NTP blocking VM traffic on HyperV host after upgrade to 12.1 RU6 MP7

January 22, 2018, 3:14 am

≫ Next: Invoke-RestMethod to interact with SEPM Groups

≪ Previous: SEP 14.0 RU1 MP1 build 14.0.3892.1101 - GUI crashes

I do not need a solution (just sharing information)

Scenario:

The HyperV hosts and hosted VM's all have AV + NTP installed, the firewall policy for the hosts only have rules necessary for the hosts themselves, not the hosted VM's (they have their own FW policies). We have just upgraded to 12.1 RU6 MP7 from 12.1 RU5, now NTP on the host is blocking traffic destined for its VM.

In the host's NTP traffic log, the VM's MAC and IP address are shown in the local host details.

I can work around this by creating a rule to allow all traffic to the VM's MAC address, however why do I now need to create these rules?

I have a case raised - 13921775, however Symantec support have been fairly poor, with the advice given of 'uninstalling NTP' and that this is fixed in MP8 (different issue): FIX 4074754 https://support.symantec.com/en_US/article.INFO436...

I have found the following threads, but none have a solution:

https://www.symantec.com/connect/forums/endpoint-p...

https://www.symantec.com/connect/forums/sep-window...

Any help appreciated!

↧

Invoke-RestMethod to interact with SEPM Groups

January 22, 2018, 5:34 am

≫ Next: Excel files reporting "someone else is working in file" when trying to save to network share

≪ Previous: NTP blocking VM traffic on HyperV host after upgrade to 12.1 RU6 MP7

I need a solution

I'm trying API Rest method with Symantec EndPoint Manager 14 (14.0.3876.1100)

[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $True }

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;

$cred= @{

username = "myaccount"

password = "mypassword"

domain = ""

}

#converts $cred array to json to send to the SEPM

$auth = $cred | ConvertTo-Json

$Authent=Invoke-RestMethod -Uri https://mySEPM:8446/sepm/api/v1/identity/authenticate -Method Post -Body $auth -ContentType 'application/json'

$access_token = $Authent.Token

#Lists All groups

Invoke-RestMethod -Method Get -Uri https://mySEPM:8446/sepm/api/v1/groups -Headers @{Authorization='Bearer '+$access_token}

#Creates NewGroup

Invoke-RestMethod -Method Post -Uri https://mySEPM:8446/sepm/api/v1/groups -ContentType "application/json" -Headers @{Authorization='Bearer '+$access_token} -Body @{Groupid = "E7CE611599EF43D34050E441973EE6A7";Name = "NewGroup";Description = "NewGroup_description";inherits = "True"}

Method Get returns an array with properties of each groups (ID, name, description, ....)

I want to create a new group "NewGroup" under a group with ID "E7CE611599EF43D34050E441973EE6A7"

Method Post returns an error 500

Invoke-RestMethod : The remote server returned an error: (500) Internal Server Error.

+ Invoke-RestMethod -Method Post -Uri https://mySEPM:84 ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException

+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

I think there is an error in body section.

Someone knows the good syntax for this ?

Thank you in advance.

↧

Excel files reporting "someone else is working in file" when trying to save to network share

January 22, 2018, 8:13 am

≫ Next: Batch file to run stop and start smc service

≪ Previous: Invoke-RestMethod to interact with SEPM Groups

I need a solution

I've been encountering an issue with Windows 10 clients using Office 2016 Excel to open/edit/save Excel files to a network share.

We are running a mix of SEP 14.0.3752-14.0.3876 clients, managed by SEPM 14.0.3876. Our file server is Windows Server 2016. Our clients are Windows 10, builds 1607, 1703, and 1709.

What happens in that a user opens the Excel file, makes edits, goes to save, and gets an error that the file is being worked on by another user and cannot be saved (which is not the case). A ######.tmp files gets created on the share (which is normal when an Excel file is saved), but this file should disappear during a proper save. Instead, the ######.tmp file remains, so Excel thinks that the Excel file is in use and fails to save.

The real kicker here is that it happens randomly across various users having the issue, and from one day to the next, I might not see it on the same client working on Excel files on the same share. And I cannot duplicate the error when I try. It is maddening!

