Hi,
This is Kumar have been working as Network Administrator. Recently we have purchased symantec licence and we were trying to install through remote push for Windows 10 operating system from Symantec Endpoint Protection Manager 12.1.6. But i am failed to do so and getting error could not able to connect client (IP addresse).
Note: Can able to install for Windows 7 and Windows 8/8.1
Thanks in advance!
Regards,
Kumar
recently started getting some of these notifications ..
[SID: 28460] Web Attack: Venom Activity 3 attack blocked. Traffic has been blocked for this application: C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE |
[SID: 27945] Web Attack: Malicious File Download Request 32 attack blocked. Traffic has been blocked for this application: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE |
Does this mean the PCs are infected ? or that my web security solution is not working the way it should?
Hello all,
I recently just upgraded our SEPM server to 12.1.6 and have been working on pushing it to new and old clients. What I'm having problems with is that the older clients aren't appearing in the client list of the manager. Out of the ~30 clients that I sent deployment packages to yesterday, about 9 of them are appearing in the client list. What's weird is that those 9 that are appearing have been recently imaged and did not have any AV on them. The remaining clients that are NOT appearing had an older version of SEP. I went to all of the clients myself and they are all updated but I'm wondering why they are not appearing in the client list on the manager.
Does anyone have any idea?
Hello,
On the forum, I can find many informations about the ARP problem "Unsolicited ARP received by the client". Only, we have a specific network organization, and specific parameter on the client computer.
We have two routers Cisco in Actif / Passive mode (HSRP protocole), theses routers communicate with the client computer by a virtual gateway.
On the client computer, we have Wifi and ethernet interfaces enabled and connected. When the Wifi and Ethernet interfaces use the same VLAN, we receive a message from SEP Client "Spoofing MAC from the virtual gateway". On the SEPM server, we have in the log "Spoofing MAC" for a specific laptop with a occurrence number (between 1 and 5).
For example, in the first time, the laptop uses the wifi connection. When we connect the laptop on the Ethernet connection, we receive the spoofing message two or three minutes after this connection.
With Wireshark, we can see the ARP request "Who has" and the answer "Is at". In the ARP table from Wifi and Ethernet interfaces, we have just the static information and one or two dynamic information. In the dynamic information, we have the MAC and the IP from virtual gateway.
In the log from Wireshark, we don't have the Follow option (TCP / UDP stream) to follow the Request and this ACK.
For ARP request 'Who IS", do we have a timeout ?
For exemple, if the "IS AT" isn't received after a specific timeout, the client computer might think that this request is lost. It might cancel this request and send out another resquest "Who IS". The Spoofing ARP might come from old answer 'IS at", the client computer might consider this old answer like a spoofing mac.
What do you think about this example ? perhaps, true or totally false for you
Any idea ?
Thanks very much,
Eric
In our company we have many remote users. They have the latest SEP client installed on their laptops. The SEP manager doesn't appear to be communicating with the remote clients. While logged into a remote client I see that the virus definitions are up to date but when I log itno the manager I see it is out of date. As soon as the client connects to VPN then the manager is updated. How do I get the client to communicate with the manager besides connecting to the VPN?
Long story short, I was having an issue with machines that were reported with scan failures. As I've been going through the list, I've got an increasing number of machines with duplicate IP addresses. The serial number and GUID are unique but, they're not checking in I believe* because of that duplicated IP address.
The thing is, we image all our machines on two VLANS. They get their own version of SEP installed (not from the image) and we verify they check into the SEPM and get their defs before rolling them out. It's not all of our machines though, which is weird. Is it possibly an issue with the version 12.1.4 that's installed on these clients? I've been upgrading our machines to 12.1.6.1 and as these aren't checking in, they're not getting that update either.
Hi Guys,
In our environment, we had deployed SEP clients in our dealer lcoation. The policy updates will come from Management server but the definition update will be from internet. Now i want to upgrade those SEP client versions. Prensetly they are using 12.1.4013.4013. I want to perform the upgrade from internet only not from my management server.
Is that possible? if so how to perform the same.
Need your help.
dear sir,
i would like to make you some questions about your product -Symantec Endpoint Protection.
So could you please inform me if
-Symantec Endpoint Protection product could notify client when there are updates available for his operating system?
-What are Symantec Endpoint protection minimum system requirements (ram requirements) while pc is in idle mode?(specifically for old pcs with 512MB ram and Windows XP)?
-Has your product the utility to create Rescue Disk on its platform?
With Regards
Hi,
Does SEP 12.1.6 MP3 support rhel6.7 with kernel version “2.6.32-573.3.1.el6.x86_64”??
