Quantcast
Channel: Symantec Connect - Products - Discussions
Viewing all 12029 articles
Browse latest View live

Security Advisory ID SYMSA1454: Symantec Endpoint Protection Multiple Issues

June 20, 2018, 7:43 am
$
0
0
I do not need a solution (just sharing information)

Just spreading awareness: please upgrade to the latest available release of SEP 12.1 or SEP 14 (14 RU1 MP1 and later or 12.1 RU6 MP10 and later) in order to remain invulnerable to these two Medium severity CVEs (CVE-2018-5236, CVE-2018-5237)!

Symantec Endpoint Protection Multiple Issues
http://www.symantec.com/docs/SYMSA1454  

The aforementioned issues were validated by product team engineers. A set of Symantec Endpoint Protection updates, Symantec Endpoint Protection (SEP) 14 RU1 MP1 and later or 12.1 RU6 MP10 and later, have been made available. Note that the latest releases of the aforementioned products are available to customers through normal support channels or via live update. At this time, Symantec is not aware of any exploitations or adverse customer impact from these issues. 

0
Search

Memory Exploit Mitigation - Standalone Client

June 20, 2018, 3:17 pm
$
0
0
I need a solution

I have a use case that a client is a stand alone client. One of the applications is not starting due to Memory Exploit Mitigation. It would be easy to change this if it was a managed client. However, with a stand alone client, there are not options to change the defaults or make an exception. I have tried to export a MEM policy from a SEPM and import it. However, this did not seem to work. Anyone else run into this and have a fix?

0

Grateful please how to copy firewall rules from old (window server2008) to new one(win10) on Symantec endpoint manager version 14 ?

June 20, 2018, 8:18 pm
$
0
0
I need a solution

Grateful please how to copy firewall rules from old (window server2008) to new one(win10) on Symantec endpoint manager version 14 ?

0

system requirements for SQL DB 2016 -SEP14.2

June 21, 2018, 4:21 am
$
0
0
Copy all the children of the comment that is the source of this new discussion.
I need a solution 
Question:
SEPM 14.2 will be installed in my environment on Windows Server 2016

What are the system requirements for SQL DB 2016?
0
12042431

How to identify running scheduled scan

June 21, 2018, 6:03 am
$
0
0
I need a solution

Hello,

Is there a way how to identify running scheduled scan on a system? Eg. running process, registry key or some existing file?

I need to implement an automated restart of SEP service in case of need, but condition must be that scan is not running.

Thanks,

Michal

0

Offline installation of SEPM - is liveupdate needed

June 20, 2018, 2:42 pm
$
0
0
I need a solution

I have SEPM v14 installed on a disconnected network (no internet). I update the definitions manually on the SEPM server using .jdb files. Management is wanting to uninstall liveupdate on the SEPM server.

Can anyone tell me if SEPM will still function correctly without liveupdate installed on the SEPM server? The clients would still have it installed. My other concern is that if SEPM still pushes the defs and SW updates to the clients that have liveupdate installed, will those updates get pushed to the client installed on the SEPM server?

I don't think it's a good idea, but we need a source/reference point to back our decision either way.

Thanks 

0

Location Awareness issues after upgrade to SEP 14.2

June 21, 2018, 5:16 am
$
0
0
I need a solution

Hello,

Upgraded recently SEP manager and some clients from 14.0.3897.1101 to 14.2.758.0000.

Upgraded clients started having issues with selecting correct location - laptops that have Wi-Fi card enabled (not connected to anything) insist in picking "Wireless" location.

Althought the only IP they have is from the range approved for the "Ethernet Only" location.

After some long trail and error i saw that what helped is to change from "If all of the IP addresses of the client computer are listed below" to "If the client computer has one of the IP addresses listed below"  - but this is not good enough.

No other IP addresses exist on the client.

Any ideas?

Perhaps its a bug?

Thanks !!!!
Gennady

Y:\>ipconfig /all

Windows IP Configuration

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel(R) Ethernet Connection I218-LM
   Physical Address. . . . . . . . . : 28-D2-44-65-19-FD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.1.1.135(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   DHCP Server . . . . . . . . . . . : 10.1.1.59
   DNS Servers . . . . . . . . . . . : 10.1.1.59
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Check Point Virtual Network Adapter For Endpoint VPN Client
   Physical Address. . . . . . . . . : 54-5C-A5-51-E2-07
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) Dual Band Wireless-N 7260
   Physical Address. . . . . . . . . : 7C-7A-91-59-60-E1
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 7C-7A-91-59-60-E2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 4:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter
   Physical Address. . . . . . . . . : 7E-7A-91-59-60-E1
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 7C-7A-91-59-60-E5
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

0

Tracking down exception creator

June 21, 2018, 8:50 am
$
0
0
I need a solution

Hello World,

          I am trying to find out who created an exception in my installation of SEPM 12 from several months ago for documentation purposes.  SEP support says that they only track that a exception profile was changed and by whom, but not what was changed.  In the excepion list there is no owner of each exception.  Short of going into the database and trying to find the field, I am stuck.  The only thing we have to go on is if the exceptions are listed in order by time they were created.  Support will not validate this.  Has anyone here been able to find a report or log file that shows who, what, and when? 

