Quantcast
Channel: Symantec Connect - Products - Discussions
Viewing all 12029 articles
Browse latest View live

MAC Client features selection

August 9, 2018, 1:07 am
$
0
0
I need a solution

I would like to create a MAC client package without the firewall but unlinke Windows packages I cant seem to find a way to exclude features for the SEP client.

We have a user who travels frequently, and use multiple VPN clients to connect to multiple development environment and the SEP client prevent him to access some systems. 

We found out in the logs some blocked connection to certain remote IPs, I have tried creating exclusions in the firewall policy but there are just too many to create for him.

He would like to use the MAC OSX default firewall and keep the Virus protection.

0
Search

Database Server Authentication (Not Connecting the to database)

August 9, 2018, 6:14 am
$
0
0
I need a solution

configuring SEPM to connect with the Microsoft SQL Database.It is refusing to connect.the error code is 11501.

0

Ghost Teefer NICs in VM

August 9, 2018, 11:47 am
$
0
0
I need a solution

We recently had issues with our VMs and in the process of resolving those issues we found ourselves with lots of "ghost connections".  One solution is presumably to go into Regedit and delete them but that worries me because as a trial I just disabled them and found that the File Server then lost contact with the Active Directory machine even though the active NIC/Teefer weren't touched.  As soon as I re-enabled them we were back in business.  So although - say - NIC 5 and Teefer 5 are active NICs 4,3,2 and their relevant Teefers are still bound to some necessary protocol.  This isn't a mega-deal as we are only three people and the server farm consists of an AD, File Server, and a Mailserver which is not in the Domain.  My task is to remove these spurious Teefers and their correponding NICs but how?  Do I uninstall Symantec completely, reboot and remove and remaining NICs and Teefers and then reboot again and reinstall?  Or do I just use Regedit and trust the system to reconnect?  (Doubtful)? The ghost connections are at the root (I believe) of another problem we have concerning the RPC server service which loses contact and then we cannot log in at all!  Any ideas please?  Jean

0

How to find unmanaged clients on the network

August 9, 2018, 1:01 pm
$
0
0
I need a solution

We have unmanaged clients on our network that I need to convert to managed clients.  What's the best way to search for and find those unmanaged clients?  It doesn't make sense that they had this feature available in SEPM 11, but took it away.  I've looked under Home>Security Status>View Details>Unknown Device Failures and nothing is listed.  I also set up a notification, but this is a university, and I don't really want to know when anyone brings an unknown device onto the campus.  I just want to find the SEP installs that are unmanaged and convert them to managed.

0

Firewall needs attention

August 9, 2018, 3:57 pm
$
0
0
I need a solution

When I log on my computer (purchased 6/1/18)  there is a small rectangular box in the lower right corner that displays "Firewall needs attention". I contacted HP and they looked all around my computer and said it was a Symantec issue. Is this related to Windows Defender? How can I determine the problem? Thanks!

0

AR18-221A: MAR-10135536-17 – North Korean Trojan: KEYMARBLE

August 9, 2018, 9:56 pm
$
0
0
I need a solution

Hi,

Kindly confirm Symantec has protection for AR18-221A: MAR-10135536-17 North Korean Trojan: KEYMARBLE.

0

Symantec popup message - SEP v14 14.0.2415.0200

August 10, 2018, 1:21 am
$
0
0
I need a solution

Hi All,

has anyone encountered this error message before when sending out emails. This message popped up on a users machine . See attached.

SEP v14.0.2415.0200 installed on Win 7 Enterprise edition The outlook plugin is not installed and the option is disabled. I have searched and there was a similar issue but on v12.

0

Multiple SEPM for same clients

August 11, 2018, 10:01 am
$
0
0
I need a solution

Hi there,

my client wants to have highly available SEPM for his1000 clients.

Is it possible to have 

1. 2 SEPM  with embedded DB managing all 1000 clients, so SEPM A sees all 1000 clients, the same as SEPM B

2. or have 2 SEPM's pointing to a clustered database.

