this solution and dont found in the forum,

i try this:

1-reinstall LUsetup, restart windows and install again, dont work

2-remove value PendingFileRenameOperations in regedit, dont work

3-change value "%USERPROFILE%\AppData\Roaming'' in regedit, dont work

0

1451961088

Ransom32 — First JavaScript-powered Ransomware affecting Windows, Mac and Linux

January 4, 2016, 11:33 pm

SEP not logged at startup and SymCorpUI.exe moved to a subfolder

January 5, 2016, 6:15 am
$
0
0
I need a solution

Hi (and pardon my SEP illiteracy: i am a simple user trying to find an answer to my problem before physically going back to work in two weeks).

My problem is as follows: when i opened up the computer this morning, all SEP icons had gone from the dock, the app's shortcut i had additionally stuck on the left dock side had changed into a basic Window icon. When i clicked on it, it said SymCorpUI.exe was not to be found in its original folder and proposed to delete the shortcut. (Which i didn't.)

Windows did find a "SymCorpUI.exe" file with the SEP icon, but in a subfolder to the normal one:

\12.14013.4013.105\Bin\

If i click on that icon the regular SEP authorization window appears and asks me to authorize the app (12.14013.4013.105\Bin\SymCorpUI.exe) to access the computer. Which seems weird/risky/pfishy. Shall i run to my workplace which is quite far away from where i am right now, to have the IT Crowd solve this, or am i being paranoid?

All thoughts / suggestions welcome.

Froguette

0

Location Awareness String Value

January 5, 2016, 8:23 am
$
0
0
I need a solution

We have an application that has to run on IE8 so it has been requested thatI block IE8 from accessing anything outside of 10.0.0.0/8.  In order to detect the devices that are running this version of IE my thought was to use location awareness.  Now for the most part we just use the default location but for our test group I've gone and added a second location called IE8 Restrictions to apply the firewall rule.  Default is still the default and I've added no rules whereas for the IE8 Restrictions location I've set it to match on the Version string of HKLM\Software\Microsoft\Internet Explorer which has the string Version with the value for that version as below.

Snap 2016-01-05 at 11.19.39.png

However the test machine is not changing location but remains in the default location.  Remember last location is enabled.  Not sure if I should be adding \Version on the key name (looks like it would look further down in the registry tree) or if I need to add criteria to Default to NOT match the Version 8 string.

0
1452024662
Search

Where can I download the latest LiveUpdate? (LU1806 errors)

January 5, 2016, 9:48 am

SEP blocking autorun.inf for IronKey removable drives

January 5, 2016, 10:40 am
$
0
0
I need a solution

Hello...

I plug in my Iron Key and click to unlock it...  I enter my passcode and then get an error message (screen shot) so it seems like entry into the Iron Key has failed.  However, after a minute or so I am able to access the files on the Iron Key.

When I go to close the Iron Key it will not close (screen shot). I get the error message that SEP blocked the autorun.

Are autorun.inf files normally blocked?

0

1452032578

When risks are detected they report coming from wrong client and IP address

January 5, 2016, 2:50 pm
$
0
0
I need a solution

Hi, we had a small risk outbreak today and when everyone momentarily panicked as happens regularly when we get a small outbreak like this, the automated report that we get of the computer with the problem turns out NOT to be the problem computer.  It seems like SEPM is taking a random device, a randomly logged on user, and reporting that the risks came from that device rather than the correct device.

Is this a known issue with 12.1.5 or 12.1.6?  How do we fix this?

0

ARP SPOOFING

January 6, 2016, 1:25 am
$
0
0
I need a solution

There are many protecting arp-spoofing logs. ( Monitors - Logs - Network Threat Protection Logs. )

Althogh These attacks are protected by SEP.

But I want to these logs are not happend anymore.

So, What is the next step after arp-spoofing logs appear?

Log information are like below

Time, Event ..... Direction, Local Host IP, Remote Host IP, Current IP..

( what is the different Local Host, Current Host ? )

I don't know, What I should do next.

Anybody some advice to me?

0

migration SEPM

January 5, 2016, 11:07 pm
$
0
0
I need a solution

HEllo guys,

I have to migrate our SEPm server from physical server to virtual server with different name and IP

Current setup:

version :12.1.6 mp3

OS:windows 2008 R2

DB:Embedded.

New server Details:

VErsion :12.1.6 MP3

OS :windows 2012 r2

DB:Embedded.

How i miograte SEPM,my plan is the following 2 method

method 1: backup the existing Db and recovery file

               install SEPm 12.1.6 MP3 in new server

              restore the Db and rstore the recovery file 

             Set the priority in OLD SEPM SERVER.So all clients will Communincate with NEw server.After communication,Stop the SEPM services of old server

Second method : The new server install as a additional Site

                          one the installation is completed,Set the priority in OLD SEPM server.stop the the SEPM services in oLD server

Which method is more usefull ,suitable and stable?

0
Viewing all 12029 articles
Browse latest View live
Search