LUA: Change the storage location of default production storage center

April 5, 2018, 7:27 am

≫ Next: Virtual Server Snap-shot backups Failing (NetBackup) with many SEP errors in logs

≪ Previous: CVE-2018-0986 Coverage

$

0

0

I do not need a solution (just sharing information)

Hello all,

I've been having ongoing issues with LiveUpdate Administrator on our server. Downloads and Distributions will continually fail. It also appears that the Production Default Distribution Center is using space on C drive that I would like to move. Is there any way that I can change where the clu-prod directory is located, without having to change the 5 servers that are communicating with LUA? We have specific firewall rules tha tallow them to come in on port 7070 so I would like to continue using that.

Thanks!

0

---

Virtual Server Snap-shot backups Failing (NetBackup) with many SEP errors in logs

April 5, 2018, 10:12 am

≫ Next: Expiring PGP keys

≪ Previous: LUA: Change the storage location of default production storage center

$

0

0

I need a solution

My Company has been experiencing randomized backup "snap-shot" failures and the System Logs have many errors like below:

We had the same issue a while back and it required a reboot to correct the snapshots (quiesce) issue.

Errors:

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SepMasterService service.

Is this an issue related to Symantec Enpoint Protection, or possibly the Backup Solution?  I am trying to rule out the Ant-Virus as a cause.

 - If I need to open a Support Case, I will.

0

Expiring PGP keys

April 5, 2018, 11:09 am

≫ Next: SEP Traffic has been blocked from this application: MS Link-Layer Discovery Protocol Driver (mslldp.sys)

≪ Previous: Virtual Server Snap-shot backups Failing (NetBackup) with many SEP errors in logs

$

0

0

I need a solution

We have PGP endpoint encryption and our client has asked us to use an expiring key.  I was able to do this, but now they want to know if the key will simply stop working when the year is up on their end or if they will be able to continue to use it and it will expire on our end and we will not be able to open the files.

0

SEP Traffic has been blocked from this application: MS Link-Layer Discovery Protocol Driver (mslldp.sys)

April 5, 2018, 2:32 pm

≫ Next: How to read other language?

≪ Previous: Expiring PGP keys

$

0

0

I need a solution

I keep getting a windows notification that "Traffic has been blocked from this application: MS Link-Layer Discovery Protocol Driver (mslldp.sys)."

I have a user-defined exception for C:\Windows\System32\drivers\mslldp.sys, but that hasn't done anything.  Presumably because its a scan exception and this is triggering on an execution.  Weird thing is I can't find the activity in the Network and Host log or the Proactive Threat log.  Or anywhere.  It keeps sending notifications, every few minutes, but clicking the notification does nothing, and I can't find the activity in the log to figure out which part of the engine is causing the alert.  

How do I make it stop?  And why does Microsuck need LLDP anyway?  Its not like they have to make a POE or Voice VLAN decision.  Intrusive proprietary garbage.  

14.0MP2 build 2415 on Windows 10 1709

0

How to read other language?

April 5, 2018, 8:08 pm

≫ Next: McAfee Agent handler equivalent

≪ Previous: SEP Traffic has been blocked from this application: MS Link-Layer Discovery Protocol Driver (mslldp.sys)

$

0

0

I need a solution

I am facing issue that my SEP client can not read logs in other languages 

i have folders in my computer and there folders having names in other languages not in english and in computer its showing fine everything is working perfect but when i check the logs its showing ?

How to add others languages in SEP to read logs

0

McAfee Agent handler equivalent

April 6, 2018, 2:04 am

≫ Next: artifact of a threat

≪ Previous: How to read other language?

$

0

0

I need a solution

Hi,

Previously a McAfee admin and now leaning toward to Symantec.

Question:

What is the equivalent of McAfee agent handler in SEPM environment?

On my previous work, our McAfee Agent handler (DMZ)  managed our roaming users for policies and content update and the McAfee ePO as the sole central management console and served the internal users (LAN).

With my current company, not sure how to go with the same approach with SEPM?

0

artifact of a threat

April 6, 2018, 5:52 am

≫ Next: How to exclude folders from Endpoint for specific group

≪ Previous: McAfee Agent handler equivalent

$

0

0

I need a solution

Hello,

I have a warning from a higher organization about the distribution of letters with a threat in the attachment.

