Quantcast
Channel: Symantec Connect - Products - Discussions
Viewing all 12029 articles
Browse latest View live

Utilizing SEPM for Incident Response

June 26, 2018, 2:22 am
$
0
0
I need a solution

Hi All,

We have made a policy to " Monitor File Activity"& "Monitor Registry Activity" on the servers running with SEP Client using the Application & Device Control Policy

We referred the below article for "How to utilize SEP  for Incident Response"

https://www.symantec.com/connect/articles/how-util...

We are using SEPM 14.0.1 RU1 MP1 in our environment

Although we are getting logs from the server , the registry logs seems to be fine but the file write logs are not that meaningful as thy say what exe is used but not exactly what file changes have been done like " create,modify or delete"

Can someone help on this so that we can gather logs for user activities on server regarding file creations , modifications or deletions of any files or folders.

Please share any article in this regard

Thanks & Regards

Vivek Parmar

0
Search

Catch-22

June 25, 2018, 11:31 pm
$
0
0
I need a solution

My client is an NGO with limited resources.They have SEP 14.0.2415.0200 on their (donated old )server. They were given a brand new Dell with Win10 home SL for a user. To connect to the domain I upgraded it to Win 10 Pro Workstation which uninstalled the working SEP client. Once updated to Win10Pro, the SEP would not install – ‘Windows can't install’ message. I found downloads on your website to update the client software to 14.2 which I presume will install on new windows10. However, the download seems to be an upgrade for installed SEP client rather than a new client program (or it's Korean like the other guys found), so catch-22. How can I install the client SEP?  By the way, I'm doing this remotely from the server.

Mike in Durban

0
1530029360

Only Win64-bit (Virus and spyware definitions Win64.12.1RU6) are NOT updated

June 26, 2018, 5:04 am
$
0
0
I need a solution

Hi there,

After runnung 'Download LiveUpdate Content' in SEPM I get the error below:

26 juni 2018 13:56:23 CEST:  Symantec Endpoint Protection Manager could not update Virus and Spyware definitions Win64 12.1 RU6.  [Site: Site MGMT01]  [Server: MGMT01]

26 juni 2018 13:56:23 CEST:  Symantec Endpoint Protection Manager could not update Symantec Endpoint Protection Manager Content Catalog 12.1 RU6.  [Site: Site MGMT01]  [Server: MGMT01]

Anyone any suggestion how to solve this issue?

Sincerely Alex

0

Is there is any flag to determine file contains virus

June 26, 2018, 12:00 pm
$
0
0
I need a solution

I am working on script which will scan perticular file . If files contains virus then script will hanlde accordingly. 

Do anyboday have idea how we can implement this ?

Currently I am using below command but it doesnt return any flag by which we can determine whether file is problomatic or not .

 sudo /opt/Symantec/symantec_antivirus/sav manualscan -s test.txt

0

SEP Uninstall PW Best Practices

June 26, 2018, 12:06 pm
$
0
0
I need a solution

I was looking to see if there was any documentation for best practices as far as updating/changing the uninstall PW for SEP goes? We recently needed to update it and would like to get into the habbit of changing them regularly and wanted to see if there was a suggested interval for this? 90 days, 180 days, a year? If anyone has this info please let me know. 

0
1530067802

Update/Policy for roaming clients

June 26, 2018, 12:16 pm
$
0
0
I need a solution

Hi Symantec People. 

Need assistance on how to handle the update definition and policy for users that not connected on VPN? 

Some users are not connected on VPN - how we can ensure that those clients are using the correct policies?

How we can manage users that not connected on VPN?

0

Reconnect to Database after migrating to new SQL Instance

June 26, 2018, 1:09 pm
$
0
0
I need a solution

We need to move our current SEPM database (Which is on cluster as instance) to New Server Instance which will resultu in new DB IP and hostname

I have gone thorugh all the related articles but I have not really got any exact answers that I need.

  1. After DBA admin moves to database to new server and gives us the details like new server host name and user account details.

