Quantcast
Channel: Symantec Connect - Products - Discussions
Viewing all 12029 articles
Browse latest View live

SEP14 Delayed Start

September 26, 2018, 1:48 am
$
0
0
I need a solution

Started experiencing a problem with multiple users being warned by outlook "A program is trying to access e-mail address information stored in Outlook." when it auto starts at login.

It seems it takes a good 30 seconds for the Trust Center to realise that the Antivirus status is valid.

I've seen this on a handful of win 7 (64 bit) users and now win 10 users.

Not sure where to start looking, could it be the SEP client is being delayed on startup, or maybe its taking a while to checkin to the server? 

0
Search

LiveUpdate Administrator with SEPM

September 26, 2018, 5:04 am
$
0
0
I need a solution

Hi all,

I'm working on a new implemenation of SEPM (14.0.1) along with SEP 14.0 (14.0.3897.1101).

I am unable to allow the SEPM server to connect to Symantec LiveUpdate due to network restrictions so I've implemented an LAU server with the hop i could use it to download the required updatees and then use SEPM to distribute them to the clients.

I thought we had this working in that the LAU server is able to download the content and I seem to be able to configure SEPM to download them from LAU by configuring the site LiveUpdate settings to Use a specified internal LiveUpdate server and (after some experimentation) using the URL http://IP OF LAU:7070/clu-prod. I have LAU setup to not require and testing and once I run distibution the downloaedd content ends up in that folder... all good...

However when I run Download LiveUpdate Content I get a screen full of No updates found for.... messages, in the last few days of working on this issue (the system is currently in our Test/Dev enviroment not live) I have had the system download a few files but it isnt consistent and if I alter the settigns I get Error-4 so I'm fairly certain I am accessing the folder.

I'd hoped this wa just an issue with the the products I had LUA setup for but I'm now not sure thats the issue, my clients are all running a 32Bit version of the above on Windows 7, these are locked down devices so there is little variation, I  have tried a couple of products:-

Symantec Endpoint Protection 14.0 (english only)

Symantec Endpoint Protection 14.0 RU1 (english only) although I noted that this version is later described as Advanced Endpoint protection ?

I'm also a little concerned that in all the efforts to get this working i have soemthing out of synch as on the home screen the Latest on Manager is showing 17/09/2018 despite me having cleared out the downloaded files a number of times, is theer a way to intitalise the system without tearing it down and deleting the SQL DB ?

Any help or suggestiuons greatly appreciatyed :-)

0

Disable Symantec Endpoint Protection grayed out

September 26, 2018, 8:52 am
$
0
0
I need a solution

Hello

I have an UNMANAGED SEP client (14.2.770.0000) in Win 7 Ultimate machine. There are 2 users on this PC - and admin and a standard user.

How do I allow the standard user to Disable Symantec Endpoint Protection from the notification area? It's currently grayed out. Only admin can use it.

I was able to do it in the past, but cannot recal how.

There is no SEP Management console.

Thanks

0

Auditor Firewall Report

September 26, 2018, 9:30 am
$
0
0
I need a solution

I have an auditor that needs me to run a report which will show them which firewall rules and scanning exemptions are setup on our domain.  Is there a way I can do that?

Thank you,

Brett

0

windows 10 1830 cannot be installed SEP 14.2 manageable

September 26, 2018, 6:04 pm
$
0
0
I need a solution

I have some notebooks with OS Windows 10 version 1830.

I tried to install SEP 14.2 managable to the notebooks and installation succesfull but when i check at program files, and searching but SEP not found.

I tried to install SEP 14.2 unmanageable and I can see the SEP 14.2 at program files.

Please help us to solve it.

Thank you and best regards,

Dodi.

0

Offline SEP 12 Client on Old SEPM 12 after migrate to New SEPM 12 and upgrade to 14

September 26, 2018, 11:15 pm
$
0
0
I need a solution

Hi All,

I need assist to find out the possible impact on below scenario:-

Currently we have 6K of client managed by Old SEPM 12 with embedded DB, there was performance issue due to too many client which is not recommended to use embedded DB and we decided to migrate to a new SEPM 12 Server with Remote SQL DB.

Now the New SEPM 12 with SQL DB and replicated with all existing policies, groups and client data. We are planning to migrate all the user from Old SEPM 12 to New SEPM 12 by changing the Management Server List, say Priority 1 : New SEPM , Priority 2 : Old SEPM. By right, all the Online client will point and connected to new SEPM after getting the latest policy from Old SEPM. The problem here is, there are around 1K of user which is on Offline status. 

We are planning to upgrade the New SEPM 12 to 14 after online client connected to New SEPM 12. 

What will happen to those offline client when they turn to online and get the New Management Server List from Old SEPM which will point them to the New SEPM and the New SEPM already upgrade to latest 14 Version.