Why am I posting this in a Symantec Forum? Because I have tried various workarounds on the Windows side with no luck, but the constant in all this is that SEP is running on my Windows 10 clients (and Windows Server clients). I even removed SEP from the file server hosting the share, leaving only the Windows 10 clients running SEP, but I am still seeing the issue.

Any thoughts? Perhaps SEP is running some sort of scan that is causing the locking, but if that were the case, wouldn't I see this on all my clients accessing the multiple shares on my servers?

Unknown.png

↧

Batch file to run stop and start smc service

January 22, 2018, 2:06 pm

≫ Next: Ransomware Encryption - .arena Variant

≪ Previous: Excel files reporting "someone else is working in file" when trying to save to network share

I need a solution

Hi, I've written a batch file to stop the smc service, but each time I run it, there is a User Account Control pop-up that asks for permission to stop the service. Is there a way on my command line that I can prevent this pop-up from occurring? I want the procedure to be silent.

Thanks

↧

Ransomware Encryption - .arena Variant

January 22, 2018, 2:56 pm

≫ Next: Windows Cluster is blocking by SEP NTP

≪ Previous: Batch file to run stop and start smc service

I need a solution

Good afternoon forum.

To start with, this community forum has a tremendous amount of subforums. I read through every single one and choose this subforum for my question. If this was the wrong choice, let me know and I'll move this posting.

A couple of months ago I was infected by one of the .arena ransomware strains. It encrypted every file on my PC.

Specifically: myfilename.txt.id-00C77069.[whoareyou666@cock.li].arena 10/6/2017 11:52 AM

I actually had a popular malware product running on the system, but it didn't prevent it. I'm not here to lay blame on that product, but I'm wondering if Symantec has a pay-for solution to decrypt my files.

Thanks for any suggestions.

↧

Windows Cluster is blocking by SEP NTP

January 22, 2018, 10:31 pm

≫ Next: SEPM email alert with Office 365

≪ Previous: Ransomware Encryption - .arena Variant

I need a solution

We are having a Windows Cluster Environment with Two nodes connected. We have installed SEP 14 MP2 on both the servers on local drive and we have implemented the customized firewall policy based on our requirement.

Few days later we come to know that the standby node in the cluster got down. After a dig deeper we found that the SEP is causing this issue. When we disable the SEP by smc -stop the cluster is working fine.

To isolate this issue we have applied any any rule in Firewall Policy, it started working fine, but the customized policy contains the necessary ports for the Windows Cluster. Even though it is not working properly.

How we can proceed further to fix this issue?

Regards

Sathiyapprakaash, A.K

↧

SEPM email alert with Office 365

January 23, 2018, 1:52 am

≫ Next: How to view corrective actions log in SEPM

≪ Previous: Windows Cluster is blocking by SEP NTP

I need a solution

Does SEP 14 support email alert via office 365? If not, what are the option? Thanks

↧

How to view corrective actions log in SEPM

January 23, 2018, 2:36 am

≫ Next: Exchange OST to PST Converter

≪ Previous: SEPM email alert with Office 365

I need a solution

I test virus on windows 10 and I see this log in symantec agent, But I can't find log on Symantec Endpoint Protection Menagement.

How to view corrective actions log in Symantec Endpoint Protection Menagement?

↧

Exchange OST to PST Converter

January 23, 2018, 4:26 am

≫ Next: SEP Application and Device Control (sysfer.dll) blocking McAfee Validation Trust Protection (mfevtps.exe) service from running

≪ Previous: How to view corrective actions log in SEPM

I do not need a solution (just sharing information)

Download Free Exchange OST to PST Conversion Software and easily recover corrupted OST data and convert into Outlook PST format with all Emails, Send Items, Contacts, calendar, Notes, entries, and journals. It has complete solution to import OST files into PST with all emails item. It gives you authority to see preview of their recovered OST files before conversion and convert them into new readable PST files without facing any problems. If you want to restore recover OST file in to Exchange Server and office 365. Download free version software and connect the Exchange server Or Office 365. With the help of this software users can smartly recover their corrupt OST file and successfully convert OST data into PST formats with other format like MSG, EML, EMLX, MBOX, HTML, vCard, and vCal file.
It extremely split large PST file form small PST and provides free demo facility in which you can repair 30 emails per folder into each formats. It can easily convert your lost, damaged or corrupt OST files data such as inbox, outbox, sent items, draft and deleted items etc.
The program is compatible with all versions of MS Outlook 2016, 2013, 2010, 2007, 2003, 2002, 2000, 98 and 97 and 8, 7, Vista, XP, Windows 2000 ( 32bit/ 64bit )