            Can someone please let me know what are steps need to performed on SEPM sever and how exactly should we point the SEPM to new database ?

Articles I have already gone through are

https://support.symantec.com/en_US/article.TECH132...

https://support.symantec.com/en_US/article.TECH104...

http://www.symantec.com/docs/TECH174821

I know we need to run through "management configuration wizard" and follow next steps, but any detailed answer would be greatly appreciated.

Thank you

0

ransomeware bip extension

June 26, 2018, 4:25 pm
$
0
0
I need a solution

Hello - our company just was hit by a "zara 2018" .bip extension ransomeware.  We have Symantec Endpoint 14 installed on all of our Windows 7, 8 and 10 clients, as well as our 2008 R2 servers.  A Wndows 7 client was the host of the ransomeware, and it went from share to share.  Our servers have Symantec Endpoint 14 installed on them as well.  Our Symantec Server did not notify me of the activity. The way it was identified is by the user who came into log on to his computer and found the message that all his files were encrypted. Can anyone tell me why the Symantec Endpoint did not detect this intrusion?  It also appears that it was before hours so no one had been on the infected client system to initiate the attack via email or other route. I am very concerned & am doubting whether Symantec will catch the next intrusion. 

0
Search

"Zara 2018" .bip extension ransomeware attack

June 26, 2018, 9:19 pm
$
0
0
I need a solution

Hello - our company just was hit by a "zara 2018" .bip extension ransomeware. We have Symantec Endpoint 14 installed on all of our Windows 7, 8 and 10 clients, as well as our 2008 R2 servers. A Wndows 7 client was the host of the ransomeware, and it went from share to share. Our servers have Symantec Endpoint 14 installed on them as well. Our Symantec Server did not notify me of the activity & it is not recorded in any log file. The way it was identified was by the user who came in & logged onto his computer, and found the message that all his files were encrypted. Can anyone tell me why the Symantec Endpoint did not detect this intrusion? It also appears that it was before hours so no one had been onsite or on the infected client system to initiate the attack via email or other route that we can see. I am very concerned & am doubting whether Symantec will catch the next intrusion.  Any advice/input would be greatly appreciated - thanks.

0

Upgrading to 2012R2 and SEPM14

June 27, 2018, 3:58 am
$
0
0
I need a solution
Hello all,
I have a "dark network" no internet access at all with about 90 clients.
Currently i have an old 2003 Server with sep 12.1 installed.
i have backup my database and remned my server to XXXX-old and changed my ip address
then i created a new 2012 R2 server  ( with the same host name and IP as the old SEPM server ) installed the SEPM 12.1 version and performed a restore to the database.
 
next step should be upgrading my new server to SEPM ver 14, but what i have noticed is that all me clients are showing status offline in the management console
 
How can i get them backonline before i upgrade my server to the new SEPM version ? 

Any assitance would be greatfully welcomed.

 
Thanks Mark
0

SEP 14 vs Web Application Firewall

June 27, 2018, 7:13 am
$
0
0
I need a solution

I have a question and I can’t find a corresponding forum which answers it yet or any related googled articles out there with the answer either.  I am trying to distinguish between the uses of a SEP 14 vs a web application firewall.  Pro's vs Con's or supporting articles I can read up on to help me understand them better.  Trying to decide the best solution protecting a webserver hosting a small app and back-end server environment, nothing too complicated or important behind it as it relates to data.  I just want it to be hacked and taken offline.  Ultimately trying to see which can best protect me against the owasp top 10 attack list.

 

Any assistance or guidance is greatly appreciated,

0

Unable to uninstall kaspersky from sep in w7

June 27, 2018, 9:22 am
$
0
0
I need a solution

I am trying to uninstall the Kaspersky endpoint protection 10 agent by performing a remote push from sepm on windows 7 clients, but it is not working.It does not remove Kaspersky and it does install the sep agent, so the two agents are active on the computer at the same time.Instead, I perform the same action on Windows 10 computers and everything works perfectly.My version of SEP is 14.2.

