SEP sends an email daily with virus detection information, and it's 100% what has already been sorted into the junk folder of Thunderbird. Is there any way SEP can automatically remove the files from the junk folder, rather than just reporting it found them?
Hi,
Hasn't this issue been addressed on the SEP 14 version? My server's drive got full twice in a span of one week. Server 2016 operating system.
Hello all,
I have a doubt about the license on the unmanged clients. Does anyone know what happens whith the unmanaged clients when the license installed on the SEPM expire? Do they need to be re-created?
My only experience with this issue is with my labs machines, and now if I create an unmanged client with the trial license, the license in the client expire and it doesn.t work fully.
I have a client with mobile employes that can be out of office for up to two years whithout going to the office, which means without connection to the SEPMs to update the license, and they have asked me what will happen with these clients at the end of the year when they have to renew the license. Do they have to connect them to the SEPM (impossible)? do they have to create a new client package when the new license is being deployed, and install it, or everything will work as expected in an unmanged client?
Kind regards,
Juan
we are facing issue in Symantec 14MP2 client. This version is preventing McAfee encryption agent installation.
After further trouble shooting I come to know that Application and Device control component is causing issue.
I excluded some below process but issue remain same.
After this I found one article on Internet https://support.symantec.com/en_US/article.HOWTO95454.html?redirect=false related to sysfer.dll. after adding this exclusion we are able to install McAfee Drive Encryption agent.
Now my query is this Sysfer.dll article is for SEPM 12.1, Still this issue is persist with 14MP1?
And if we add this sysfer.dll in application exclusion are we safe?
HI
After the Offline update process I want to know whether the update succeeded or not
i update from this site:
Symantec Endpoint Protection Manager Installations on Windows Platforms
https://www.symantec.com/security_response/definit...
How do I know that the update is successful
How to show a picture from within the program that the update was successful
Hello All,
I keep getting the below given notification from Symantec Endpoint on different SEP clients:
[SID: 30033] System Infected: Downloader.Dromedan Activity 21 attack blocked. Traffic has been blocked for this application: C:\WINDOWS\SYSTEM32\REGSVR32.EXE
[SID: 28173] Web Attack : Malvertisement Website Redirect 21 attack blocked. Traffic has been blocked for this application: C:\USERS\INSRATHORE\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
[SID: 30033] System Infected: Downloader.Dromedan Activity 21 attack blocked. Traffic has been blocked for this application: C:\WINDOWS\SYSTEM32\REGSVR32.EXE
Can anyone suggest me with the solution and how to resolve it ?
What could be the possible reason for the same ?
Hi Guys,
Question on SEP 14 device control for Mac, i was reding this link:
https://support.symantec.com/en_US/article.HOWTO12...
Meaning if i block a USB on mac, users can still use terminal and copy and paste content on a blocked USB via commands?
Thanks!
So I have a weird one.
One of my client's offices is using managed clients of SEP 12.
When you click View Logs in the SEP interface of the client version, two of the users PCs only show logs from the past 14 days.
The PC accounts that these two users use are admin accounts.
If you click Change Settings in the SEP interface, they can manually change the Log Retention period, but it reverts back to 14 days after a PC reboot.
The other users are showing logs from the past year.
The PC accounts that these other users use are non-admin accounts.
They cannot click Change Settings in the SEP interface, that function has been locked by the administrator.
On the SEP management server, the policy settings for log retention is 14 days.
I changed the policy settings on SEPM to be 365 days for log retention, but if this doesn't work for keeping logs in the interface past 14 days, I am out of ideas.
I know the lifetime logs can still be found in the SEP installation folder, but my users use the Export Logs function to send the scan logs to their IT security team in their overseas headquarters.
Any suggestions?
Hello,
I submitted a whitelisting request 3 days ago, submitssion #4120434, and the only reply I have so far is the [No Reply] response that the submission was received.
My requests have typically been taking no more than 24 hours, just wondering why I have not received a reply on this one.
Thanks for any help
Jim
Some of my computer are not downloading updates from the symantec endpoint protection manager.
Hi,
I have a problem wierd, when I deployu my package on desktop, laptop no problem, but some surface after the installation the wi-fi stop working.
After investiging I found when I installed the options firewall with will be installed on the hard drive I have no problem, but If and I don't know why surface install this way with entire feature will be installed on the hard drive the wi-fi stop working.