Thank you.

0
Search

Best Practice for copying Anti-Virus definition from Host to VM

August 12, 2018, 1:18 am
$
0
0
I need a solution

Searching for Best Practice for copying Anti-Virus definition from Host to VM.

We have 100 laptops in Windows 7 which are getting the Anti-Virus definition update from SEPM version 12.1.6. These laptops use low bandwidth connection, most of the time offline with no internet connection.

Each laptop has a VM player installed and both the Host OS and the VM have the SEP client. Currently, Host and VM clients get the definition update from SEPM separately.

Issues we have

1. The same definition will be downloaded twice and took over an hour to update.

2. When the host connected to the SEPM to update, the VM may not be running, so only the Host updated. We have to remind users to run the VM while they are connecting to the network to get definition update.

We want the laptop only download the definition one time when the definition changes, and both host and VM are updated.

I read some articles and forum here.

1. Can I setup the Host client as the Group Update Provider (GUP) and provide definition to the VM?

2. Can I change the Virus definition location in the VM to point to the Host folder, so both Host and VM share the same definition?

3. During startup, create a script to copy the definition from host to VM?

Please provide some suggestions and what would be the best practice. If this question has been answered before, please provide a link. 

Thank you!

Edmund

0

Notification System infected: Miner.Bitcoinminer Activity 7 detected

August 13, 2018, 4:04 am
$
0
0
I need a solution

Hi,

I have a computer displaying message "System infected: Miner.Bitcoinminer Activity 7 detected" since 3/08. Is Symantec client dealing with the threat? What should I do so that risk is removed?

Thanks to help!

0

SEP recognizes AD cluster objects as clients

August 13, 2018, 4:39 am
$
0
0
I need a solution

Hello everybody

I have a SEP manager server, where I use AD discovery to add clients.

Now we have total of 18 servers and 20 workstations in the domain, but SEP shows that it has 40 clients.

The two clients that should not be considered by SEP are 2 cluster records (of course, they are not real servers\computers, so they don't have SEP agents installed).

That's cousing a license overuse alert.

How can I remove these two records from SEP, so it doesnt see and count them as clients?

0

Distrust Symantec Certificates issue

August 13, 2018, 8:59 am
$
0
0
I need a solution

Hello Everyone,

As you all might be aware of, Google, Apple, Microsoft, and Firefox announced to distrust Symantec vendor issued certificates to uphold user’s security and privacy when browsing the web. Currently endpoints which are still on Symantec certificates will no longer work once Browser and OS vendors rollout update as early as fall 2018. 
How this would impacted any organization and also how we can mitigate this issue. 
Also will it impact accessing SEPM console via web browser and also will  SEPM and SEP client communication get impacted. Please let us know.

Thanks,

Sundeep

0

Autofix won't acquire definitions

August 13, 2018, 12:55 pm
$
0
0
I need a solution

I'm having multiple errors and autofix won't acquire definitions.  I've tried to upload the diagnostic tool product and create a case however there's an error logging in despite the fact that I've attempted to log in multiple times.

0

Need to block SMBv1 protocol

August 13, 2018, 12:58 pm
$
0
0
I need a solution

Hello All,

We have a requirement of Blocking SMBv1 Protocol from SEP Level.

Currently we are blocking SMBv1 from Windows Group Policy while allowing SMBv2 (More Secure).

Issue is that we have a lot of machines that are not part of our domain, and hence do not get Group policies.

We would like to block SMBv1 while keeping SMBv2 open from SEP client level itself.

They do use the same port 445, so not sure how to get this done.

Any Help would be appreciated.

