Hi everyone,
I'm having a hard time finding out what SEP's HIPS does and why it's beneficial for a company with 10,000+ employees. I know what a HIPS is, but how does HIPS within SEP work and why is it useful for big organizations?
Thanks!
Hi,
So currently I have an Endpoint Protection Server Manager of version 12.1.6, and I have the Endpoint Protection Clients of version 14.0.1.
The question is, can my server manager support the clients of the newest version?
Appreciate any help given! Thank you!
Windows Server 2012 R2 Datacenter Enterprise 64
Backend SQL Database
I upgraded my servers to SEPM 14.1 and must use a .jdb file to upgrade the definitions because there is no internet access. The clients have not yet been upgraded so they are still running SEPM 12.1.6 ... they will be upgraded very soon.
The clients are updating via the .jdb but the Home page in the manager does not show the correct definiton date. The clients are updated to the correct definition date via the .jdb file.
The servers are set up as fail over servers and both show Virus Definitions Not Available.
Is there a different set of definitions I need to be downloading for SEPM 14 or a different directory where the .jdb should be copied?
Currently the .jdb is being copied to C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\data\inbox\content\incoming
Thanks for your help!
Hi,
Sorry but just to clarify, my company purchased Licenses for Symantec Endpoint Protection version 14.x,
However the clients just informed that they made a mistake and they require version 12.x
Are there any possiblity to get the archived version of Endpoint Protection?
Or do we need to get separate licensing for version 12.x?
Please advise and thank you!
Just upgraded our SEPM Server to 14 the other day. I tried using the auto-upgrade feature on a few clients. I did two the yesterday and they worked perfectly. I tired doing two of our servers today and nothing has worked. I tired rebooting a number of times hoping it would trigger the upgrade and nothing. Stumped on what I should try next. Thoughts?
I have an environment with 2 SEPMs with no internet connection.
To update the SEPMs we are using .JDB files. The SEPMs are accepting the SONAR and IPS .JDB files, however when the large AV definition .JDB file is dropped into the Incoming Directory a .err file is generated after about 15 minutes. The last time the AV Definitions were updated was in 2016. the IPS and SONAR are up to date.
On the SEPM Management console i can see logs reading "SEPM cound not Update rapid release content" and "Unexpected Server Error".
The only instance in the past where i have seen the Unexpected server error is where theres been an issue conecting to the backend SQL.
I have attemped uninstalling and reinstalling Liveupdate and restarting the server and restarting the services. This hasnt fixed the issue
Hello,
We recently upgrade our SEPM to version 14.0 RU1 MP2 Build 3929 (14.0.3929.1200). The 64-bit client was deploying for a few days already (without any problems) and this morning I added the 32-bit client package because we also have 32-bit Win7 installations. The moment the 32-bit install package was added to the clients group all the 64-bit client began to malfunction. All clients receive a message from windows notification center that the windows firewall was disabled and Symantec endpoint protection is disabled. SEP keeps trying to reïnstall itself but it keeps failling untill we remove the 32-bit install package from the group.
In the windows eventlog we see messages like:
SONAR has generated an error: code0:description: Definition Failure
Internal MSI error. Installer terminated prematurely
We can reproduced this issue by making a new group, then adding the 64-bit install package and then adding the 32-bit install package.
Any ideas?
Thx
Tom
Hi Team,
We have SEPM version 14. We have found symantec has detecting files "io.sys and msdos.sys" as WS.Reputation.1 same has been qurantined and deleted by SEPM. but still we are see those file in system but size is 0 kb.
Also we have observed those files(io.sys and msdos.sys) are created by process"ntvdm.exe". and this file belong to mircosoft and genuine process
| Date | size | File |
| 03/14/2018 07:34 AM GMT | 0 | IO.SYS |
| 03/14/2018 07:34 AM GMT | 0 | MSDOS.SYS |
Symantec Logs:
| Filename | Risk | Original Location | Computer | Current Location | Primary Action | Secondary Action | Action Description | Date and Time |
| msdos.sys | WS.Reputation.1 | c:\ | D00070-0061 | Quarantine | Restart Required - Quarantine | Restart Required - Delete | Restart Required - The file was quarantined successfully. | 12/4/2018 10:19 |
| io.sys | WS.Reputation.1 | c:\ | D00070-0061 | Quarantine | Restart Required - Quarantine | Restart Required - Delete | Restart Required - The file was quarantined successfully. | 12/4/2018 10:18 |
| msdos.sys | WS.Reputation.1 | c:\ | D00070-0061 | Quarantine | Quarantine | Delete | Performed Post-Reboot Risk Processing. | 12/4/2018 9:54 |
| msdos.sys | WS.Reputation.1 | c:\ | D00070-0061 | Quarantine | Quarantine | Delete | Performed Post-Reboot Risk Processing. | 12/4/2018 9:54 |
Hash value of files io.sys and msdos.sys : E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
Files path: C:/ io.sys and C:/ msdos.sys
Please confirme what basis symantec has detecting those files io.sys and msdos.sys as WS.Reputation.1. and let us know the reason?