There is a distribution of malicious e-mails with a disguised link to download the JAR file from the cloud service DROPBOX.
Malware refers to RAT Adwind.
Download     hxxps: // www [.] dropbox.com/s/z6offdjjzr5mn4y/FULL%20ORIGINAL%20DOCUMENTS%202FC1.jar?dl=1
File               FULL ORIGINAL DOCUMENTS 2FC1.jar
Themes of the letters      Re: import wholsale

Details of the attachment on https://www.hybrid-analysis.com/sample/ae745fea5d6f51bd4ab5a913fe4fa08933bd78e9d04b5f2ce1e65cfe1b7f9c5c/5ac71a7f7ca3e1020e7b58b8

FULL ORIGINAL DOCUMENTS 2FC1.jar

Labeled as: Trojan.Java

Report generated by Falcon Sandbox v8.00 © Hybrid Analysis

I sent the file with a threat to the Symantec(Tracking #42360883). But I was told that this is an artifact. "FULL ORIGINAL DOCUMENTS 2FC1.jar is not malicious itself, but may be an artifact of a threat."
How can I be sure that Symantec detects a threat when employees will receive such a letter?

0

How to exclude folders from Endpoint for specific group

April 6, 2018, 9:11 am

≫ Next: Message 705 - Live Update Administrator

≪ Previous: artifact of a threat

$

0

0

I need a solution

Hi 

Is it possible to exclude folders from Endpoint, i have different client groups, i am planning to remote push new package but i want to exclude some folders is there a way i can create a policy package to do that for a specific group. 

Thanks 

0

---

Message 705 - Live Update Administrator

April 6, 2018, 11:02 am

≫ Next: How do I install SEP on Linux?

≪ Previous: How to exclude folders from Endpoint for specific group

$

0

0

I need a solution

Hello everyone,

Over the past few days I notice that our Live Update Administrator has failed to download definitions scheduled, a certain point and it accuses error and I did not make any changes to the default settings

Message: Download request 705 started by administrator has failed.

0

• LUA.jpg

How do I install SEP on Linux?

April 6, 2018, 11:19 am

≫ Next: Upgrading from v12 to v14 - support whilst pending restart

≪ Previous: Message 705 - Live Update Administrator

$

0

0

I need a solution

Ubuntu 14.02.   Yep, I'm a noob for Linux.

I've got the install package export on SEPM.  I copied that to the Ubuntu desktop.

I tried this.

chmod 755 install.sh      (no isssues)

sudo sh install.sh      

I get this...

install.sh: 4: install.sh: Bad substitution

Also tried..

https://support.symantec.com/en_US/article.HOWTO10...

(Also brought the .zip file, unzipped it, ran this, no change.)

chmod u+x install.sh

sudo ./install.sh -i

I think that errored out.  And then it saysfolder exists already, nothing written because folder written already....

I'm restarting.  It's updated with apt-get update and upgrade already.

0

Upgrading from v12 to v14 - support whilst pending restart

April 8, 2018, 8:24 pm

≫ Next: symantec DB is down

≪ Previous: How do I install SEP on Linux?

$

0

0

I need a solution

Hi all - when upgrading workstations and servers, they are put into pending restart state after.

While the servers and workstations are pending restarts to complete the update to the new version, does SEP still work in this state? Or must we restart before SEP protects the machine.

Cheers

0

symantec DB is down

April 9, 2018, 12:43 am

≫ Next: Generating a more recent Recovery File

≪ Previous: Upgrading from v12 to v14 - support whilst pending restart

$

0

0

I need a solution

hello,

the DB is down. i can't access to SEPM console. i think the problem is started during the last automatic db backup. any idea ?

sepm 14 RU1 MP1. disk server has 70Gb free space.

0

Generating a more recent Recovery File

April 9, 2018, 6:38 am

≫ Next: Deception Feature with SEP 14 RU1 who is using

≪ Previous: symantec DB is down

$

0

0

I need a solution

Hello,

We are planning an upgrade of SEPM from 12.X to 14.X I have seen all of the articles outling what you need to do and I have found all of the files I am looking for. The only one I am having trouble with is the Recovery File. I can locate it without any problems, but all of the files themselves are from 2016. Being 2 years old is hardly new and I am hoping that someone could tell me a simple way of generating a new one. I have seen a couple of different methods from older threads but none of them were very clear, I am just looking for the simplest least intrusive method of generating a new recovery file.