Thanks

AJ

0

Unkown traffic

August 13, 2018, 5:55 pm
$
0
0
I need a solution

Hi

I am having difficulties with an java application in the browser. When I disable smantec, the application works. I have disabled the intrusion protection for browsers and removed the final block all rule. I seem to get the application to work with these two components disabled. I get quite a bit of blocked traffic from localhost 0.0.0.0 to remotehost 0.0.0.0 over port 0. I am not certain if this is simply broadcast traffic. Please see below example. the ethernet type is sometimes different. From the client, I also see some the below associated with cisco MAC addresses 01-00-0C-CC-CC-CC.

Client Affected
Computer Name    
Current:    AirPro
When event occurred:    AirPro
IP Address    
Current:    192.168.2.41
When event occurred:    0.0.0.0
User Name:    adear
Location Name:    Default
Domain Name:    Republic
Group Name:    My Company\Airpo
Server Name:    RB-SEPM
Site Name:    Site RB-SEPM

Risk Detected
Event Time:    08/13/2018 16:18:08
Begin Time:    08/13/2018 16:17:54
End Time:    08/13/2018 16:17:54
Number:    1
Event Type:    Ethernet packet
Severity:    Info and above
Action:    Blocked
Application Name:    
Network Protocol:    ETHERNET [type=267]
Traffic Direction:    Inbound
Remote IP:    0.0.0.0
Remote Host Name:    
Alert:    0
Local Port:    0
Remote Port:    0
Rule Name:    Block all other traffic and don't log

Any insight is greatly appreciated.

Thanks.

corey 

0
Search

Can SEP work together with Windows Defender

August 14, 2018, 3:08 am
$
0
0
I need a solution

Hi,

My client machine is installed with Symantec Endpoint Protection Ver14 and is running. Will there be any conflict if "Windows Defender service" is running at the same time? If no conflict, why I am not able to start up "Windows Defender Service" at the windows service tab?

Cheers

Suan Leng

0

Create the latest install package for SEP 14.0

August 14, 2018, 5:19 am
$
0
0
I need a solution

Good day,

I have Symantec Endpoint Protection 14.0.1904 version installed in my environment.

I need the latest version of install package for my clients.

In general, i try to generate latest package from Symantec Endpoint Protection Manager but it gives me the following - 14.0.2349 version.

I know that the latest SEP Client version is 14.2.770.

So, how to generate/create this latest edition client of SEP, please share your experience with us about this issue.

thanks in advance,

0

Detect and Block Process that loads two particular DLL's

August 14, 2018, 1:55 pm
$
0
0
I need a solution

I want to create Application Device Control Policy to detect Mimikatz in memory, has our red teamers keep by passing SEP AV SONAR and Signatures. 

Refernce for mimikatz https://securityriskadvisors.com/blog/detecting-in-memory-mimikatz/ 

Example scenario, mimikatz is spawned in the context of rundll32.exe, then always loads two specific DLL's (vaultcli.dll and wlanapi.dll).  Is there a way to setup ADC to log and block process if proccess image  loads both (vaultcli.dll and wlanapi.dll). 

I have alredey tested where, monitor all processes, then if process loads codition either (vaultcli.dll and wlanapi.dll) then log event. In reality what is being logged is if process x spawns vaultcli.dll OR process X spawns wlanapi.dll. This is not very helpful since I have thousands of events generated.  

Has anyone done this in SEP 14.x I have read numurous documentation and found no clear answer if this possible, I need help??

0

TLS enable or not

August 14, 2018, 9:28 pm
$
0
0
I need a solution

Guys,

Through this information, is it possible to say that TLS is enabled or not?

If it is not possible, by the console where I see if it is enabled or not? Or where I check this information.

0

How to query Application Control policy information on database

August 15, 2018, 7:13 am
$
0
0
I need a solution

hi everyone, i was looking for some table or view in SEPM database order to query this kind of device control policy -rule information, like the paths\executables added on "Apply to the following processes" and "Do not apply to the following processes".

Is this a kind of information possible to be queried or something encrypted in .dat files?

I looked schema, but could not found anything so far.

thanks

0
Viewing all 12029 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>