Quantcast
Channel: Symantec Connect - Products - Discussions
Viewing all 12029 articles
Browse latest View live

IPS Signatures not updating - GUPs

April 24, 2018, 9:12 am
$
0
0
I need a solution

We recently spun up a third SEPM site, which will be used to migrate 2 separate sites we are currently managing.  When replication was setup between the 3 sites, IPS signatures failed to update on our GUPs.  

We have been updating IPS signatures manually with success.  Adding the JDB file is allowing the GUPs to grab it and clients update successfully.  We have a case open to work out whether replication may have broken the GUP's ability to pull the IPS sigs from SEPMs.

We have successfully used the JDB file for RU1 to update the GUPs, which are running MP2.  

We are mid-upgrade from MP2 (14.0.2415.0200) to RU1 MP1 (14.0.3897.1101), and the GUPs failed to be upgraded before our workstation clients.  Yesterday most of the GUPs were upgraded to RU1 MP1.

Today, we went to manually update the IPS signatures with the latest available, as is routine at this point,  and only the non-upgraded GUPs pulled that latest IPS sig.  The upgraded GUPs are still failing to update.  I understand that this is a mess on the upgrade front, but it doesn't make sense that the RU1 MP1 GUPs aren't updating signatures, while the non updated GUP clients are.  Clearly a compounded issue, but reaching out to see if there's something I might be missing.  

**GUP install package for the upgrade kept all GUPs in their respective groups, with the same policies applied.  No changes at all, except the client upgrade.

**All of our SEPMs were upgraded to RU1 MP1 prior to any client upgrades.

0
Search

Daily scan scans no files on some computers

April 24, 2018, 10:50 am
$
0
0
I need a solution

On some computers, the daily scan will scan everything including mounted network drives.  On other computers, absolutely nothing gets scanned by the daily scan.  This is according to the logs on the SEPM.  I have tried reinstalling SEP on these computers, but it doesn't help.  What could cause such an issue?

0

Cannot enable firewall policy?

April 24, 2018, 12:57 pm
$
0
0
I need a solution

When I try to enable a firewall policy on a container I get "The location is under Client Control. You cannot add a new firewall policy"

Anybody know how to get this to allow me to do a firewall policy?

Jason

0
1524600366

Firewall Status showing "Disabled by policy" but its enabled?

April 24, 2018, 1:15 pm
$
0
0
I need a solution

The container this client is under has a firewall policy in place. Also, the client itself has the SEP firewall turned on. Why would it continue to say "Disabled by policy?"

0

Migrate McAfee to Symantec

April 24, 2018, 1:37 pm
$
0
0
I need a solution

Hi Community,

Requesting assistance.

We acquire a company and the AV is McAfee what will be the approach for migration and deployment?

thank you.

0

SEP 14 via GPO

April 24, 2018, 8:58 pm
$
0
0
I need a solution

Is there a way to push SEP as a GPO and ensure it installs putting the computer in a proper container? I noticed you can create a .msi installer, but how do you control the sylink communciation setting of what container it gets put into?

Or is ther any other ways to force SEP installations?

0

SEPM central administration trough Replication

April 25, 2018, 8:19 am
$
0
0
I need a solution

Hello,

i have two dedicated SEPM (in different domains A/B) that have no connection to one another. Through Replication i want to consolidate the administration in a SEPM in a third Domain (C).

A<->C<->B

Domain C has network connection to the SEPM in domain A/B, but not the attached clients.

I have the following requirements

1. Administrate SEPM A/B and the attached Clients through SEPM C.

2. SEPM A/B should be independent from one another

In a test environment it looks this way.

-i can push client commands from SEPM C to clients attached on SEPM A, so i think the command is not directly send to the client, but through SEPM A.

-all groups/policies from SEPM A/B will be replicated to one another through SEPM C.

Question 1: Is this scenario viable? Any suggestions?

Question 2: Is it possible to manage Clients on SEPM A/B through SEPM C, even if SEPM C has no direct network connection to the clients?

Question 3: Is it possible to prevent policy/group replication between Site A/B through C?