Get More info: OST to PST || EDB to PST || NSF to PST

↧

SEP Application and Device Control (sysfer.dll) blocking McAfee Validation Trust Protection (mfevtps.exe) service from running

January 22, 2018, 7:16 pm

≫ Next: viirus and spyware protection and compliance not updating

≪ Previous: Exchange OST to PST Converter

I need a solution

Hi,

I'm using SEPM 14 MP2 and having issue in running McAfee Client Proxy (MCP) version 2.3.2.251 installed on Windows 10 (version 1703).

MCP services run fine when SEP is installed without Application and Device Control feature. I have seen some threads which mention that Symantec injects sysfer.dll into processes for ADC.

I have added following McAfee files and folders exception but it still doesn't help in starting McAfee Validation Trust Protection Service (mfevtps.exe).

However, if I add C:\Windows\System32 (not including subfolder) under Application Control exception then the services run fine.

How can I troubleshoot or narrow it down further to the file which is getting called by mfevtps.exe service and getting blocked?

Exceptions in place (includes subfolders):

C:\Program Files\Common Files\McAfee\
c:\program files\mcafee\
c:\program files (x86)\common files\mcafee\
c:\windows\system32\mfevtps.exe

↧

viirus and spyware protection and compliance not updating

January 22, 2018, 9:27 pm

≫ Next: Manually import client packages into Endpoint Protection Manager

≪ Previous: SEP Application and Device Control (sysfer.dll) blocking McAfee Validation Trust Protection (mfevtps.exe) service from running

I need a solution

Hi,

I have installed primary symantec server(Global) along with secondary site(Bangalore).Virus and spyware protection summary and compliance is not updating in the sepm.

Please help

Server configuration:2016 standard

SQL Server :2014

AV:12.1.6(12.1 TU6 MP6)

↧

Manually import client packages into Endpoint Protection Manager

January 23, 2018, 4:25 am

≫ Next: Build 3892 GUI Crash

≪ Previous: viirus and spyware protection and compliance not updating

I need a solution

Currently "12.1.7004.6500" version package available in my Client install Package on SEPM.

I want to add "12.1.7369.6900" version client package into my SEPM package manager.

I have downloaded latest client install patchec form (https://support.symantec.com/en_US/article.INFO466...) this link but unable to add using "A client install package" option.

Becuse on my serial only 14 version full package is available to download.

↧

Build 3892 GUI Crash

January 23, 2018, 8:11 am

≫ Next: Upgrade Backout Plan

≪ Previous: Manually import client packages into Endpoint Protection Manager

I need a solution

We installed build 3892 and getting reports from 2 users so far that upon reboot they are receiving an application error. smcgui.exe - application error. The instruction at 0x000000000003D9E0 refeenced memory at 0x0000000000039E0. The memory could not be written. Click on OK to terminate the program.

We have tried uninstalling/reinstalling and this error has persisted.

↧

Upgrade Backout Plan

January 23, 2018, 12:39 pm

≫ Next: Remote Push - Browse Network

≪ Previous: Build 3892 GUI Crash

I need a solution

Planning an upgrade to SEPM 14 from 12.1.x. What is the best method of rolling back to 12 should there be an issue. Can we rebuild the environment from Snapshots of the app servers and restoring the database to pre upgrade? Or is there a Symantec perscribed best practice for a rollback of SEPM

Thank you.

1516740660

↧

Remote Push - Browse Network

January 23, 2018, 3:04 pm

≫ Next: virus definition update for MAC SEP clients

≪ Previous: Upgrade Backout Plan

I need a solution

We have workstations on different VLANs and the browse feature does not apprear to use DNS or AD to search for available workstations. Is it really using broadcast? How do I get this to see other subnet VLAN? If I search by IP address, I just get host IPs back (no workstation names).

Please help.