Thank you.

0
Search

Client Only Install 3929 to 758 Failing

June 21, 2018, 11:31 am
$
0
0
I need a solution

Greetings!

I am trying to understand why the client only install is failing. I see the return code is 23. What is that?

06/21 11:23:17.571 [4850]  SymDelta FileVersion: 14.0.0.0
 Log initialized: LogLevel=4 Log, Size=2097152, RotationCount=2
06/21 11:23:17.582 [4850]  (SymDelta::CSymDelta::invokeUnzip)  Inflating...\\?\C:\Users\Michael.Orechoff\AppData\Local\Temp\pftBD43.tmp\Patch.dax
06/21 11:23:18.226 [4850]  (SymDelta::CSymDelta::invokeUnzip) UnZipTask took (milliseconds): 640
06/21 11:23:18.230 [4850]  (SymDelta::CSymDelta::PerformApplyDelta) Performing [ XDELTA3 - Apply Delta ]
06/21 11:23:18.250 [4850]  (SymDelta::CXDeltaTool::Apply) Dir: \\?\C:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.3929.1200.105\Data\Cached Installs
06/21 11:23:18.250 [4850]  (ApplyPackage) Apply package command line: "DummyXdeltaPath" -d -s %src% %patch% %out%
06/21 11:23:18.250 [4584]  (LaunchXDeltaInternalAndWait) Launching: "DummyXdeltaPath" -d -s "\\?\C:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.3929.1200.105\Data\Cached Installs\Setup.exe""C:\Users\Michael.Orechoff\AppData\Local\Temp\SymDelta_15404\Patch.dax.tmp\Setup.exe.DIFF""\\?\C:\Users\Michael.Orechoff\AppData\Local\Temp\pftBD43.tmp\SmcLU\Setup.exe":
06/21 11:23:18.289 [4850]  (SymDelta::CXDeltaTool::Apply) Return Code: 23
06/21 11:23:18.289 [4850]  (SymDelta::CSymDelta::processDirs) ApplyDelta Operation failed.
 
Mike
0

Add finger print scanner device as a default hardware device based on class

June 22, 2018, 7:34 am
$
0
0
I need a solution

In our enviourment the users has finger print scanner device. We have different OU for each location as its a PAN India project. On these OU all USB is blocked expect human interface device (keyboard/mouse). But now the users have been provided with a new usb finger print scanner device.

This device is getting blocked as we insert in the system but as the application gets installed it start working without any restriction. As the policy is getting bypassed.

Kindly check this issue.

0

Multiple Windows 7 clients appear as a single client

June 22, 2018, 8:03 am
$
0
0
I need a solution

I have SEPM running on Windows Server 2012 and I am trying to install SEP 12.1.4013.4013 on 4 VMs. The VMs were created from a single Windows image and then loaded onto each computer where I ran sysprep before installing SEP.

I completed the client deployment remotely with no problems for each client but on the Client page of SEPM, there is only one entry. If I refresh the page, the client name will cycle between the 4 hostnames of the VMs so that only one is displayed at a time. It appears that SEPM is treating all 4 clients as a single deployment. If I run a command on the single client such as a remote restart command, it will only restart the VM that has its host name displayed at the time on SEPM. It seems like there may be a problem with how the VMs were deployed. Any help is appreciated!

0

ARP Mac Spoofing alerts generated continuously from endpoints

June 24, 2018, 4:33 am
$
0
0
I need a solution

We have upgraded the Clients from SEP 12.1.MP9 to SEP 14.

Contioounsly every 10-15 minutes we get

Unsolicited incoming ARP reply detected, this is a kind of MAC spoofing that may consequently do harm to your computer. Packet data is shown in the right window

We insattled Wireshark on  the machine and noticed that for every ARP Inbound request , there is a definite Outbound reply. yet this issue seems occuring since months now

The request is between the endpoint machine and router 

We have machines from multiple site, with their respctive routers, giving alerts

We have around 50,000+ alerts

Support asked to enable ANti-Mac Spoofy but still the same error persists.

0

Some clients lose connection after upgrade to 14.2

June 23, 2018, 2:22 pm
$
0
0
I need a solution

I recently upgraded SEPM from 14.0 RU1 MP2 to 14.2 and after pushing out the new install package three clients are now unable to connect to the server. Looking under Help --> Troubleshooting --> Server Connection Status on each client shows the error: "Peer certificate cannot be authenticated with given CA certificate". Clicking "Details" tells me to run the Symantec Diagnostics Tool.

