I need a solution
Dear All,
Can any one explain me the difference between Symantec 12.0 vs 14.0 and also tell me what are the added features in 14.0.
Regards,
ABUL
0
↧
What is the difference between SEP 12.0 vs 14.0?
↧
File Not Found error happens when downloading an AntiVirus Definitions from liveupdate.symantec.com
I need a solution
Hi Symantec LiveUpdate team,
A file not found error happened when the SPE Virus Definitions auto upgrade job downloading Norton AntiVirus Definitions package.
I'm not sure what's happening, there was the pachage in upgrade list but failed to download it, and 2 hours later the auto upgrade was back to normal and downloaded the package successfully.
Please help to do some research on it, please comment freely if more information is needed.
Thanks
Kevin
Version: SPE 7.8 AV Definitions for x86_64-linux
Time: 2018/04/05 00:42:41 (UTC -0700)
00:42:41.667356 [Check for Updates - START]
00:42:41.713033 Result Code: 0x00010000
00:42:41.713077 Result Message: OK
00:42:41.713136 Component Status Changes:
00:42:41.713180 None
00:42:41.713211 [Component - START]
00:42:41.713245 Component ID: {BAE8FC84-53DC-11E1-8A6B-005056A9534A}
00:42:41.713275 Available Updates: 1
00:42:41.713305 [Package - START]
00:42:41.713341 Item: Virus Definitions
00:42:41.713372 Description: Norton AntiVirus Definitions
00:42:41.713401 File: 1522909520jtun_dsslinen180404023.m35
00:42:41.713430 Reboot Flag: false
00:42:41.713462 Sequence Name: CurDefs
00:42:41.713492 Sequence Number: 180404036
00:42:41.713520 [Package - END]
00:42:41.713549 [Component - END]
00:42:41.713595 [Check for Updates - END]
00:42:41.713657 [Package Download - START]
00:42:41.713697 Component: {BAE8FC84-53DC-11E1-8A6B-005056A9534A}
00:42:41.713728 File: 1522909520jtun_dsslinen180404023.m35
00:42:41.790871 Result Code: 0x80010732
00:42:41.790913 Result Message: FAIL - file not found
00:42:41.790943 [Package Download - END]
0
↧
↧
How to disable the little yellow network attack popup notifications?
I need a solution
We had seen them occasionally in the past. Having something attack isn't a huge surprise. (And we hadn't located the logs in SEPM. Those logs are really buried...)
Currently my area is "under attack." Symantec is fending them off. In the SEPM network attack logs we can see them and there are a lot more over the last few weeks. We're working with other IT security people. The infected machines are outside my area though, outside my control. I just have to put up with someone else's apparently infected machines trying attack mine.
Those little yellow popups though... How we disable those from popping up? It looks like 3-4 times per day something is sweeping through ip addresses. If you're using your computer when it gets attacked, Symantec puts up the little yellow notification. That is actually what caught our attention at first. Everyone started mentioning that they kept seeing those pop up. But now we're aware of it.
How do we disable those popups, especially for a regular user? I don't mind getting reminded that the network attack issue is happening myself. Users don't need to see the popups frequently though.
Is there a policy I can tweak and push out in SEPM to stop those from popping up, as opposed to visiting every machine to tweak a setting?
0
↧
SEP 14
I need a solution
Hello Experts,
Need your expertise currently we have 3nos standalone SEPM running on each location having embedded database in it. we want to implement replication faliover for those SEPM server. can anyone has any experience kindly comment. also share the document articels for the same.
0
↧
Pop up (Windows 10) - WSCSavNotifier.exe
I need a solution
Hi all
I would like to to is someone is experiencing this problem
Some users are recieiving a prompt from the Windows Action Center stating
"Do you want to run this app? You should only run apps that come from publishers you trust"
WSCSavNotifier.exe is digitally signed by Symantec and is safe to run. If it is ignored or canceled the prompt, the SEP client will still attempt to automatically update its content in the background.
Click "Yes, I trust the publisher and want to run this app" to allow the SEP client to perform its remediation action
It seems that if the user does not click "yes" , the file will not automatically signed by Symantec. Someone with the same problem?
thanks
0
↧
↧
How do I get a full week's worth of network attack report information?
I need a solution
I'm only getting the last 24 hours now, the hour before the report comes out.
