Quantcast
Channel: Symantec Connect - Products - Discussions
Viewing all 12029 articles
Browse latest View live

Uninstalling SEP 14 client remotly from SEPM server?

August 28, 2017, 2:02 pm
$
0
0
I need a solution

Is there a way to uninstall SEP 14 client remotly from SEPM console ? We have 14 MP2 on SEPM and 14 MP2 on all SEP clients

0
Search

Auto Protect on blocking thumdrive

August 28, 2017, 9:32 pm
$
0
0
I need a solution

Hi,

May I know will SEP scan the blocked thumdrive when it plugs in?

Thanks.

0

SymDiag powererasor error: not available

August 29, 2017, 2:12 am
$
0
0
I need a solution

activated the rootkit scan in symdiag, after the reboot the scan is about to continue and then a message pops up that power erasor is not available.

And i can only continue without the powererasor scan.

is there a log to toubleshoot this and did anyone have this before?

0

Adding Clients to the groups

August 29, 2017, 4:48 am
$
0
0
I need a solution

Hi 

Please can anyone guide me through :

We have SEPM 12 in my production environment.

with all clients on win7 . 

I have recently deployed a test server with SEPM 14 for testing purposes. 

I am unable to intergrate the active directory , when i am adding the server to add Directory Server comes up with a warning : Unknown AD Connection Error.

which means i am unable to add OU to the groups. 

Please can some one help me with this ?

On the other hand when i try to add specific clients via IP address it does creates a connection to deploy client remotely once the status is comes up with successful it doesnt seems to appear in its desired group. 

Am i missing a trick here do i need to unistall the previously installed client on win 7 machines or is it something else to it , bcz when i try to push remotely from the server the message of deployment seems to appear on the client.

Please can anyone guide me through . 

Thanks

0

1504016220

SEP 14 reputation check

August 29, 2017, 4:37 am
$
0
0
I need a solution

I want to ask, can i check the reputation of file like NIS or Norton Security? And is Sep 14 block malicious website in Opera browser?

0

Outdated Workstation

August 29, 2017, 9:10 am
$
0
0
I need a solution

Everyweek I monitor the are a lot of clients that has outdated antivirus definition.

Is there a way to make a communication to issue those clients to update its antivirus?

0

Scheduled scans running at random times.

August 29, 2017, 11:56 am
$
0
0
I need a solution

I recently moved to a new server for the console, uninstalled clients, and reinstalled from the new console.  I set up an administrator scan in the console to run Sundays at 3:00 AM.  I don't see that in the clients.  I assigned the policy to the group, nothing.  I created a new group and assigned the policy, nothing.  I rebooted the clients, nothing.  I chose the Update Policies command, nothing.  They will run at random times on random days.  I submitted a case yesterday but have heard nothing and cannot find where to see open cases in the website.  I tried to post this 5 minutes ago and then the website screen went black and I had to start over.

Please help.

0
1504034296

SEP Mac OS 10.12.6 Sierra Install

August 30, 2017, 2:12 am
$
0
0
I need a solution

Hi All

We currently run Symantec Endpoint Protection 12.1.7 RU6 MP5. We are trying to install a SEP client onto Mac OS 10.12.6 Sierra, and we are getting incompatible version of MAC OS X.

The package installer we have on the SEP Management Console for Mac is 12.1.6867.6400. Is there a newer version for our version of SEP, or do we have to update to Symantec Endpoint Protection 12.1.7 RU6 MP6.

Or is this version of Mac not supported with 12.1.7 and we will have to go to 14 ?

Thanks

0
Search

SEP12 / Block creation of files with specific extensions

August 30, 2017, 5:26 am
$
0
0
I need a solution

Hi all,

To protect our computers against Ransomware, i 'd like to lock the creation of files with a list of specific known extensions ( locky, lukitus, nuclear, empty, ... ) on my users computers.
I have a list of more than 200 extensions used by ransomware to block.

I have created an Application and Device Control Policy in the SEPM 12.1 console, like there : https://www.symantec.com/connect/forums/block-exte...

But, as i have more than 200 extension files to block, is there a way to put this extension list in a single row, instead of creating 200 rows for each extension, one by one ?
Is there a way to import/export that extension list into/from the sepm console ?