Thanks,

Robert K

↧

virus definition update for MAC SEP clients

January 23, 2018, 3:57 pm

≫ Next: Migrated to 14, Win 8.1 & 10 Clients dont receive Defs

≪ Previous: Remote Push - Browse Network

I need a solution

We will use SEP 14. Just want to confirm that SEP Manager cannot be used to get MAC clients to receive new virus definitions. A LUA must be set up in our network to do so.

Can I use an internet LUA on Symantec side?

Thanks.

↧

Migrated to 14, Win 8.1 & 10 Clients dont receive Defs

January 23, 2018, 5:24 pm

≫ Next: Windows 10での、タスクバー上のアイコン表示

≪ Previous: virus definition update for MAC SEP clients

I need a solution

We were running version 12.1.6867.6400 on a Server 2008 R2 machine with no client connectivity issues. Deployed new physical server running Server 2012 R2 and installed 14.0.3876.1100, clients show up in the management console with a green dot on the machine. Allowed machines to auto download the latest package from the SEPM server. 90% updated to 14 but Win 8, 10, 2012 machines dont pick up new AV updates from SEPM. Weird issue is Windows 7 machines are able to recevie the AV definitions without a problem (including some at a remote site with a local GUP).

Troubleshooting:

SymDiag shows client definitions out of date. Using the Fix button, all tasks complete, except it never completes the AV update download from the management server.
Uninstalled/resinstalled
Sylink.xml update
Moved between groups
Ping and secars test are all good
Intelligent Updater will update the defs, but the machine never picks up new ones form the server
Manually removed all definitions on the client and still will not update
Removed and reinstalled LiveUpdate on the server
Added GUP to same subnet as SEPM server, but same result

Part of me believes this issue has to do with a MS patch casuing the issue. Any ideas?

↧

Windows 10での、タスクバー上のアイコン表示

January 23, 2018, 8:35 pm

≫ Next: SEP 12.1.6 MP9 upgrade from SEP 12.1.6 MP6

≪ Previous: Migrated to 14, Win 8.1 & 10 Clients dont receive Defs

I do not need a solution (just sharing information)

Windows 10　64ビットを利用しています。

タスクバー上で、アイコンが、右下にビックリマークがついた状態になるようになりました。

カーソルを合わせると、何かしらいくつかの問題が発生している状況に良くなり、
右クリックからコンソールを開くと、たしかに、何かしらのエラーが出ていることがあります。

ただ、翌日になると問題がなくなっている（アイコンのビックリマークがなくなっている）ことが
多いです。

他の社員の、Windows 7のパソコンでは、ほぼそのような現象は見られません。

自分が利用している、Windows 10のパソコンでは頻繁に起きているように思います。

解消方法はありますでしょうか。

EndpointProtectionのバージョンは、
　「14.0 MP1 ビルド2349（14.0.2349.0100）」
です。

よろしくお願いします。

〔追記〕
　　Windows Updateが来る前後に、このような状況になる可能性が高いように思います。

↧

SEP 12.1.6 MP9 upgrade from SEP 12.1.6 MP6

January 23, 2018, 11:52 pm

≫ Next: SEP query

≪ Previous: Windows 10での、タスクバー上のアイコン表示

I need a solution

Is it advisable to deploy 12.1.6 MP9 to an environment with 7000+ machines and has 12.1.6 MP6 installed?

what is the advantage and disadvantages?

Or should we directly go to SEP 14, within two months time?

Is it a normal upgrade? opr does the Schema of the database change like in 14 and creates lots of hump stones

↧

SEP query

January 24, 2018, 12:37 am

≫ Next: SEP on java

≪ Previous: SEP 12.1.6 MP9 upgrade from SEP 12.1.6 MP6

I need a solution

Hi All,

We have a use case in one of the Customer scenario where they have 50 plus sites & each sites having 700 plus clients. and neither of the sites connects to each other. What component can be used for reporting and policy in the cloud. so that they can move to one console for reporting and policy.

also wanted to understand what would be the required bandwidth at each site, and the size of the update.

Customer is been using SEP 14.1, and have WSUS server to push updates.

Can we use cloud console for SEPM ? Does it support multiple SEPM’S.

Or should give them IT Analytics and connect all SEPM. The issue with ITA is that they are on embedded database and I guess ITA works only if the SEPM dB is SQL.

Appreciate your comments.

Thanks

↧

Latest Images