Hi, we are deploying SEP Cloud to a new environment and ideally want our monitoring tool to capture events such as virus detection or out of date definitions. Can anyone advise whether the application writes to any event log we can monitor? I have triggered a virus detection using a test file but cannot see anything obvious in the application or system log. Thanks in advance
I keep getting a windows notification that "Traffic has been blocked from this application: MS Link-Layer Discovery Protocol Driver (mslldp.sys)."
I have a user-defined exception for C:\Windows\System32\drivers\mslldp.sys, but that hasn't done anything.
I followed http://www.symantec.com/docs/TECH203497, and even with the "Allow All" rule at the top, I get the notification.
What's the next step to isolate?
14.0MP2 build 2415 on Windows 10 1709
Hi Guys,
What is best practice on setting up client groups in SEPM?
Should it be done by
Location ie. LA, San Diego, San Fran, New York
Type - workstation, laptop, device
OS - Windows, MAC, Win 7, Win 10, UNIX
Department - HR, IT, Marketing
What have you had the best results with and what does Symantec recommend?
Hello support,
Question
++++++++
1. "Test 1"
We can test SONAR using socar.exe (https://support.symantec.com/en_US/article.TECH216...) and it works fine
but
2. "Test 2"
We want to test only the "SuspiciousBehaviorDetection" feature (https://support.symantec.com/en_US/article.HOWTO12...), SONAR is Off/Not enabled.
How to do it?
We know "SuspiciousBehaviorDetection" feature workings are proprietary but how we can check the feature is working.
Searched the symantec KBs etc (https://www.symantec.com/connect/forums/how-calcul...) but there is no detailed info about it.
Thank you.
Hi,
Is the loopback address 127.0.0.1 always allowed?
If not, what rule would I use?
If the client address is x.y.z.a then a connection to itself via x.y.z.a I would assume needs to be explicitly allowed.
Is this correct?
Thanks for any help
How To "Internal Error" in Help > Troubleshooting > Connection Status
HI team,
All our environment servers were not accessible post regular updates from Symantec server.
For resolution we only have to restart the server. and after every update issue reoccurs on srver.Post anaylsys from Azure memory dump it shows below error
"
Lsass threads are stuck waiting in Symanted drivers
0: kd> !mex.t ffffe0001ec11080
Process Thread CID UserTime KernelTime ContextSwitches Wait Reason Time State
lsass.exe (ffffe00011b2b900) ffffe0001ec11080 2a0.16b0 31ms 0s 69 WrPushLock 1h:26:59.468 Waiting"
As for now we have uninstall Symantec from all the servers as it was causing downtime. Request to please help us with guidance what is the above error and how we can resolve it.
Regards,
RIzwan
Please, I would like to allow Bluetooth devices on a windows 10 computer for audio/video services, etc. but I want to desactivate File Transfer using bluetooth.
How this can be done using Symantec Application and Devices Control. Please provide step by step solution. Regards
I have recently updated SEPM to 14.0.1 (14.0 RU1 MP2) build 3929 (14.0.3929.1200)
Now when I build an installer (exe) for windows servers and try to install, it will force reboot the server within a matter of secounds. I have double checked the install feature set and confirmed the no reboot option is selected as well as the client container set for no reboot. This is only happening with servers, the workstations are fine and in fact do not reboot. The only difference is the server policy and feature set has no firewall.
Is this an issue with the build version? before the upgrade I was able to install the agent and the client (servers) would not reboot. I actually still have the installer of the old version and confirm this version will not force a reboot.
This happens on server 2008 and 2012
Hi, We are currently running SEP12 RU6MP6. We want to upgrade to SEP14 RU1MP2. Upon checking the details of the DB, we have noticed that the Database type is Adaptive Server Anywhere (ASA) and not Embedded (SQL Anywhere).
To do the upgrade, is it the normal process or is there a special way to upgrade the ASA? Will the normal upgrade method update the DB schema and still keeps the DB type as ASA, or it will change it to Embedded (SQL Anywhere)?
Thanks in advaced for the responses,
MabundaG
I am experiancing an issue where our test SEP environement where the SEPMs are not pulling content down from our internal liveupdate server.
This used to be working fine however in the past few months any attempt at initiating a liveupdate results in the following messages:
"no updates fround for......"
"LUALL.EXE Finished. There were no new contnet updates. Return code = 1"
"Liveupdate Succeeded"
we connect to our internal liveupdate serve via a proxy, and i have confirmed that connectivity exists between the SEPMs and Proxy server as well as proxy server to the internal liveupdate server.