Best regards

0

Unimplemented Trans2 Subcommand attack detected but not blocked. Application path: SYSTEM

April 25, 2018, 11:01 pm
$
0
0
I need a solution

Dear All,

Today we have received the IPS signature traffic [SID: 30239] Audit: Unimplemented Trans2 Subcommand attack detected but not blocked. Application path: SYSTEM. This traffiic is outbound traffic  intiated from the workstation towards the windows server 2003.

same alert has been triggered on two days back. We have isolated the machine from the network and install MS17-010 patch on that workstation. checked the symdiag logs no threat detection were found. But again same traffic was detected in our environment for same machine.

I am quite sure that the mentioned signature, by default is being allowed in our SEPM IPS policy. 

As per the below Symantec link. For the mentioned signature the severity level is low. But need to investigate why that workstation triggered this traffic. Totally confused. Can anyone help on the same.

https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=30239

Thanks in advance

0
Search

how to interpret Risk logs pulled form SEP Client

April 26, 2018, 5:02 am
$
0
0
I need a solution

HI,

i have pulled risk logs from SEP client of infected system to analyze them.

i need the help to understand how to intrepret cloumns in the logs.

Kindly help me to understand how to interpret below information.












ActionRisk TypeLogged ByOriginal LocationComputerUserStatusCurrent LocationPrimary ActionSecondary ActionAction DescriptionDate and Time
Cleaned by deletionHeuristic VirusAuto-Protect scanC:\(Folder)Endpoint HostnameUsernameDeletedDeletedClean security riskQuarantineThe file was deleted successfully.4/25/2018 1:39:32 PM
Cleaned by deletionHeuristic VirusAuto-Protect scanC:\(Folder)Endpoint HostnameUsernameDeletedDeletedClean security riskQuarantineThe file was deleted successfully.4/25/2018 1:42:55 PM
Cleaned by deletionHeuristic VirusAuto-Protect scanC:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\SRTSP\Quarantine\Endpoint HostnameSYSTEMDeletedDeletedClean security riskQuarantineThe file was deleted successfully.4/25/2018 1:41:17 PM
Cleaned by deletionHeuristic VirusAuto-Protect scanC:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\SRTSP\Quarantine\Endpoint HostnameSYSTEMDeletedDeletedClean security riskQuarantineThe file was deleted successfully.4/25/2018 1:44:39 PM
Cleaned by deletionHeuristic VirusAuto-Protect scanC:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\SRTSP\Quarantine\Endpoint HostnameSYSTEMDeletedDeletedClean security riskQuarantineThe file was deleted successfully.4/25/2018 1:46:10 PM
0

How to enable usb device on the user

April 26, 2018, 4:36 am
$
0
0
I need a solution

Hello,

I would like to block the pendrivers in the whole company, but excluding one group from AD.

Until now, I have deployed the package in computer policy mode.

Is it possible, does SEPM support such a solution?

pozdrawiam

Art

0

Is it ok to not reboot after install for an extended period?

April 26, 2018, 7:35 am
$
0
0
I need a solution

I have a few servers that I'd really like to upgrade from v12 - v14, but they won't be rebooted until sometime next month.  Is it ok to install v14 over v12 and leave the client in a "needs to reboot" state for a few weeks?

I've done that on a test server, and it seems as though v14 is working fine - getting new definitions, reporting to SEPM 14, etc.

Thanks!

0

SEPM 14 RU2 Install: Embedded Database Recommendations?

April 26, 2018, 8:41 am
$
0
0
I need a solution

Hello all,

We are in the process of standing up a new server that is going to act as our primary SEPM server for multiple sites. Our biggest issue is if we are going to be able to stick with the free embedded database, or if we are going to have to purchase SQL. I've been searching online for the past few hours and have been able to find any recommended suggestions for SEPM as to when you should use one database or the other. We've heard varying numbers of the recommended clients for the embedded database but can't find any confirmation.

Is there any documentation for the latest version of SEPM, that outlines how many clients the embedded database is good for, as well as instructions on moving to SQL down the road? Any guide that is current / updated that outlines why we should choose one or the other.

Thanks!

0

N-Able Discovery causes SEP clients to block connection to the server

April 26, 2018, 3:51 pm
$
0
0
I need a solution

N-able discovery process causes SEP to block connection to the server. We are taking on a new client that has SEP and cannot take a chance with causing the network to go down. I have talked with N-Able support and they are less than helpful. I also dont know exactly what it gets detected as either.