Thanks!

0

Deception Feature with SEP 14 RU1 who is using

April 9, 2018, 10:19 am

≫ Next: SEPM report for finding which user disabled AV

≪ Previous: Generating a more recent Recovery File

$

0

0

I need a solution

Who is using deception and how are you testing the setup.

 I have in installed in development and would like to test.

Thanks

0

SEPM report for finding which user disabled AV

April 9, 2018, 9:42 pm

≫ Next: Duplicate computer names with different hardware IDs.

≪ Previous: Deception Feature with SEP 14 RU1 who is using

$

0

0

I need a solution

is it possible to get a report showing which user disabled AV on a machine?

tried to google it but didnt find much :S

0

---

Duplicate computer names with different hardware IDs.

April 10, 2018, 1:29 am

≫ Next: Performance investigation

≪ Previous: SEPM report for finding which user disabled AV

$

0

0

I need a solution

unexpectedly client began to be duplicated in the console with the same name but different hardware ID

Someone with the same issue?

0

Performance investigation

April 10, 2018, 6:15 am

≫ Next: Invoke-RestMethod to interact with SEPM Groups

≪ Previous: Duplicate computer names with different hardware IDs.

$

0

0

I need a solution

Hi,

A newbiew question: What possibilities I do have to prove others that SEP is not the reason for the slow performance on the workstations/servers? I know there are exception rules for the files and processes. But if, some of the key director/processor has been forgot to be added on the exception list, how I could identify that is causing a problem? Is there a tool to identify that SEP is staying as gatekeeper for the regular processes?

Correct if I'm wrong, but when the process start, that is the only moment when the SEP could take care of the process, as that is the moment when it is read from the disk. Or, if I select one process into exception list, is it so that ALL of the actionos that processs does are excluded from the SEP?

Is it even a good idea to exclude e.g. word from the SEP?

So basically, I'm just hunting the some evidences that SEP is not reason for the performance issues on the workstation, and best practises for the exclusion management on the workstations.

0

Invoke-RestMethod to interact with SEPM Groups

April 10, 2018, 6:34 am

≫ Next: XP Machines not communicating to Symantec

≪ Previous: Performance investigation

$

0

0

I need a solution

Hello there,

I'm stuck at some point with a powershell script. I'm trying to create a group via rest-API but I don't know what is my mistake with that, I followed the RESTFUL manual and still getting http ERROR 400.

[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $True }
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;
 
$cred= @{
    username = "MYUSER"
    password = "MYPASSWORD"
    domain = ""
}

#converts $cred array to json to send to the SEPM
$auth = $cred | ConvertTo-Json
$Authent = Invoke-RestMethod -Uri "https://MYSERVER:8446/sepm/api/v1/identity/authenticate" -Method Post -Body $auth -ContentType 'application/json'
$access_token = $Authent.Token

$body = @{
    Name = "Testname"
}

$bodyJSON = $body | ConvertTo-Json

Invoke-RestMethod -Uri "https://MYSERVER:8446/sepm/api/v1/groups/2AD25F420AC54C82012E3FFA097A5EA7" -Headers @{Authorization="Bearer $access_token"} -Method Post -Body $bodyJSON -ContentType 'application/json'

0

XP Machines not communicating to Symantec

April 10, 2018, 6:39 am

≫ Next: SEPM unmanaged with no SEPM server

≪ Previous: Invoke-RestMethod to interact with SEPM Groups

$

0

0

I need a solution

After instaling latest version in XP machines also stil agent not communicating to server it is shwoing offline

0

SEPM unmanaged with no SEPM server

April 11, 2018, 3:49 am

≫ Next: What exactly does SEP's HIPS do?

≪ Previous: XP Machines not communicating to Symantec

$

0

0

I need a solution

Dear All,

just wondering how to create unmanged package for standalone installation with no SEPM configuraiton for small no of deployements. cust dont have inventory to provision for server. Hence any comment would be helpful.

0