After running SymDiag, the only "Requires Attention" item is "Service IPS Network Filter Driver is not configured and operating properly" with the details of "Service last exited with code 31" but I have that same item on working clients so I don't think that is the problem.

I have tried installing the client via Push, exporting the install and manually installing and installing the Unmanaged package from the download and then converting to a Managed client and I get the same error each way. Going back to 14.0 RU1 MP2 restores communication with the SEPM.

I'm not sure what certificate and CA certificate are in play here so I'm wondering if anyone has any suggestions?

0

14.2.758 Client Location awareness Bug ?!

June 24, 2018, 11:42 pm
$
0
0
I need a solution

we have upgrade some Clients to 14.2.758. After Upgrade the Client Location awareness not working correct. I investigate my policy and find no differnces befor upgrading the Server.

Clients with Version older than 14.2 working correct. I build a test group steb by step  with Location Policy and find the Problem.

When i define only a Subnet die Loction is not working, define i the subnet as IP -Range the  location is set correct.

is this a bug  or a Feature 

kind regards

henrik

0

need information about Zone ID Portal and URL Presence Portal & Removable Files Portal

June 25, 2018, 6:38 am
$
0
0
I need a solution

in a risk report downloaded by column shows lot of options in that i need want to know Zone ID Portal URL Presence Portal Removable Files Portal

what is the difference in these three

Thanks in advance!

0
Search

Replication failed after upgrade to SEP 14.2

June 25, 2018, 7:30 am
$
0
0
I need a solution

Hello, collegues.

Yesterday i upgrade all our SEP 14RU1 servers to the latest version 14.2. Upgrading was performed as Symantec recommends - delete replication, stop SEPM service on all servers, upgrading and recreate replication. All done without any errors. But now replication all time failed. We have 3 servers - two on local site and one on remote site. Replication initiated from local to remote done with success. But from remote to local always failed with same error: 

2018-06-25 11:15:04.956 THREAD 8913 WARNING: ReplicationTask>> replicate: Unable to fetch changed data from remote site [Site_Name]: Cannot insert the value NULL into column 'IP_ADDR', table 'sem5.dbo.SEM_COMPUTER_NIC'; column does not allow nulls. UPDATE fails.

Our SEP databases resides on SQL Servers 2012.

In additional i can say, what our second network environment have same SEP configuration and after upgrading to 14.2 replication also failed with same error.

May be anybody can help?

Thanks a lot.

Stas.

0

Suggest SEPM to import file hash directly in order to make an application exception

June 25, 2018, 7:32 am
$
0
0
I need a solution

Hi Team,

My Customer receive an application file hash list every week, and would like us to add a feature that he can import file hash list to make the application exception directly ranther than he need to generate the fingerprint from SEPM manulally in application monitor componment.

BR

Jeffrey Yang

0

Cannot use port 443 after SEPM upgrade 14.2

June 25, 2018, 8:09 am
$
0
0
I do not need a solution (just sharing information)

I recently upgraded SEPM from version 12.x to 14.2.

During the server configuration, port 443 was being detected as in use and I was unable to use this port for HTTPS communication. I had to set a custom port 50001 in order to continue.

Netstat shows PID 4 listening on this port which is the System process. I've determined this to be IIS.

I can go into IIS and stop the web site, which allows me to change HTTPS back to 443 - but I receive server errors in the Admin console.

Based on what I have read, I believe IIS is involved in SEPM server communications, so it would appear that SEPM cannot use port 443 because it is being used by itself.

Can anyone provide insight into this? I would like to use the default ports.

SEPM is installed on Windows Server 2008 R2 SP1 and IIS is version 7.5.

0

how to check GUP IP address from client machine

June 25, 2018, 12:02 pm
$
0
0
I need a solution

Hi Team,

Could someone please let me know where i can find the GUP ip address from client machine.

0

Network traffic blocked when using Docker For WIndows

June 25, 2018, 12:59 pm
$
0
0
I need a solution

When using docker for windows with SEP 14 installed on the host, network traffic from within the container is blocked.  I've narrowed it down to the "Network and Host exploit mitigation" feature.  If I temporarily disable this feature, the container works as expected.

Here are the steps to reproduce:

  1. Install Docker for windows on a windows 10 machine: https://docs.docker.com/docker-for-windows/install/#what-to-know-before-you-install
  2. Use this command (from cmd.exe) to pull the windows server core image and run an interactive command prompt in a container:
    1. docker run –it microsoft/windowsservercore cmd
  3. type powershell to start powershell from within the container
  4. Execute the following powershell script to try to initiate a web request to download a response from www.google.com
    1. (Invoke-webrequest -URI "http://www.google.com").Content
    2. The call will eventually error out.
  5. ​Repeat the steps with SEP 

Here are some associated links for your reference:

https://github.com/docker/for-win/issues/1397

https://www.symantec.com/connect/forums/sep-1216-mp6-windows-10-hyper-v

0
Viewing all 12029 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>