Quantcast
Channel: Symantec Connect - Products - Discussions
Viewing all 12029 articles
Browse latest View live

When triggers port scan detection an active response

August 21, 2018, 1:00 am
$
0
0
I need a solution

Hello, 

we're using sep 14.x with activated sep firewall on our W7 Systems. Now I'm just wondering about, why a detected port scan does not trigger an automatic block of the attackers IP address. Could anyone tell me when a logged port scan detection triggers an automatic block and when not. My understandig is, if there is an detected port scan then, if its enabled, IPS is generatig an active response, which means blocking the attackers IP address for a period of time.

till August, 14th this works fine, since then no attackers IPs where blocked anymore. Why?

Thanks in advance for useful suggestions ;-) 

Matthias.

See attachments 

With block: 2018-08-21 09_55_37-Symantec.png

Without block: 2018-08-21 09_57_04-Symantec.png

0

Search

High Priority: Unable to track Mac Serial Number & domain userid

August 21, 2018, 7:31 am
$
0
0
I need a solution

Hi Team,

Currently in SEP report, in a windows machine, we get userid and system serial number but in MAC there is no way to trace the machine & it becomes very difficult to find the MAC laptops. This will be again serious if we need to track any mac machine in any of the scenarios:

Like  Definations outdated, Infected with virus etc.  Please treat this on high priority even if we get a serial number that will really help us.

Regards
Dependra Pundir

0

New variant of KillDisk 2018

August 21, 2018, 7:40 am
$
0
0
I need a solution

Hello,

I need more information about the new variant of malware KillDisk , In this post from trenmicro:

https://blog.trendmicro.com/trendlabs-security-int...

Trend Micro products detect this threat as TROJ_KILLMBR.EE and TROJ_KILLDISK.IUE.

You can tell me how Sep identify this new variant of this malware? 

Regards

Miguel Angel

0

Symantec Endpoint Protection Device Control

August 21, 2018, 7:45 am
$
0
0
I need a solution

We have added an application and device control policy that is blocking all USB with some devices excluded.  Some devices have been excluded by class id and others by device id. 

We are having issues with some USB thumb drives not working with the device id being excluded, but others do.  Are there specific brands that just don't work? 

Another issue we are having is not being able to exclude bluetooth headphones.  When the device is plugged into DevViewer, 3 devices are showing up with 3 seperate device IDs and 1 class ID.  All 3 device IDs have been excluded and the class ID have been excluded.  When the device is plugged in only one of the 3 device names show up and the USB block warning still comes up.  Any ideas?

0

Exceptions policy for laptops

August 21, 2018, 8:33 am
$
0
0
I need a solution

If I apply an exception policy to a group of latops will the policy be in affect when the laptops are out in the field and not connected to the SEPM?

Thanks

Stan

0
1534868288

out of date

August 21, 2018, 10:50 am
$
0
0
I need a solution

Hello guys

I have in my environment with many clients with status: out of date. We have about 10 GUPs configured.
What do you recommend to reduce this out of date status? Has anyone had this problem, what actions have they taken?

0
5476061

Automated uninstall of SEP 14.x client

August 21, 2018, 10:58 am
$
0
0
I need a solution

Hello there,

I've been tasked with finding a way to automatically uninstall the SEP 14 client from a batch of PCs so another group can install other stuff, then reinstall the client.

Automated installs are easy.  Automated uninstalls would be easy too, BUT.... I cannot find a way to pass the uninstall password to the client in an msiexec commandline.  Is there a public property that can be referenced to pass the uninstall password?

SEPprep will not work and notes about removing a registry entry that holds the password that I've seen don't apply to version 14.

Any ideas or solutions?

0

Description for individual Exceptions

August 21, 2018, 12:12 pm
$
0
0
I need a solution

Good afternoon,

    Just looking to see if this is even an option or someything I can move to a good idea. Currently in our SEPM we have many exception groups that are created depending on individual application that the vendor requires them. From one standpoint it is convenient to have each group named by the application however, that means it is a pain to manage. So I am changing our groups to basically a standard SEP group, a group for exceptions, test group.....

    I would like to be able to annotate what application each exception is for for tracking and audit purposes. However, I do not see a descriptionspace available when I create the individual exceptions. Has any had a better way of doing this?