Any ideas?

Thank you

0

Disable Intrusion policy

June 27, 2018, 10:04 am
$
0
0
I need a solution

Hi 

I have disabled the intrusion policy from SEP management server and  i could see it's getting applied for some fraction of minutes but getting enabled again automtically.

Can you please help me on this?

Regards
Dev

0
1530129577

Find endpoints without SEP installed

June 27, 2018, 12:03 pm
$
0
0
I need a solution

Hello everyone, 

Sort of new to this thread piece but was curious on the best way to find endpoints in my environment without SEP installed. Any suggestions / best practices? Thanks ahead of time.

0
1530129312

SEP 14.2 crashes

June 27, 2018, 2:50 pm
$
0
0
I need a solution

We have started testing SEP 14.2 and on atleast two of our Windows 10 machines we see that the SEP service crashes right after boot.

We have tried uninstalling all features except AV and the problem still persist.

If we are quick we are able to open the SEP GUI right after boot before it crashes. It will then be green until it turns red and malfunctioning.
At this point the SEPmaster service stops and we can't open the GUI.

Anyone else experiencing this problem?

The environment is enrolled into the cloud

Torb

0
Search

VNC being block by SEP IPS

June 27, 2018, 7:47 pm
$
0
0
I need a solution

Anybody facing this? 27-28 June

Is there any new changes on the IPS signature?....seems like the rule inconsistent

The settings is allow and log only, but apparently a lot got blocked..

Only after placing under signature execption... vnc ok

0

Firewall ports / rules required for client deployment direct from SEPM server

June 28, 2018, 2:36 am
$
0
0
I need a solution

Hi,

I am looking for verification regarding what firewall ports are required for deploying SEP clients directly from the SEPM server.

At the moment we export clients, move them to SCCM, and deploy them to machines using this method.

I would like the ability to do this direct from the SEPM console, but it looks like there is a connectivity issue.

Can someone verify what Firewall rules need to be in place in order to achieve this?

Thanks.

0

Update Mac's SEP using SEPM within a closed network

June 27, 2018, 8:30 pm
$
0
0
I need a solution

Dear all,

I am trying to update Mac's SEP using SEPM within a closed network i,e. there are no computers can access internet. I can only transfer the updates using a CDR.

As I understand it, I need to build a live update administrator and download Mac's definition. Next, I need to configure the LUA as my internal LiveUpdate server on SEPM in order to update all my SEPs. Yet, it means I need to allow the LUA to access the internet.

https://support.symantec.com/en_US/article.TECH134...

The Symantec Endpoint Protection Manager cannot host Macintosh LiveUpdate content the same way as it does for Windows clients.

Is there a simplier way to update Mac's SEP using SEPM other than unpacking .pkg on each Mac?

Thanks.

Regards,

Stephen

0

SEP 14 Client Compatibility with Microsoft Surface Studio

June 28, 2018, 7:49 am
$
0
0
I need a solution

Hi,

I would like a confirmation on whether SEP 14 Client is compatiable with Microsoft Surface Studio, before deployment decisions are made.

It runs on windows 10 Pro, which is technically supported by SEP 14.

However, there is a previous case where the surface pro(another microsoft surface product) cannot work with SEP client due to it utilizing storage spaces only.

https://www.symantec.com/connect/ideas/symantec-en...

Google searches regarding compatiablity with Surface studio was fruitless.

Detailed specs are given below:

www.microsoft.com/en-us/surface/devices/surface-st...

Thanks for the help.

0

Detect specific packets with custom IPS

June 28, 2018, 8:46 am
$
0
0
I need a solution

Hi,

I'm currently trying to create a custom IPS rule in order to flag a specific packet generated by an application. In order to be more specific, I'm trying to intercept a specific DRSUAPI operation packet.

Is it possible to do this with custom IPS? If it is, how can we achieve this?

Thanks!

0
Viewing all 12029 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>