Thanks
We noticed that we can right click on the windows bottom left SEP tray icon and select "Disable Symantec Endpoint Protection" and it appears to work. The icon turns from having a green dot to having a red crossed out circle. The client also has a log that auto-protect has been disabled. Why is it that I can bypass the password protection we have setup by simply clicking on it?
Hi,
I got the database is down alerts from 6 Jan 2016 night, which the day I converted this VM server(this server only installed SEPM, no other roles/applications) to other ESXi host.
After convert this VM to the new host, SEP process normally, but from that day, the database down on everyday. After I start the Symantec Embedded Database service, SEPM performs normally, until the next alert occured.
I tried to restore the database from backup (from the old VM), also repaired SEPM in control panel, and perform a chkdsk /r to check the harddisk, but all not work, I still receive the alerts.
the err.log as below:
01/06 22:20:09. *** ERROR *** Assertion failed: 200505 (12.0.1.3554)[sem5]
Checksum failure on page 23588
01/07 13:25:11. *** ERROR *** Assertion failed: 200505 (12.0.1.3554)[sem5]
Checksum failure on page 3881
01/08 00:28:27. *** ERROR *** Assertion failed: 200505 (12.0.1.3554)[sem5]
Checksum failure on page 3830
01/08 16:54:06. *** ERROR *** Assertion failed: 200505 (12.0.1.3554)[sem5]
Checksum failure on page 3565
01/11 01:57:08. *** ERROR *** Assertion failed: 200505 (12.0.1.3554)[sem5]
Checksum failure on page 10826
01/12 09:35:05. *** ERROR *** Assertion failed: 200505 (12.0.1.3554)[sem5]
Checksum failure on page 787
01/13 01:48:48. *** ERROR *** Assertion failed: 200505 (12.0.1.3554)[sem5]
Checksum failure on page 23657
01/14 01:55:58. *** ERROR *** Assertion failed: 200505 (12.0.1.3554)[sem5]
Checksum failure on page 1939
Can anyone please advice what should I do to fix this error?
Thank you.
Hi,
We have some Symantec clients that are not existing on the Symantec Server. I have tried the syslink to regain the connection of Symantec client to server but it was unsuccessful. Since the client are not existing on the server there is no way to implement the policies I created on the server. Secondly, the client’s definition file may not update automatically.
Hi all , I am trying to achieve the following would greatly appreciate if you can help me out with it.
1) Is there a way via which we can make the CD/DVDs read only meaning users cannot write anything to the DVDs nor they can execute anything from DVDs in the same way we do for making USBs read only.
2) Currently I cannot make USBs ready only meaning I cannot prevent users from copying files from their USBs to desktop but I can stop them from writing to USBs.
Could you help me out ? Thanks
Hello - i received word that a new version of SEP is coming out. 12.1.6. MP4 Can you tell me when and give me any info about the upgrade?
I have updated my Macbook Pro to 10.11.4 when the Beta was available. After that, I noticed that for SEP, whether operating as a Managed Endpoint or Unmanaged, Virus and Spyware protection cannot be enabled (via Policy for managed, or manually for unmanaged).
The only means to work around this is to disable rootless in OS X.
I completely understand I'm working with Beta software - I'm posting this in case it helps others, and in case Symantec see it and take note of an issue with 10.11.4 (at least at present).
I'll update my own thread if subsequent betas correct the problem.
Hi All,
Does Enabling Multiple locations for a group in SEPM in policy might cause performance issue or not ?
Let say I have a group named "ABC"& there are 5000 clients in that group. And, if I enable/added 4 locations in "Manage Locations" under Policies then would it impact on the performance of end user or at SEPM? What if I use only one location with respect to performance?
Thanks....
Somehow I forgot password for sepm and I can't reset it.
I tried open a case so I can recieve resetpass.bat but got
Please fill a valid Product Version
Tried with 11.0.5 and 12.1
Recently i got Syemantec Endpoint Home Use Program. I installed it in my windows 10 computer. I am getting a message after installation that the program will not work on Windows 10. I am also unabe to uninstall it.
According to my firewall logs, all of my SEP client computers continuously try to contact the host stats.qalabs.symantec.com, which DNS can't resolve. I've tried several differnet DNS services (open DNS, Google DNS, Comodo, etc.).
The parent domain, qalabs.symantec.com, doesn't resolve either.
What's going on and can this be disabled?
--Bill Daly
Hi sorry , there is much articles about this , but i not find solution :( . exist solution how detect productstate instaled sep agents in the servers 2008r2 ? etc. wmi classes ?
thanx