I tested with 10 manually entered, row by row, file extensions that i want to block, and it's working.
SEP blocks the file creation, and gives the warning message to the user with the systray sep icon.

But it will be a huge work to add all the file extensions, one by one ... so i'm looking for a way to render this action more simple...

Excuse me for my poor english, i'm french...  and i do my best ... ;-)

0

New Whitepaper: Ransomware 2017 An ISTR Special Report

August 30, 2017, 8:29 am

Issue with SEP 12.1 in an SEPM 14.x environment

August 30, 2017, 9:18 am
$
0
0
I need a solution

I recently update my SEPM to version 14.x.

For windows XP and W2k3 computers I use SEP version 12.1.7266.6800 MP8. But when I try to install a new exe packet with this versión I get an error in all my XP/w3k3 clients and that version is not installed.

NOTE: All these clients has already got SEP version 12.1.7004.6500 and are working fine with SEPM 14.x but I'd like to upgrade to the last 12.x version. I've tried to create the new packet with versión 12.1.7004.6500 but the result is exactly the same. The only packet I can install is that one created in my las console version, 12.1

Any help would be appreciate.

Thank you in advance.

This is the error I get

Error

Jose Manuel García

0

Bloodhound.Exploit.33

August 30, 2017, 2:29 pm
$
0
0
I need a solution

Seems like I'm getting way too Bloodhound exploits, all in the Firefox folders. Symantec quarantines the file, but they are all over my environment. Is this a Firefox or Symantec heuristic scanning problem?

At least one security risk found:

Risk name: Bloodhound.Exploit.33
File path: \Users\mhenry5\Library\Caches\Firefox\Profiles\p1rax1cw.default\cache2\entries\D24076F9E3188D7A262CB45F9E12FADDBFE48A56
Event time: Aug 30, 2017 3:27:16 PM
Database insert time: Aug 30, 2017 3:27:42 PM
Source: Real Time Scan
Description:
User: Max Henry
Computer: MHENRY5-2YLG8WL
IP Address: 10.204.170.241
Domain: xxxxxxx
Server: SYMBLUE
Client Group: My Company\Mac_LUA
Action taken on risk: Quarantined

0

LiveUpdate Administrator Passwords

August 31, 2017, 12:03 am
$
0
0
I need a solution

Is there a way to set the password requirements for the live administrator password? i.e. minimum password length?

What is the maximum password length allowed for live update administrator? is it configurable?

0

Locations in SEP 12.x

August 31, 2017, 3:39 am
$
0
0
I need a solution

Hi All,

          Does anyone know if it is possible to export the list of Locations from my current SEPM and import them into a new non linked SEPM. Otherwise I have somewhere in the region of 100 locations to enter?

Cheers

PaulC

0

SEP firewall blocks inbound traffic on Chrome

August 31, 2017, 7:08 am
$
0
0
I need a solution

Hello,

We have several PC's where SEP is blocking inbound Firewall Traffic on Chrome.

There are no plugins/add-ons installed. Nothing detected in Risks log. Threat Analysis as well does not show any suspicious files.

Could you please help me anylyzing the cause of it.

This is what I see in Traffic logs:






