Will it become unmanaged? and need to manually install the sylink file from SEPM 14?

Appreciateif there is a solid prove/solution on above scenario.

Thanks,

Wei Liang

0

Change Action taken on risk for specific hash

September 27, 2018, 6:01 am
$
0
0
I need a solution

Hello,

I'm recently facing a lot of detections of not needed software which is detected as PUA.OpenCandy with action taken on risk "Left alone".

Is there any way to change the action taken on risk for specific hash? I would need to remove or atleast move it to Quarantine. Or better move all these same files to quarantine.

I know that I can change the actions taken on every detection via Auto-Protect option, but it is not that effective and I'm not sure into which category PUA.OpenCandy belongs.

Thank you for any suggestions.

BR

Lukas

0

Endpoint 14.2 Ability to exclude msaccess program to prevent blocking

September 27, 2018, 9:24 am
$
0
0
I need a solution

 I have a customer using Endpoint 14.2. We supply a software program that utilizes Microsoft Office Access. The excutable for this software is msaccess.exe. Endpoint prevents our software from running. In order to enable our software the client has to disable "Memory Exploit Mitigation"

The client has been told that there is no way to exclude our program or msaccess.exe from being blocked and the only option is to disable "Memory Exploit Mitigation" The client is requesting we supply some additional code in our application that will enable us to run with this Memory Exploit Mitigation enabled.

Apparantly in prior versions there was the ability to exclude msaccess but this feature has been removed.

I realize that this is a complex issue but I want to try and understand how I can enable a client to run our software and also use Endpoint 14.2. 

I would appreciate any advice

thanks

Frank

0
Search

What are others doing for User Profile Exclusions

September 27, 2018, 10:03 am
$
0
0
I need a solution

We need an exclusion for an application folder that resides under the logged on users profile.  C:\Users\<username>\AppData\....

This is a requirement from the application release notes.  It seems that SEP only has the USER_PROFILE variable available which by their definition is "File system folders that correspond to all the users.  So this would be c:\documents and Settings\All Users for win7 and C:\programdata\ for win 10.

I am wondering what others are doing for exceptions required by an application that SEP does not support with an available variable?  Is there a way to script the exception after the user has logged in for the first time?

Thanks.

0

SEP Blocking windows (outlook,IE, Edge Traffic) but not Chrome

September 27, 2018, 11:54 am
$
0
0
I need a solution

I have a strange problem,  with the latest updates of sep 14.2 I have been having connectivity problems with microsoft applciations (outlook, ie, edge) downloading or rendering web pages with an error saying can't reach this page.

The same items show up in chrome just fine.

If sep is disabled even for a short time and re-enabled, the sites resume working.

DNS resolution appears to be working fine and the sites resolve and can be pinged in a command prompt.

The only thing that appears in the sep logs is this:

9/27/2018 11:46:49 AM    Blocked    3    Incoming    UDP    fe80::216:6cff:fec0:2892    00-16-6C-C0-28-92    55775    ff02::c    33-33-00-00-00-0C    1900    C:\Windows\System32\svchost.exe    LOCAL SERVICE    NT AUTHORITY    Default    245    9/27/2018 11:29:22 AM    9/27/2018 11:46:22 AM    Block UPnP Discovery    

9/27/2018 11:43:08 AM    Blocked    10    Outgoing    ICMP [type=3, code=3]    8.8.8.8    2C-4D-54-21-17-F0    0    192.168.1.102    2C-FD-A1-BC-07-8B    0        agilani    I78700K    Default    2    9/27/2018 11:41:28 AM    9/27/2018 11:42:05 AM    Block_all    
 

9/27/2018 11:42:12 AM    Blocked    10    Outgoing    ICMP [type=3, code=3]    1.1.1.1    2C-4D-54-21-17-F0    0    192.168.1.102    2C-FD-A1-BC-07-8B    0        agilani    I78700K    Default    2    9/27/2018 11:40:40 AM    9/27/2018 11:41:11 AM    Block_all    

9/27/2018 11:40:03 AM    Blocked    10    Outgoing    ETHERNET [type=0x88CC]    0.0.0.0    01-80-C2-00-00-0E    0    0.0.0.0    2C-FD-A1-BC-07-8B    0    C:\Windows\system32\drivers\mslldp.sys    agilani    I78700K    Default    1    9/27/2018 11:39:00 AM    9/27/2018 11:39:00 AM    Default rule    
 

9/27/2018 11:40:03 AM    Blocked    10    Outgoing    ETHERNET [type=0x88CC]    0.0.0.0    01-80-C2-00-00-0E    0    0.0.0.0    2E-15-09-47-F9-8F    0    C:\Windows\system32\drivers\mslldp.sys    agilani    I78700K    Default    1    9/27/2018 11:39:00 AM    9/27/2018 11:39:00 AM    Default rule    
 

The first one is basically blocking upnp which we can safely ignore.  But the 2nd and third appear to be some sore of ICMP packet ot my dns servers which sep is blocking.  And I'm not sure what to make of the fourth and fifth entries.

