Dear Experts,
For some reason the client doesn't have the latest virus definition. So, I'm trying to run remote command to update content directly to liveupdate server.
The status say 100% completed, but when check details, a few of them actually have liveupdate download failed.
And, I also found that active scan or full scan remote command was canceled itself at a few clients.
Any idea? I'm appreciate your advise.
regards,
Loh
Hello All,
I followed the below given article and i was able to Block few websites using Firewall rule.
https://support.symantec.com/en_US/article.TECH920...
however i was unable to block few though.
Could anyone comment on this issue ?
And how to block all the desired websites.
Hey,
We're forwarding SEP logs to the external Syslog server for further analythis.
The SEP sends a lot of OK messages that we don't want to see.
There were a massive amount of "The management server received the client log successfully" messages - I've filtered them out by disabling "System Client-Server Activity Log".
Now i'm trying to folter out positive messages similar to those:
Aug 23 12:01:18 SEPS1 Local: 2,Local: 484D7EBF6F59,Remote: 224.0.0.22,Remote: ,Remote: 0,Remote: 01005E000016,8,Outbound,Begin: 2017-08-23 12:00:02,End: 2017-08-23 12:00:02,Occurrences: 5,Application: ,Rule: Allow IGMP traffic,User: monik,Action: Allowed
Aug 23 12:21:24 SEPS1 ,Local: 1900,Local: 01005E7FFFFA,Remote: 10.150.100.173,Remote: ,Remote: 63854,Remote: 00118575A6A3,UDP,Inbound,Begin: 2017-08-23 12:15:53,End: 2017-08-23 12:15:57,Occurrences: 8,Application: ,Rule: Allow UPnP Discovery from private IP addresses,User: johnt,Action: Allowed
Aug 23 12:03:05 SEPS1 Local: 61645,Local: 00155D02463E,Remote: 192.116.194.3,Remote: ,Remote: 20,Remote: 001C7F3DDD29,TCP,Inbound,Begin: 2017-08-23 11:58:41,End: 2017-08-23 11:58:41,Occurrences: 1,Application: C:/SmartFTP/SmartFTP.exe,Rule: Allow 172.16.2.46 FTP,User: app_ftp,Action: Allowed
Any other ideas how to set correctly Log Filters to get only risk/block messages will be highly appreciated.
Attached is the screenshot of current Log filter config.
Many thanks,
Gennady
Is anyone aware of a link that details everything installed by default (external SQL database) when intalling SEPM 14.X Enterprise? I am building a DEV environment and am really curious what all installs by default. For example, does JAVA install and is it required if I do NOT use the web interface? Sorry for the random question but I could only find the requirements ... Thanks everyone!
I'm building a custom image in Win7x64 SP1 that incldes SEP 14 MP2. When I try to run ClientSideClonePrepTool.exe it throws the error: "Failed: Unable to Get Install Path. Please check if SEP was installed successfully." Just to verify that it's not just my image, I ren the clone tool on a couple of Win7X64 boxes with the SEP14 client installed and saw exactly the same error.
I have the version of the clone prep tool linked to in http://www.symantec.com/docs/HOWTO54706 and have seen several references to that page being applicaple to SEP14, but as far as I can see it's not. Is there a new version, a fix or a workaround?
I've tried the manual steps outlined in http://www.symantec.com/docs/HOWTO54706 running as the local administrator, and access was denied to all of the file deletions and registry value changes. I'm sure if I wanted to take the time I could work around that, but time is one thing I don't have much of right now.
Is there a working fix for the clone prep tool?
Thanks!
D.
Hello All,
I stopped and restarted the symcfgd service using the command "/etc/init.d/symcfgd stop" and "/etc/init.d/symcfgd start".
All the services came back up again (symcfgd, smcd, and rtvscand), but I began to get this error message when running "./sav manage -s" and "./sav manage -h":
"Failed to contact Symantec Endpoint Protection."
This is from a server that appeared to be working correctly before.
I verified that server could ping the SEPM manager and did a telnet to port 8014 on SEPM and port 7070 on the LiveUpdate server, and it connected no problem.
This is baffling me what could have gone wrong.
The server is running redhat 7.4, the SEP client is 12.1.7061.6600
Any ideas?
PG
Hi,
Our Windows 10 computers (Windows 10 Enterprise LTSB 2016 x64) have an issue when someone logs off, then back in again another time, they get a new profile. In the form of:
C:\Users\<user>.DOMAIN.000, 001, 002, etc...
SEP (12.1.7266.6800 x64) leaves a folder where a log file was located in:
C:\Users\<user>\AppData\Local\Symantec\Symantec Endpoint Protection\Logs\MMDDYYYY.log
After logoff, the log file goes, but the path remains negating the possibility of the user using the same profile again. Since Windows 10 takes forever to log in from the beginning, I'd like to have profiles reused.
Is there anything I can do? I've read previous posts where disabling autoprotect fixes it, but the admins won't go for that. Isn't that tantamount to disabling AV protection all together?
Thanks
jason
My company has a DMZ which I've stood up a new 2016 domain controller for.
As soon as I install Symantec Endpoint Protection 14MR2 latest version, then reboot, then all network communications seem to cease. It's like networking is totally broken because you can't even browse the web or do dns lookups.