Time StampEvent TypeEvent TimeSeverityHistorical IP AddressRemote Host IPRemote Host NameNetwork ProtocolLocal PortRemote PortTraffic DirectionApplication NameBegin TimeEnd TimeRepetitionACTIONRule NameAlertSend Snmp TrapLocal Host MacRemote Host MacHardware KeyUser Name
08/31/2017 18:02:06UDP datagram08/31/2017 18:01:34Critical192.168.0.17192.168.0.13 UDP6160842860InboundC:/Program Files (x86)/Google/Chrome/Application/chrome.exe08/31/2017 08:35:5808/31/2017 08:35:581BlockedBlock all incoming traffic to applications which isn´t approved00E4B3181DB53744650D44EF10D1683A5566288205E870EF2B7553FAB3ud5249v
08/31/2017 18:02:06UDP datagram08/31/2017 08:35:57Critical192.168.0.17192.168.0.13 UDP6160842860InboundC:/Program Files (x86)/Google/Chrome/Application/chrome.exe08/31/2017 08:35:5808/31/2017 08:35:581BlockedBlock all incoming traffic to applications which isn´t approved00E4B3181DB53744650D44EF10D1683A5566288205E870EF2B7553FAB3ud5249v
08/31/2017 18:02:06UDP datagram08/31/2017 08:34:31Critical192.168.0.17192.168.0.13 UDP6450442860InboundC:/Program Files (x86)/Google/Chrome/Application/chrome.exe08/31/2017 08:34:1808/31/2017 08:34:181BlockedBlock all incoming traffic to applications which isn´t approved00E4B3181DB53744650D44EF10D1683A5566288205E870EF2B7553FAB3ud5249v
08/31/2017 18:02:06UDP datagram08/31/2017 08:30:31Critical192.168.0.17192.168.0.13 UDP6497242860InboundC:/Program Files (x86)/Google/Chrome/Application/chrome.exe08/31/2017 08:30:1808/31/2017 08:30:203BlockedBlock all incoming traffic to applications which isn´t approved00E4B3181DB53744650D44EF10D1683A5566288205E870EF2B7553FAB3ud5249v
08/31/2017 18:02:06UDP datagram08/31/2017 08:26:36Critical192.168.0.17192.168.0.13 UDP6496442860InboundC:/Program Files (x86)/Google/Chrome/Application/chrome.exe08/31/2017 08:26:1908/31/2017 08:26:224BlockedBlock all incoming traffic to applications which isn´t approved00E4B3181DB53744650D44EF10D1683A5566288205E870EF2B7553FAB3ud5249v
08/31/2017 18:02:06UDP datagram08/31/2017 08:22:31Critical192.168.0.17192.168.0.13 UDP6107742860InboundC:/Program Files (x86)/Google/Chrome/Application/chrome.exe08/31/2017 08:22:2008/31/2017 08:22:202BlockedBlock all incoming traffic to applications which isn´t approved00E4B3181DB53744650D44EF10D1683A5566288205E870EF2B7553FAB3ud5249v
08/31/2017 08:22:40UDP datagram08/31/2017 08:20:34Critical192.168.0.17192.168.0.13 UDP6365642860InboundC:/Program Files (x86)/Google/Chrome/Application/chrome.exe08/31/2017 08:20:2108/31/2017 08:20:212BlockedBlock all incoming traffic to applications which isn´t approved00E4B3181DB53744650D44EF10D1683A5566288205E870EF2B7553FAB3ud5249v
08/31/2017 08:22:40UDP datagram08/31/2017 08:16:34Critical192.168.0.17192.168.0.13 UDP6269642860InboundC:/Program Files (x86)/Google/Chrome/Application/chrome.exe08/31/2017 08:16:1808/31/2017 08:16:222BlockedBlock all incoming traffic to applications which isn´t approved00E4B3181DB53744650D44EF10D1683A5566288205E870EF2B7553FAB3ud5249v
08/31/2017 08:22:40UDP datagram08/31/2017 08:12:34Critical192.168.0.17192.168.0.13 UDP5216042860InboundC:/Program Files (x86)/Google/Chrome/Application/chrome.exe08/31/2017 08:12:2008/31/2017 08:12:201BlockedBlock all incoming traffic to applications which isn´t approved00E4B3181DB53744650D44EF10D1683A5566288205E870EF2B7553FAB3ud5249v
08/31/2017 08:22:40UDP datagram08/31/2017 07:56:35Critical192.168.0.17192.168.0.13 UDP5809142860InboundC:/Program Files (x86)/Google/Chrome/Application/chrome.exe08/31/2017 07:56:1908/31/2017 07:56:213BlockedBlock all incoming traffic to applications which isn´t approved00E4B3181DB53744650D44EF10D1683A5566288205E870EF2B7553FAB3ud5249v