From SEPM...
Reports, Scheduled Reports tab, network and host mitigation--Attacks.
Popup window...
It's enabled.
Network and Host Exploit Mitigation Report
Full Report
Default
Run every 1 week
Start after Date from weeks ago 10am
send report to sys admin
So I'm getting yesterday at 10am up to today at 10am. What I want is a full week in the report, maybe last Friday 10am up to this Friday 9:59:59am, or just days of the week, 12am-11:59:59pm, any seven days of the week would be fine.
Is there a way to set the time period for report information like that or is it always/stuck at 24 hours all the time? I think I could switch it and get daily full reports, but I don't want to see these every day. Once a week is good.
0
↧
Unmanaged SEP 14.0.1 MP2 on 2016
I need a solution
I have a fresh install of Windows Server 2016 Standard where loading the latest SEP 14.0.1 MP2 as an "unmanaged" client isn't downloading the virus definitions for some reason. I've tried repairing, uninstalling/reinstalling but the result is the same where you get that generic message that the client isn't protected until it gets virus defs. Even bypassed our proxy server and got the same result. Note that I always run a checksum against the SEP download from FileConnect.
In contrast, I can load an unmanaged SEP 12 just fine on this 2016 server. For SEP 14's install, noticed that the ending LiveUpdate process finishes too quickly without any errors (didn't take a screenshot but thought the virus def d/l showed something like "...SDS Reduced" where I opted for the regular client during install) whereas with SEP 12, it's "processing" the downloads for a while. I've re-downloaded the SEP 14 package from FileConnect and will try again although checksum matched and file size is identical to what I had.
Anyone else with "Windows 2016" servers who want to run the "unmanaged" SEP 14 (latest version as of today) encountering this same issue?
0
↧
Symantec Endpoint Proteciton 16 -support Itanium-based
I need a solution
Hi
Please confirm Symantec Endpoint Protection 16 or any other version support's Itanium-based processor ? One of client has multiple number of Host and are looking for Solution .
your input will be highly appropriated .
Thanks
0
↧
Unable to update SEP Client 12 in Windows 10 pro (1703)
I need a solution
Hi guys, I wonder if you could help me, currentlty I have on my PC, Window 10 Pro 64bit V. 1703 , SEP client Version 12.1.6 (12.1 RU6 MP5) build 7004 (7004.6500) I have downloaded the ZIP package to upgrade the SEP client, file name: Sep64_7004To7445_clientDAXMSI.EXE, but when I try to run it (as administrator) I get a dialog that says: "SEP Doesn't work on tis version of windows, you need an updated version" ...WTF? I already have it running on my PC, that message makes o sense? I have also tried to upgrade to MP7 first, but I get the same message.
Have you got any idea what may the problem be?
thanks.
0
↧
↧
SEP logs showing ICMP [type=3, code=3] being blocked
I need a solution
Hi,
I have ICMP [type=3, code=3] being blocked:
Source x.y.128.124 [netmask is x.y.255.255.255.224]
Destination is x.y.246.161
====
Source is a Windows 2012R2 host with a route table entry:
Network Desitnation/Netmask/Gateway/Interface/Metric
0.0.0.0/0.0.0.0/x.y.128.97/x.y.128.124/261
====
Destination is a "back box" device Linux based with no user sign-on
I have allowed ping ICMP[type=2] between x.y.128.124->x.y.246.161
x & y represent the same IP "octet". The gateway for source is correct for our network.
Source and Destination are on different VLANs.
==> Can someone please suggest why ICMP [type=3, code=3] being blocked?
A google search shows that ICMP [type=3, code=3] is usually caused by a "network unreacheable" error.
However this article:
https://www.wilderssecurity.com/threads/type-3-cod...
could be caused by an IGMP error when trying to get route information
==> Any thoughts on this problem?
0
↧
SEPM - http vs https
I need a solution
Hello,
I'm planning to replace self-sign certificate with CA cert and according to these steps https://support.symantec.com/en_US/article.HOWTO81059.html I need to switch communication over HTTP 8014. What if my servers don't have network traffic open via 8014 port towards SEPM but only 443? Is it possible to setup HTTP over 443 and HTTPS on 9443 for example? Should be possible since we can specify custom ports in httpd.conf and sslForClients.conf.