Hi i find soloution how can move all active clients from one old server (SEPM 12.1.6) to other SEPM server (14.0.1). I try all available soloution for my issue: SEPM server has a same IP and different hostanme. 1) tryed use Sylinkreplacer - doesnt work :( 2) tryed scenar for add new management server to list i policy components - still old clients connected to old server. 3) i tryed use command file when i try uploud new sylink.xml - doesnt work. Can somebody help me? Thanks.
I'm looking for any log filter reference guide for External Logging for Local Site. Looking at configuring this but first I need to fully understand what information/log is provided under each Log type.
Attached is screenshot from configuration window.
Any advice or guidance would be greatly appreciated!
Thanks,
Janis
Check with you guys, any idea how to drill down further on above subject?
In Risk/NTP we would able to see remote or attacker IP
I know memory attack is much more different than others...just wondering if I can get more information on this topic
Hi,
Can anyone help me out to see if SEP conflicts with Chrome Cleanup engine which detects and removes unwanted software from hosts. This tool is not a general-purpose AV which only detects the software. However, there is a “Clean up Computer” setting which user can click to scan the computer for harmful software. Please advise.
Hi There,
I'm unable to deploy SEP client on a new Windows 10 Surface Pro using remote push from the SEP Manager.
SEPM version : - version 14 (14 MP2) build 2415 (14.0.2415.0200)
SEP client version : - version 14.0.2415.0200
Windows version : - Windows 10 Pro Version 1709 (OS build 16299.371)
I installed windows 10 on to the Surface Pro using image(which contain SEP client) that I created using Sysprep.
Later, I ran windows updates and it updated itself to the windows Fall Creators Update(1709). To do this update Windows uninstalled the SEP client and now when I am trying to install it back it is not doing anything.
On SEPM deployment screen it is saying that the client have been successfully installed but on the actual machine I cant see any SEP client running.
I have tried restarting the surface pro multiple times. I've also run Clean wipe to make sure that SEP client have been properly removed and then tried to re-deploy again - but still its not getting installed.
And when I'm trying to deploy using "Save Package" instead of Remote Push - its saying "Symantec Enpoint Protection doesn't work on this version of windows. An updated app may be available"
Can somone please let me know, what am I missing or how can I deploy the SEP client from the SEPManager.
Cheers,
Inder
Hello,
We are having windows 7 OS in our Environment. From last two days we are getting virus alert Trojan.Gen.2 and Trojan.Gen.NPE with file name "tpmagentservice.dll" and "MsraReportDataCache32.tlb". This alret coming repeatedly. SEP detects and Cleaned the virus and asked to reboot the system. But, this virus alert coming ever after reboot.
Please do the needful to fix this issue.
Please see the attachment.
Hi Guys,
I came across the following article at https://support.symantec.com/en_US/article.TECH195705.html which talks about using the Push Deployment Wizard to remotely push SEP agents to machines. I noticed that ClientRemote.exe takes some command line arguments and I was wondering if it's possible to deploy SEP agents via the CLI using this tool. Does anyone know if this is possible? I haven't yet been able to find any relevant documentation.
Thanks!
Matt
Hi all, do the dark network clients use live update to update defs when off the domain? Basically, our clients update through the SEP Manager when on the network and use live update when offsite. Not sure which client type to use. Thanks.
Hi Folks,
I need some help with GUP sizng and deployment consideartion. There are around 10K endpoint spread across 380 sites in various locations of australia(QLD,NSW,WA,ACT)
1. Is there any guide that covers the criteria to deploy a gup?(for eg. if the client counts increase 50 add gup server etc.)
2. Bandwith requirement and throtlling for gup servers in remote sites connecting via MPLS.
3. Can multiple gups server clients entertain clients from different subnets or I've to sepcficially map the subnets to talk to gup in different subnets
4. Can I use combination of Single gup for sites with good bandwidth and multiple gups for sites with low bandwidth?
The bandwith in some sites are netween 1mbps to 512 kbps.
How many gups would be sufficient for 10k clients.
Is there any formula or cacluation available?
I've checked that gups server can handle upto 10k client. I need to know the approach if I should use two local gups in each datacentre or remote sites with low bandwidth should have multiple gups.
I need some stats around that. I would really appreciate the approach of GUP deployment consideration as I've check the documentation and I'm uable to find some concrete info.
I've checked the below links already
https://support.symantec.com/en_US/article.TECH938...
https://www.symantec.com/connect/blogs/best-practi...
Any quick reposne will be much appreciated!
Hello. I've set up a fresh install of SEPM 14 RU1 MP1 on a new server, and I'd like to upgrade my clients on the old 12 server to 14 with only 1 reboot if possible.
I've tried on multiple occasions to do a remote push of v14 to a server with v12, but after reboot the client is still v12.
Any ideas?
Thanks!
We are seeing a new ASRunningStatus value 2 and what does this mean?
Does anything with SEPM need to be changed when changing the domain on embeded SQL Server. If yes where we need to check and correct in SEPM Configuration.