In our Production environment Liveupdate DOES pull down content fron the same internal liveupdate server successfully, and the same proxy is also used. So im not sure why its working in our prduction environment but not the test environemnt.
Any advice or suggestions on what may be going on here would be much appreciated!
Thanks.
Hi all,
SEPM reported an alert yesterday, and both the alert email itself, plus the Details view from within Monitors > Risk, show nothing about the path of this file. It was picked up via a Scheduled Scan based on file signature hash - a 2 year old variant too so not fancy - and shows up as (without the quotes) "> >support.exe".. I realize a Scheduled Scan could have found something only in memory and not on disk, perhaps that's why it shows no file path, but I'm surprised SEP doesn't say someting like "in memory" or something.
I do plan to upgrade SEPM to 14.1 pretty soon but generally speaking, file-based detections in the past have always shown me the file path too.
What's up with that moneky business?
For what it's worth, the alert email indicates Quarantined: 1, and Deleted: 1. Yet, Monitors > Risk inside SEPM only shows Quarantine and no mention of Deleted. SEP on the client side has no files in it's Quarantine.
No action was taken by me (the only admin) to delete the file from Quanrtine if that helps. Also, the user was SYSTEM when I view the alert details so maybe it Deleted it after Quarantining it, based on some criteria I don't understand?
I am experiancing an issue where our test SEP environement where the SEPMs are not pulling content down from our internal liveupdate server.
This used to be working fine however in the past few months any attempt at initiating a liveupdate results in the following messages:
"no updates fround for......"
"LUALL.EXE Finished. There were no new contnet updates. Return code = 1"
"Liveupdate Succeeded"
we connect to our internal liveupdate serve via a proxy, and i have confirmed that connectivity exists between the SEPMs and Proxy server as well as proxy server to the internal liveupdate server.
In our Production environment Liveupdate DOES pull down content fron the same internal liveupdate server successfully, and the same proxy is also used. So im not sure why its working in our prduction environment but not the test environemnt.
Any advice or suggestions on what may be going on here would be much appreciated!
Thanks.
Just wondering if there are any good articles on Migrating SEPM to a VM.
Currently hosting on a physical Svr2008 system, and want to migrate to a VM running Svr 2016 - what do I need to be aware of?
Many thanks
Hello,
I'm looking for documentation saying what exact versions of VC++ is required for SEPM. Any clue where I can find this?
Hi all! When I was udpating Windows 10 ( to 1709 or 1803 ver), I got massege " Symantec Endpoint Protection is not compatible with Win 10". I had to uninstall it. Why does this happen and how to force it work =) Thank you!
Hi every one,
I plan to deploy 2 SEPM in two city and replication with each orther. Each SEPM will manage 275 Endpoint. They replicate log, policy ...
I was read the article : https://support.symantec.com/en_US/article.TECH201290.html
But i can understand it :( . Is there any orther article guide how to calculate bandwidth for replication between two SEPM, between SEPM and SEP ??
I need to calculate before deployment.
Many thanks,
Quang
Duplicate client entry in SEPM. SEP client installed machine is physical machine and is not re-imaged.
Everytime when there is stop and start of Symantec service, new client entry with new hardware id is happening.
Sometime even without stop and start of service, new client entry with new hardware id is happening.
Can someone help me with a solution or work around other that Delete offline client in Edit domain properties.
When I try to add a file or folder exception in SEP 14 I can only select Application control as the scan type - I need to add an exclude for all scans for some folders related to Windows 10 Feature Updates and cant set the exclude type. This is the first change I have tried to make since SEP 12 policies were migrated to sep 14.
I am attempting to update a client from SEPM version 12.1.4013 to 14.0.1 MP2. I am running through the install for just the SEPM and recevied the warning that the it can't read the user rights (ref: https://support.symantec.com/en_US/article.TECH228...). I was able to add the following to Group Policy NT SERVICE\semsrv, NT SERVICE\semwebsrv, NT SERVICE\SQLANYs_sem5 but when I try to add,
NT SERVICE\semapisrv I get a message from Group Policy that the account can't be validated.
In the article, TECH228988 this service account has an asterisk after it indicating that this service was added for version 14. I have a support case open with Symantec and probably have eight hours into this since Tuesday night. I am wondering if I need to upgrade the client to the inital realease of SEPM 14 and then update to the latest version. Doesn't seem like I should have to take steps to get to the latest version when I should just be able to install the latest release.
Any suggestions would be appreciated.
Thanks in advance