Looking into it deeply, it seems that the Symantec Firewall Driver isn't getting applied properly. I found a forum thread with manual steps to apply the driver with the "install" button in the ipv4 network adapter properties, but am met with an ACCESS DENIED message from Windows when trying to do this.
I called support and had a ticket open (might still be open) and when seeing how things were working they tried these same manual steps to bind the Firewall driver to the NIC but it didn't work due to the same error.
I tried all kinds of things and found that Windows firewall service is not running and neither is the base filtering engine, and these things need to be running for normal TCPIP operations.
Well, Symantec changes something because once it is installed these things happen. Even after removing Symantec using the cleanwipe utility I had networking issues persist until I ran a tool that repairs Windows Firewall/base filtering engine.
Strangely, after that the networking issues would always return after a reboot etc.
So, I totally started over with a new VM, fresh install of Windows Server 2016 and promote to a DC.
Install SEP, reboot, can't ping the server, can't get to the net, can't do anything, networking is hosed.
Support was not much help and didn't have much idea other than trying to uninstall and reinstall it.
Is anyone using SEP on Server 2016 in the wild with any issues?? This is extremely frustrating as I'm not able to finish my project because of this.
I am testing a new SEPM 14.x deployment, we have a number of legacy clients to manage but I am unable to get 2003 Server or XP reporting to SEPM
I have push installed a client version 12.1.5 RU5 client to a 2003 Sp2 server, and while the client seems to be functional and according to the client log seems to be receiving policy from the SEPM, however the client does not show up in the SEPM console at all
How can I troubleshoot this?
thanks
Hey guys,
I've been following this KB for the migration process:
https://support.symantec.com/en_US/article.TECH132...
But I have 2 question here:
1. Does this apply also if I'm moving from 2008R2 to 2012?
2. Would it also work if the SQL Server 2008R2 and the 2012 have different IP addresses?
Thank you,
Im setting up SEP 14 from new on WINDOWS SERVER 2016, with a SERVER 2016 - SQL 2016 running the database, all within a virtual envronment. I seem to be having a problem when running the install when it comes to creating the database. I get the error Error - Preparing Datase, failed to connect to the database.
I've gone through the errors in the install_log.err file and find the error 'The CREATE DATABASE statement failed. The primary file must be at least 3072 MB to accommodate a copy of the model database' . I did originally get this error but instead of 3075 MB it wanted 1025 MB, so I had this increased. But I now get the error above.
In the previous steps before it trys to prepare the DB I can connect to the DB, so struggling to find out where it's going wrong?
Can any one help?
Thanks
Has anyone seen this or been able to solve? We seem to see it very infrequently. Not sure if a newer virus defs file would fix the situation or not.
Running on a RHEL 7.x machine, offline updates with the shell script. The install process will freeze during the "Remove Temporary Files" stage, but then on another attempt, it will complete successfully.
Like I said, very infrequent, and we're not exactly sure what causes it or how to consistently reproduce it. Our first guess might be to grab a newer virus defs file, but beyond that, we're not sure.
Thanks in advance.
Hello:
We are upgrading from Endpoint Protection 12.1.6 to 14.0. We will be doing a migration to retain our database and settings. However, now with version 14, I am confused as to how the client downloads the definitions, as there is now the cloud definitions option available when installing. Yet there is also the LiveUpdate settings policy as well which we use currently with version 12. I am not sure how they both work together in 14, and have tried to read but have been unable to confirm exactly how they work.
In our case, we will have the Endpoint Protection 14 Manager, and in the past we have all of our clients contact the management server for the definitions. Now, we want to have two sets of clients. One set to continue to contact the management server for its definitions, and other set to get its definitions from Symantec direct over the Internet. My question is, what do we set the installation settings to (Cloud definitions, or Dark Network defintions), and also what do we set our LiveUpdate policy to (Symantec server, or our Management Server), for each of these two sets of clients?
Thanks for the advise on this question.
So I've been reading the various upgrade documents from 12.1.X to 14.X (https://support.symantec.com/en_US/article.TECH236...) and I'm trying to track down if a reboot is required for the client servers running W2K8 R2 / W2K12 / RHEL 5-7 if I push out the upgarde via AutoUpgrade . I know for best practices it’s stated that the clients should be rebooted before installation - I have about 500 clients each with different owners so I'm trying to avoid scheduling 500 different reboot windows.
Thanks
Hi,
We have a thin client server running under Windows server 2012 r2. Problem we are having is that processing peaks, once we disable symantec client everything return back to normal. We upgraded to SEPM14 but still having same problem. Will installation of Embedded or VDI client installation settings for Windows solve the issue?
Please help with this issue. Thanks!
How to fix Symantec version 14 build 1904 (14.0.1904.000) install on windows 10 Pro version 1703
We faced to SONAR Component malfunctioning on our agents recently and the number of problamatics systems are growing day by day. Also most of them have Tamper protection malfunctioned too.
Here you can see the result of SymHelp on of sample system. please kindly assist..
I have several client with a disabled client status and would like to know is there a way to enable these clients remotely?
The console SEPM 14 MP2 is in a working group but it is required to register the server to a network domain, would present some inconvenience when making this change or there are recommendations to do this action
Hello,
SEPM couldn't allow me in to work in the SEPM with the credentials I used to login. Requested to get password reset with the e-mail ID used during installation. But, no e-mail is arriving on several requests. Please help. Filled the form on my Symantec connect. But, couldn't accept the form for Technical Support. Anyone who can help please?