Any clue?
Greets.
0
↧
Enable HIDS on SEPM 12.1.6
I need a solution
Hello,
Currently using SEPM 12.1.6 MP9
Enviornment : Windows
I have a requirement to install Host Intrusion Detection System(HIDS) on the windows servers. How and where do I enable this features in SEPM ? I also need a document referring to enabling HIDS if Symantec has one.
Thanks,
0
↧
IPS for Email Header
I do not need a solution (just sharing information)
Hello,
Is it at all possible to create IPS rules that can block emails with a particular header? In some cases we use IPS to sucessfully block access to some websites, so was hoping there was a way to do the same thing, but with Email headers.
Basically, we're having trouble with our mail gateway filtering spam correctly, so while this is being resolved, we're looking for a quick solution to block emails from particular domains (Or even subject lines) in the meantime.
0
↧
↧
Upgrading SEPM to 14RU1MP2 - will clients running 14.0 MP2 be managed correctly
I need a solution
Hi all,
Just about to do an upgrade of a SEPM from 14.0 MP2 (all clients also running this version) to SEP 14 RU1 MP2.
Can Symantec confirm that the clients on the lower version will and can be managed correctly with the newest version of the SEP running on the SEPM?
Thanks in advance.
0
↧
Alerting_The_User_When_LiveUpdate_Failed
I need a solution
Hi guys,
Question
+++++++
Need a way to inform/alert the user when LiveUpdate failed, cannot update the virus definitions.
Is there any way to do it? Can be powershell, the endpoint protection manager.
Searched Symantec website forum, search engines but there is no answer.
Thanks.
0
↧
Does HIPS have protection for CVE-2018-8174, and what is the best place to answer this type of question?
I need a solution
Hi there,
Does SEP's HIPS engine have detection for this threat -
https://portal.msrc.microsoft.com/en-us/security-g...
Also, is there an internal reference site I can visit to look up specific attacks/vulns to see a) if SEP thwarts it and b) what HIPS (or other) definition versions are required?
0
↧
Virus def for BlackHeart Ransomware
I need a solution
Hi Team,
just wanted to know which virus defs covers BlackHeart Ransomware. On Virustotal.com
symantec deteced as trojan.gen.2.
Kindly let me know which virus defs covers BlackHeart Ransomware.
0
↧
↧
Issues Upgrading Client to 14 RU1 MP2
I need a solution
Hi everyone
We recently had to update our Symantec Endpoint to 14 RU1 MP2 (14.3929.1200) up from 14 MP1 (14.0.2415.0200) to allow for support to upgrade from Windows 10 1703 to 1709.
We are doing the upgrade through SCCM and the install seemed to go through fine until we did the first round of Win 10 1709 updates. After a bit of investigation I found some machines were successfully updating to the new client version but were leaving remnants in the Program Files (x86)\Symantec\Symantec EndPoint Protection of the old version of Endpoint. For example the machines would have both the 14.0.2415.0200.105 and 14.0.3929.1200.105 folders in the install directory along with the full contents of this folder. The version of the SMC.exe in the main directory had successfully updated.
Has anyone else come across this issue and managed to do a clean uninstall, or know why only certain machines have this behaviour?
0
↧
Upgrade multiple clients with different sep versions
I need a solution
Hi,
Our envoirenment has a mix of SEP 14 and 12 clients. I've set the auto deployment to deploy 14.0.3929.1200 to all clients in all groups, but some of the older clients are still on 12 and cannot update due to their OS restrictions, so I need to deploy the latest 12 version too (12.1.7445.7000) to update them.
As I already have 14.0.3929.1200 deployed to all groups, if I deploy 12.1.7445.7000 aswell to the same groups, will this 12.1.7445.7000 version only install on the systems that need it (SEP 12 versions, system that dont support SEP 14), and it won't downgrade 14.0.3929.1200 clients to 12.1.7445.7000?
Does SEPM 14 have any intelegence in the background to update the cleints to the latest supported cleint version automatically that has been deployed or will it keep changing the cleint versions back and forth?
Thanks!
arden
0
↧
Venerability Alerts
I need a solution
Good morning, Does anyone know if theres a way to sighn up if Symantec Endpoint Protection and LUA products have an venerability? an alert via email or a site that I can visit. Same as Microsoft offers.
0
↧