08/31/2017 08:22:40UDP datagram08/31/2017 07:42:33Critical192.168.0.17192.168.0.13 UDP6006057260InboundC:/Program Files (x86)/Google/Chrome/Application/chrome.exe08/31/2017 07:42:2008/31/2017 07:42:201BlockedBlock all incoming traffic to applications which isn´t approved00E4B3181DB53744650D44EF10D1683A5566288205E870EF2B7553FAB3ud5249v
08/31/2017 08:22:40UDP datagram08/31/2017 07:34:33Critical192.168.0.17192.168.0.13 UDP5523057260InboundC:/Program Files (x86)/Google/Chrome/Application/chrome.exe08/31/2017 07:34:2208/31/2017 07:34:221BlockedBlock all incoming traffic to applications which isn´t approved00E4B3181DB53744650D44EF10D1683A5566288205E870EF2B7553FAB3ud5249v
08/31/2017 07:22:36UDP datagram08/31/2017 07:04:32Critical192.168.0.17192.168.0.13 UDP5602359948InboundC:/Program Files (x86)/Google/Chrome/Application/chrome.exe08/31/2017 07:04:2008/31/2017 07:04:213BlockedBlock all incoming traffic to applications which isn´t approved00E4B3181DB53744650D44EF10D1683A5566288205E870EF2B7553FAB3ud5249v
08/31/2017 07:22:36UDP datagram08/31/2017 07:00:32Critical192.168.0.17192.168.0.13 UDP5313059948InboundC:/Program Files (x86)/Google/Chrome/Application/chrome.exe08/31/2017 07:00:1808/31/2017 07:00:203BlockedBlock all incoming traffic to applications which isn´t approved00E4B3181DB53744650D44EF10D1683A5566288205E870EF2B7553FAB3ud5249v
08/31/2017 07:22:36UDP datagram08/31/2017 06:42:31Critical192.168.0.17192.168.0.13 UDP5480459948InboundC:/Program Files (x86)/Google/Chrome/Application/chrome.exe08/31/2017 06:42:1808/31/2017 06:42:181BlockedBlock all incoming traffic to applications which isn´t approved00E4B3181DB53744650D44EF10D1683A5566288205E870EF2B7553FAB3ud5249v
08/31/2017 07:22:36UDP datagram08/31/2017 06:38:31Critical192.168.0.17192.168.0.13 UDP5314859948InboundC:/Program Files (x86)/Google/Chrome/Application/chrome.exe08/31/2017 06:38:1908/31/2017 06:38:204BlockedBlock all incoming traffic to applications which isn´t approved00E4B3181DB53744650D44EF10D1683A5566288205E870EF2B7553FAB3ud5249v
08/31/2017 03:20:44UDP datagram08/31/2017 03:19:36Minorff02:0000:0000:0000:0000:0000:0000:00fbfe80:0000:0000:0000:00e0:1fce:550e:bf93 UDP53535353InboundC:/Program Files (x86)/Google/Chrome/Application/chrome.exe08/31/2017 03:19:2508/31/2017 03:19:251BlockedBlock all other applications003333000000FB40331AE6DE0BD1683A5566288205E870EF2B7553FAB3ud5249v
08/31/2017 03:20:44UDP datagram08/31/2017 03:19:15Minorff02:0000:0000:0000:0000:0000:0000:00fbfe80:0000:0000:0000:00e0:1fce:550e:bf93 UDP53535353InboundC:/Program Files (x86)/Google/Chrome/Application/chrome.exe08/31/2017 03:19:1208/31/2017 03:19:163BlockedBlock all other applications003333000000FB40331AE6DE0BD1683A5566288205E870EF2B7553FAB3ud5249v
08/31/2017 03:20:44UDP datagram08/31/2017 03:14:04Minorff02:0000:0000:0000:0000:0000:0000:00fbfe80:0000:0000:0000:143d:1e54:1e18:28f9 UDP53535353InboundC:/Program Files (x86)/Google/Chrome/Application/chrome.exe08/31/2017 03:13:5708/31/2017 03:14:0410BlockedBlock all other applications003333000000FBBC9FEF04513AD1683A5566288205E870EF2B7553FAB3ud5249v
08/31/2017 03:20:44UDP datagram08/31/2017 03:13:38Minorff02:0000:0000:0000:0000:0000:0000:00fbfe80:0000:0000:0000:00e0:1fce:550e:bf93 UDP53535353InboundC:/Program Files (x86)/Google/Chrome/Application/chrome.exe08/31/2017 03:13:2008/31/2017 03:13:243BlockedBlock all other applications003333000000FB40331AE6DE0BD1683A5566288205E870EF2B7553FAB3ud5249v
08/31/2017 03:20:44UDP datagram08/31/2017 03:12:26Minorff02:0000:0000:0000:0000:0000:0000:00fbfe80:0000:0000:0000:00e0:1fce:550e:bf93 UDP53535353InboundC:/Program Files (x86)/Google/Chrome/Application/chrome.exe08/31/2017 03:12:1208/31/2017 03:12:132BlockedBlock all other applications003333000000FB40331AE6DE0BD1683A5566288205E870EF2B7553FAB3ud5249v
0
Search