The Probe scans the defined network addresses using the following protocols:

Windows Management Instrumentation (WMI)
SNMP
NETBIOS and Active Directory Services Interface (ADSI)
ICMP (ping)

0

Unpacks install script then deletes everything except install script and containing folders

April 27, 2018, 5:23 am
$
0
0
I need a solution

(Windows Server 2003) I am currently installing Symantec Endpoint protection on a server bed.  I have installed the SEPM on the management server, then I installed SEP on the  two domain controllers.  When I try to install SEP on the SEPM server the in seems to unpack files as the progress bar fills in then once it seems to almost be done it starts deleteing the unpacked files except for some temp files and the install script and (besides the progress bar going back down to nothing then disappearing) does nothing else.  No start menu folders or icons are made and there is no program put into the control panel add/remove programs list.  When I reboot the temp files are gone and all that remains is the C:\Program files\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Scripts\installscript.sis file.  How can I remembdy this situation and get the Enpoint protection manager to install properly? This happens on all remaining memeber servers.

0

Using REST API for getting suspicious files from endpoints - need help

April 30, 2018, 1:31 am
$
0
0
I need a solution

Hi folks,

I was trying to implement this mechanism in my integration:
https://support.symantec.com/en_US/article.TECH239...
(Endpoint Protection 14 REST API support for deleting or fetching a file based on hash value)

Unfortunately got into dead end, maybe you can give a tip how to move further. Hers what I did:

I use postman for API tests. I'm able to authentincate /api/v1/identity/authenticate , I get a token back. Next step is to order SEPM to go to endpoing and grab the file using:

/api/v1/command-queue/files?file_path=c:\windows\notepad.exe&computer_ids=C[...CUT...]3&sha256=933E1778B2760B3A9194C2799D7B76052895959C3CAEDEFB4E9D764CBB6AD3B5 

all I get as a return is a command_ID. Great. After some time I can see that command was executed successfully in the SEMP console. Now I would like to download the file (eg. for further analysis), but according to article for that I need a file_ID - /api/v1/command-queue/file/{file_id}/content

The question is... where to get file_id?

Did anyone actually successfully implemented the mechanism from the article?

0
Search

This app can't run on this PC

April 30, 2018, 9:22 am
$
0
0
I need a solution

Hi!

We have Win 10 in all network computers with SEP 14.x and works perfectly but we got new PC's and now when I'm trying to install SEP 14.x on the new computers I got this error. (Screenshot attached for your reference). Thanks in advance for your support.

0

Where to get SEP 14.0 RU1 MP2 from?

May 1, 2018, 12:41 am
$
0
0
I do not need a solution (just sharing information)

I am installing the new Windows 10 Spring Creators Update/April 2018 and I would like to install the latest version of SEP.

We currently have 14.0 RU1 MP1 and I heard that the MP2 is fully compatible with Windows 10 1803...

I cannot see it in the admin console..this is what I get

Can someone please direct me as to where to get the installation files for the latest SEP?

Thank you in advance

 

0

Reinstall the SEP client on 500 computers remotely

May 1, 2018, 4:26 am
$
0
0
I need a solution

Hi guys, New to Symantec Endpoint Protection. Question ======= Is it possible to reinstall the SEP (12 or 14) client on multiple machines (500) at the same time without using powershell scripts or third party tools? Using only the endpoint protection manager. Endpoint machines are Windows 7 Enterprise. Do you have some recommendations and practical examples? Thank you.

0

Live Update Administrator failed to download definition SEP14.0 RU1

May 2, 2018, 5:25 pm
$
0
0
I need a solution

I have installed the last version LUA (Version: 2.3.6.47). Every day, the download definitions of SEP 14.1 fail. Finally, after many times to executed the schedule, it finish succesfully.

I have other schedule task (SEP 12.1.5) doesn't have problem when  it to donwload.

Do you have any idea about to solve the problem  about donwload when the definitions of "Symantec Advanced Endpoint Protection 14.0 RU1 English"

0

SEP Client 14.0.3897.1101 (14.0RU1 MP1) Stops When it finds new Virus

May 2, 2018, 9:51 pm
$
0
0
I need a solution

Hi 

SEP Client 14.0.3897.1101 (14.0RU1 MP1) Stops When it finds new Virus file not able to delete and stops, need to restart manaully , Also noticed when new deffnations arrives 

Thank you, 

0
Viewing all 12029 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>