Currently on SEP 14.2.770 on Server 2016. Environment uses mix of OS

0

Search

New variant of KeyPass ransomware

August 22, 2018, 7:38 am

SEPM Security zone design

August 23, 2018, 1:07 am
$
0
0
I need a solution

I want to create a new SEPM design based on 4 different security zones. We need SEPM servers in all zones, clients are not allowed to communicate across the zones. All zones are located at the same location and just a limited number of clients (the clients are mostly servers). I'm thinking of a distributed SEPM design with Central logging. Any tips / links? Thanks.

0

add manual file to exception

August 23, 2018, 8:07 am
$
0
0
I need a solution

Hello,

there's a possibility, in the Symantec Console Manager, to add manual file to exsclusions without specifying the folder?

For example...i need to add to exclusions the file "abcd*.exe" for all windows folder (the characters after the symbol * may vary in letter o number).

Thanks

0

Migrate clients from SEPM 14 to another SEPM 14 server

August 24, 2018, 12:30 am
$
0
0
I need a solution

Hello,

I want to know if it's possible to migrate clients from SEPM 14 to another SEPM 14 server whithout uninstall and reinstall SEP client.

Any ideas ?

0

Importing a license from Office SEPM to Home Sepm

August 24, 2018, 2:24 am
$
0
0
I need a solution

Hi All,

I am planning to import the license number from my office SEPM to my new installed SEPM in my personal laptop(for studying purpose-Policy editing and creation). Will it be a problem..?. Does the same license number is applicable to 2 SEPM. If I applied the same, what wil be the impact of the orginal SEPM (OFFICE).

0

I cant see Servers Options from Sep Console

August 24, 2018, 9:06 am
$
0
0
I need a solution

Hello:

I have one question, I am permissions of administrator in the Sep Console but I cant access via remote console , only via Web page.
I like to check if the access for console is denied but I only see Administrators and Install Packages options and no the servers options like this KB https://support.symantec.com/en_US/article.TECH147...

This is possible for the permission of my user in de AD ? 

0

CRITICAL: 389 Network Virus Detected- Cleaned by deletion Auto-Protect

August 27, 2018, 5:46 am
$
0
0
I need a solution

Hi,

I got this notification in SEP CRITICAL: 389 Network Virus Detected- Cleaned by deletion  Auto-Protect 

Risk Type- Heur.AdvML.C Malware

File/Entry- C:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\SRTSP\Quarantine\APQ3517.tmp 

Action Source- Cleaned by Deletion Auto Protect

I have received received these notifications almost twice since morning. Is there something that can be done. I have run a manual scan on the machine

 

0
Search

GUP - network

August 27, 2018, 7:40 am
$
0
0
I need a solution

Hi,

We define "Multiple Group Update Providers".
In a branch the GUP is with IP 172.16.16.10. But some customers of this branch are in another 172.16.18.xxx network, for this different network do you need to define another GUP?

Would it be a GUP by network?

0

Can't install SEP14 on Windows 10

August 27, 2018, 6:29 am
$
0
0
I need a solution

I have windows 10 1709  Trying to install SEP 14.0 MP1 build 2332

Getting error can't install on this operating system.

Can someone help me with this issue.

Thanks,

Kenny

0

SEP install trough SCCM 2016

August 27, 2018, 9:18 am
$
0
0
I need a solution

Hi,

Recently I trying to install SEP 12.1.16 trough SCCM Packege Deployment. I made a standard program installation, distributed to the distribution point, and started the deployment to 3 Windows 10 1803 machine, but after a period of time the deployment gives an error message which is called Error 1603. I don't know why it keeps poping up, because the user has full controll on the source folder and it's a domain admin.

If anyone has an idea what to do I would be grateful.

Best whises,

Peter

0

Block all event notification

August 27, 2018, 9:21 am
$
0
0
I need a solution

Hi,

We are using MAC OS 10.13 and we are getting all event notificaotion (Blocking devices, Scanning from another machine, Arp poisoning and etc) in Symantec managed antivirus which is 14.2. RU0.

We want to disable notification only, what is happening in my machine and Symantech agent it should not appear on User machine as it irritates user when we receive scanning/ARP poisoning events in bulk on a machine.

As per Symantec: they are able to block notification but unable to block action taken on this machine (Like file deleted or repaired).

We want to provide a solution for disable action notification also.

Case which I opened: Case Number 15305087

Article by Symantec: https://support.symantec.com/en_US/article.TECH134761.html
 

Regards

Krishan

0

Single Site SEPM Database

August 27, 2018, 11:10 am
$
0
0
I need a solution

Hi,

Can we configure a single site with two SEPM and two SQL DB's?

0
Viewing all 12029 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>