I have adress IP I can ping from a other pc but can login on the domain or go to internet don't work.
Any idee Why
Windows 10 enterprise, sep 14.0.2415 and if I change manually to installed to the hard drive it work, but I put a package for all my pc and exetp for the surface everything is fine
Thx
I just purchased SEP 14 license. I am new SEP user, never purchase SEP before. I want to install version 12.1 instead.
Can I downgrade my license?
hello everyone,
i need your help please with something i'm trying to fix these last days. We have closed network with sepmanager 14 mp2 , until now we updated the virus definition with jdb. We decided last week to install
Liveupdate administrator on a network with internet connectivity and open a feed for updating the sepm. I installed the last LUA release and the LUA download updates. My problem is with the sepm it can connect to the LUA but there is something really strange it download sep definition for the 12.6 version , although the lua is configured to download and distribute the 14 version.
any idea?
thank you
Eric
We had a user this morning that could not conntect to our network with wi-fi or ethernet. The nework adapters were present in device manger but did now show up in ipconfig. I didn't get the chance to troubleshoot as one of my coworkers found an article elsewhere saying to uninistall SEP, which worked. After looking around in the forums I noticed that there was an issue with SEP v12 and network connections. Has anyone else had the same issue with SEP v14? The users computer is a Dell Latitude E7470 with Intel I219-LM ethernet and Intel Dual Band Wireless-AC 8260 adapters. To prevent this from happening elsewhere I disabled Network Intrusion Prevention.
Starting at 8:45 this morning, I've been getting these emails:
Message from:
Server name: XXXXXX
Server IP: XXX.XXX.X.XXX
The Symantec Endpoint Protection Manager database has gone down and needs immediate attention.
If I go onto the server and try to log into the SEP manager, I get another error just saying database is down and cannot log in.
Hi -
I am trying to create a common LU policy that spans across multiple different linked sites in different geographic regions. I was planning on usuing a policy with Multiple GUP configuration with a GUP defined for each location that needs one. From the docco I get that with this config, the list of available gup's becomes available to all clients.
The question is, how do the clients detect the nearest GUP if the gup itself is not in the same subnet as the clients. For example most of our locations the servers and worstations will be in different subnets, even though they are in the same physical location. So how do the clients detect the nearest gup, (or in this case would they detect a GUP at all and intstead go to the default management server, which may be in a diffent geographic region)
I have a design that has sites spread over several physical geographic locations. the intention is that the clients in the hub site will download from the site SEPM, and clients in other locations would download from a local GUP
thanks
Hi all,
We have installed Symantec Endpoint Protection Manager 14 MP2 in our corporate network. During last night's scheduled full scan, SEP client found a suspicious mails on one of the computers. This morning after we closed SEPs information popup windows, thunderbird suddenly crashed. After the next start of the program, we saw that not all mails are present and after we've checked the file location, found that the inbox file is too small. We realize that this "new" inbox contains only mails from this morning, but not the older ones. There were no records that the old inbox file was deleted in "Risk logs" on the local SEP client. Only in Windows application log we found information that the inbox file was successfully deleted (Security Risk Found! JS.Downloader.D in File: PATH\inbox by: Scheduled scan. Action: Cleaned by Deletion. Action Description: The file was deleted successfully.).
Is there any method so we can restore the old inbox?
Thanks in advance!
Hello all,
I am thinking about using quite a lot of different locations on a client due to a specific needs of their infraestructure. I have read a TN (https://support.symantec.com/en_US/article.TECH973...), in which says that SYM does not recommends to create more than seven locations per group.
Note: Symantec does not recommend more than seven (7) locations per group when using Location Awareness. Exceeding this number can negatively affect the execution time on how long it takes the Endpoint Protection client to process and ultimately connect to a valid location when it meets all conditions.
In my experience, I have used a maximum of four locations for a group. Does anyone have experience using more than seven locations? Do you really notice the execution time badly affected?
In my environment I do not mind to check the location once per hour or even longer.
Kind regards,
Juan
Just wondering if you have any info when you will have support for Red Hat 7.4. Looks like that support was not added to 14 MP2 client.
Hi,
we have these IPS messages pop up at some customers System lately:
The connection goes to Port 445 outbound to different systems, mostly fileservers.
The Systems initiating the connection appear clean with a full scan, powererasor scan and symdiag threat analysis. (Did not check with other tools yet)
Anyone else got these lately? Could maybe be a false positive.