0

LiveUpdate Server - FakeNews.com?

September 27, 2018, 12:20 pm
$
0
0
I need a solution

Hi all,

I just joined a project at a university where SEP is being used on a windows server 2008.  I'm not sure how things were managed previously but the below appears in the LiveUpdate Status.  I am continuing my search through the forums but figured I would post anyway.  The fakenews.com part is what throws me.  

Initializing...
Connecting to fakenews.com...
Failed to connect to the LiveUpdate server.

Session summary: 0 update(s) available, 0 update(s) installed.
LiveUpdate session is complete.
 

Thanks

0

SEP启动后无法修改系统代理

September 28, 2018, 1:41 am
$
0
0
I need a solution

HI,工程师:

       我想请问下我win10的SEP启动后,我无法修改系统代理,打开IE浏览器中连接配置提示由系统进行配置,无法修改。使用命令smc -stop停止后可正常设置IE代理,请问这怎么解决?谢谢!

0

Master server av definition date table

September 28, 2018, 5:52 am
$
0
0
I need a solution

I've been hunting for the master server's current AV definition version in the database.  I have found the version numbers for the agent / client, but cannot locate the master.

Also, is there a way to get the current symantec AV def from them, via an automated means, outside the SEPM GUI?

I am rather new to this database and product, so if I'm missing something, I apologize.  Been searching the DB, google, forums... can't see to locate this info.

Thank you!

0

SQL query to remove offline machines

September 28, 2018, 12:15 pm
$
0
0
I need a solution

Hi,

I'm currently trying to write a query in SQL to remove offline machines. I keep getting the redlines under SEM_AGENT or any other table. Does the below query look right? This is being done in a test environment and I have little to no expierence with SQL or scripting. Thank you for your help!

SELECT UPPER([SEM_AGENT]) as HOST_NAME
     ,case when comp.status=1 then 'ONLINE'
     else 'OFFLINE' end as Status

0

How come I'm not seeing the latest version in my downloads list?

September 28, 2018, 2:49 pm
$
0
0
I need a solution

In my file download for SEPM upgrades, I see the latest date listed is June 14, 2018, for ver 14.2.0.  The .0 might be generically any ver 14.2 I'm thinking.  I see 14.2 has always been 14.2.7.something.

I see two more versions of 14.2 with dates after June 14, 2018 here.

https://support.symantec.com/en_US/article.TECH154...

What is that I'm downloading for 14.2 version if the file site says June 14, 2018?  Is that just display text that hasn't been updated there, and it's the latest 14.2.770.0000 from July 24, 2018?  Is it my license maybe, limited to a certain cut off date?  I downloaded one file (the sepm upgrade one) and looked at the file details but it doesn't show the version there.

0
Search

Migrate from Norton Internet Security to SEP

September 28, 2018, 5:45 pm
$
0
0
I need a solution

I am running Norton Internet Security (NIS) version 21.7.0.11 on a Windows server 2012 R2 and looking for a way to migrate to SEP.

I am having about 50 firewall rules in NIS and will need to migrate them to SEP.

Is there a way to export these rules from NIS and import them to SEP?

0

Symantec Endpoint Protection found Trojan.Gen.2

September 30, 2018, 11:33 pm

SEP 14.0 on Windows Servers.

October 1, 2018, 7:49 am
$
0
0
I need a solution

Please provide comments on following queries.

  1. Is it recommended to install and run SEP 14.0 on crucial windows servers such as AD/DC's, Exchange, SQL servers and Other Database servers? If yes, what are all protection services and policies should I need to include or exclude on SEPM 14.0 before installing SEP on windows servers? please let me know the necessary precautions should I need to take before installing SEP on windows server according to server roles.
  2. Is there any chance for database corruption or service interruption when run SEP 14.0 on windows servers?
  3. Will Symantec provide official support for issues related to running SEP 14.0 on Windows servers?
  4. Is there any alternative protection service for windows servers from Symantec?

Thank you in advance

0

Exp.CVE-2017-11882!g2 threat

October 1, 2018, 8:21 am
$
0
0
I need a solution

Dears ,

During run time scan , I found a certain threat which is  Exp.CVE-2017-11882!g2.  I searched about it and found nothing can i know What's threat and it's behaviour and is it faulse alarm or not ? 

Thanks 

0

all client not connect to the symantec manager

October 1, 2018, 8:29 pm
$
0
0
I need a solution

Please help me i dont know why but all our client did not connect in symantec manager ver. 14.2

0
Viewing all 12029 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>