How to install SEP using an alternative version of Java?

August 31, 2017, 8:06 am
$
0
0
I need a solution

I'm pretty sure this is possible because I've heard it mentioned before.

I would like to install SEP on redhat linux using a different version of Java than is currently installed. I wouldn't want to interfere with whatever the current java is doing, and would want SEP to use the newly installed java version and not touch the existing version.

Is that install process documented somewhere?

0

False Positive (Trojan.Gen.2) for executable on college training cd's

August 31, 2017, 8:10 am
$
0
0
I need a solution

I have endusers in my HR department who peform training sessions with reputable vendor-supplied disks provided by a local community college. As of last week, they've always been able to run the executable on the training disks for their classes, but suddenly this week the executable is flagged by SEP as a Trojan.Gen.2 risk and prevented from running. Since this executable is on a cd, I can't add it to the Exceptions List. I tried adding a shortcut to the enduser's desktop, then adding the shortcut to the Exceptions List, but this does not work and the executable on the disk continues to be flagged as a threat.  (D:\ACDC.exe is the path/executable that is flagged as a trojan)

Any help would be greatly appreciated.

0

SEP 14 RU1

August 31, 2017, 10:32 am
$
0
0
I need a solution

When is SEP RU1 scheduled for release ?

0

GUP download content from SEPM problem

September 1, 2017, 12:06 am
$
0
0
I need a solution

Hi I have problem with GUP I will tell detail below

first I install SEPM at HQ between HQ and remote site connect by leased line can ping and communication normally

so I install SEP at remote site and assign policy GUP to them like this

GUP Policy

and status GUP is True

problem is when GUP try to download content from SEPM it have error like this:

2017/09/01 11:16:52.568 [1636:3276] GUProxy - Content-Availability-Time: (60)
2017/09/01 11:16:52.588 [1636:3800] CAsyncHttpConnection::Close - Request: HttpSendRequest; CtrlBlk: 06FF3F00 time: 0
2017/09/01 11:16:52.588 [1636:3800] SyLinkEventFunc - EVENT_LU_REQUIRE_STATUS: Calling QueryContentSeqData with Moniker: {A78E095A-8FED-4937-9D5C-0B6C20EA696C} Target Sequence: 170801034
2017/09/01 11:16:52.588 [1636:3800] LuMan: Entering QueryContentSeqData: {A78E095A-8FED-4937-9D5C-0B6C20EA696C}, 170801034
2017/09/01 11:16:52.588 [1636:3800] LuMan: QueryContentSeqData result: 0x20010006
2017/09/01 11:16:52.588 [1636:3800] SyLinkEventFunc - EVENT_LU_REQUIRE_STATUS: QueryContentSeqData returned CMC_CONTENTUPDATE_NEEDED(536936454)
2017/09/01 11:16:52.588 [1636:3800] SyLinkEventFunc - EVENT_LU_REQUIRE_STATUS: No cached content information was returned. Request full package
2017/09/01 11:16:52.588 [1636:3800] GUProxy: find the downloading which should be cancelled.
2017/09/01 11:16:52.588 [1636:3800] GUProxy: erase the downloading /content/{A78E095A-8FED-4937-9D5C-0B6C20EA696C}/170801034/Full.zip
2017/09/01 11:16:52.588 [1636:3800] GUProxy: SetDownloadStatus for /content/{A78E095A-8FED-4937-9D5C-0B6C20EA696C}/170801034/Full.zip status 8
2017/09/01 11:16:52.588 [1636:3800] GUProxy: Current GUP 10.21.71.97 staus is 1
2017/09/01 11:16:52.588 [1636:3800] GUProxy: GUP 10.21.71.97 chosen
2017/09/01 11:16:52.588 [1636:3800] AH: Setting the Browser Session end option & Resetting the URL session ..
2017/09/01 11:16:52.588 [1636:3316] GUProxy: accepted socket 9004 for 10.21.71.97 port 49482
2017/09/01 11:16:52.588 [1636:3284] GUProxy: Begin to handle accepted socket 9004
2017/09/01 11:16:52.588 [1636:3284] GUPROXY - GUProxy HTTP in - GET /content/{A78E095A-8FED-4937-9D5C-0B6C20EA696C}/170801034/Full.zip
2017/09/01 11:16:52.588 [1636:3284] GUPROXY - GUProxy File - /content/{A78E095A-8FED-4937-9D5C-0B6C20EA696C}/170801034/Full.zip
2017/09/01 11:16:52.588 [1636:3284] GUPROXY - GUProxy mangled file - #content#{A78E095A-8FED-4937-9D5C-0B6C20EA696C}#170801034#Full!zip
2017/09/01 11:16:52.588 [1636:3284] GUProxy - Add request into download queue.
2017/09/01 11:16:52.588 [1636:3244] GUPROXY - GUProxy - TARGET_IP: - 172.16.0.99;
2017/09/01 11:16:52.588 [1636:3244] GUProxy - GET SEPM info from SYLINK(1) ,GET /content/{A78E095A-8FED-4937-9D5C-0B6C20EA696C}/170801034/Full.zip  BEGIN with 15757,total with 303
2017/09/01 11:16:52.608 [1636:3244] GUProxy - DownloadThread: 15454 bytes need to be resumed
2017/09/01 11:16:52.608 [1636:3244] GUProxy - DownloadThread() max abort times will use the default value
2017/09/01 11:16:52.608 [1636:3244] GUProxy - Download loop, remain 15454 bytes to download
2017/09/01 11:16:52.618 [1636:3244] GUProxy - **downloadHelper.CreateUrlRequest Faile GET://172.16.0.99:8014/content/{A7i8E095A-8FED-4937-9D5C-0B6C20EA696C}/170801034/Full.zip
, begin from 0 with size 15454

and apache log from SEPM look like this :

(I have more then 1 GUP log error is same differance at url,ip,port)

[Fri Sep 01 11:15:19.022233 2017] [mpm_winnt:error] [pid 5544:tid 4528] (OS 64)The specified network name is no longer available.  : [client 10.21.71.97:49487] Thread(7428) TransmitFile failed, socket: 05432, Threads ready: 498, URI: GET /content/%7B5A7367E1-D1F6-43b5-BD94-4AFFA896D724%7D/161121023/Full.zip HTTP/1.1

I also test GUP and SEPM connect

GUP can access SEPM:8014/content/contentinfo.txt

and SEPM can access GUP:2967/content/contentinfo.txt but this is empty page because GUP can't download it from SEPM

in SharedUpdate have file but it size about 1KB

I'm also try to access url 172.16.0.99:8014/content/{A7i8E095A-8FED-4937-9D5C-0B6C20EA696C}/170801034/Full.zip from GUP and it download full.zip

I try to uninstall and install it for few time it not fix

SEPM version is 

14.0.2415.0200

install it in windows server 2008 r2

and SEP that act as GUP is 14.0.2415.0200 generate from SEPM install in win7 close UAC already

i think problem is **downloadHelper.CreateUrlRequest Faile but no idea why this happen Anyone found this problem plese tell me how to fix it : )

Thank you

0

SEP Cannot Install on Windows 10 with Latest Updates

August 31, 2017, 10:35 pm
$
0
0
I need a solution

Hi,

I have SEP 14.0.1904.000 version. Recently I put a full update on all of my windows 10 PCs so that all the workstations are up to date with the Windows 10 latest version. During the update there was a message from windows that my version of SEP is incompatible with Windows 10. After that I uninstall it and try to install it again, but it failed.

What should I do to install SEP on Windows 10? I have the SEP 12x licenses but I got 14x free upgrade during the license period.

Thanks

0
Viewing all 12029 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>