Hello guys,
I'm trying to upgrade Symantec_Endpoint_Protection_Manager_14.2_RU1(3335) to Symantec_Endpoint_Protection_Manager_14.2.1_MP1(4814) but there is an error that I need to stop some SEPM process.
I've stopped all process and servicess that Administrator account can stop including Symantec Endpoint Protection Manager service but still have this error.
Please see screenshot.
I need your help.
Hi,
I am looking to know if the SemSvc.exe service run by the SEPM server can be run under a service account rather than the local system account?
If so, what permissions/settings need to be set for the service account?
Thanks
Hi All,
We're using hMailServer and Symantec Endpoint Protection. These 2 runs on Windows Server 2012 R2.
I tried to use External virus scanner in hMail Server but I always got an error regarding Return Value.
Please see image link:
Thank you
I've been trying to figure out how to install the latest build for SEP14.2 MP1 which is build 1057(SEP 14.2 MP1 (14.2.1057.0103) )
Unfortunately it doesn't install and having an error "Error 1920. Service Symantec ENdpoint Protection(SepMasterService) failed to start. Verify that you have sufficient privileges to start system services." Build 1057 installs smoothly to other OS such as Windows 7 32/64bit Server 2008 SP1 R2 64bit.
Cas has already been filed with case number 30352641.
Kindly advise,
thanks and Regards,
Hi,
I am looking for a API for SEP to scan a file in c# application before uploading.
Hello, I need help with figure out my problem.
Every time when I try to communicate via rest api to SEPM, I have respone in html form with message: "The request resulted in an internal error."
Script in powershell:
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $True }
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$credentails = Get-Credential -UserName "UserName" -Message "Message"
$cred= @{
username = $credentails.UserName
password = $credentails.Password
domain = ""
}
#converts $cred array to json to send to the SEPM
$auth = $cred | ConvertTo-Json
$Authnet = Invoke-RestMethod -Uri https://SEP_ADD:SEP_PORT/console/apps/sepm/api/v1/... -Method Post -Body $auth -ContentType "application/json"
$access_token = $Authnet.Token
#format HTTP header
$header = @{Authorization='Bearer '+$access_token}
#Lists All groups
Invoke-RestMethod -Method Get -Uri https://SEP_ADD:SEP_PORT/console/apps/sepm/api/v1/... -Headers $header
Variable $access_token is empty because $Authnet have only error message.
Any ideas?
Hello everyone,
I'm just trying to upgrade Symantec_Endpoint_Protection_14.2_RU1(3335) to Symantec_Endpoint_Protection_14.2.1_MP1(4814) but it's so hard.
I've stopped all services that Admin account can stop including Symantec Endpoint Protection Manager service but stll can't upgrade because I have an error that SEPM has to be stopped.
Please see screenshot.
To be honest I'm very frustrated with such a problematic upgrade procedure.
Please help me.
Anyone have any Macs in their environment that get these blocks? Seems this is happening when the Mac is connected via wireless and then connects to a wired network, making the mac address table get dhcp for the same IP with different mac addresses.
Hello, Is there a way to check SEP client on Linux machine to see where it connects to recieve virus def? which LUA
Everyone: I have a new Apple MacBook Pro laptop computer. I selected the free trial version of Endpoint Protection software. I downloaded one file but was not able to install it because it was a Microsoft Windows version, which does NOT run on my Mac. How can you tell which is the correct version of Endpoint Protection to install on the MacBook Pro laptop comouter? This is NOT marked at the website!!!
Hi All,
Would be really hepful if someone could help out in this issue, Thanks in advance!
We have externals who performed penetration test in our estate and foud out that SEP can be disabled by modifying symantec registries in safe mode by following below steps, though I have Tamper & password protection enabled (for stopping /uninstallation).
1. Boot the Windows in Safe mode.
2. Press Win+R to open run command dialog box.
3. Type regedit and hit enter.
4. Goto Computer\HKEY_Local_Machine\SYSTEM\ControlSet001\Services\SepMasterService
5. Change the value of “Start key” from 2 to 3
6. Restart the windows.
I tired the same steps in my machine and was able to turn off symantec.
Hence, I believe tamper protection does not work in windows safe mode (not sure if this is flaw in the product or a expected behaviour). So, pls suggest if there is anyting that i can do from Symantec policies that will make Tamper protection ON Even In SAFE MODE? or any other way that can fix it, Thanks.
Hi - I'm trying to use powershell to query the SEPMs for information on computers protected by SEP in our environment. I can get the script to authenticate and retrieve information using the sample script but i'm now stuck at figuring out how to parse the results.
This is what i have so far:
--------------------------------------------
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $True }
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;
#match these paramters with the post requests for the api type listed https://SEPM_IP:8446/sepm/restapidocs.html
$cred= @{
username = "UserID"
password = "Password"
domain = ""
}
#converts $cred array to json to send to the SEPM
$auth = $cred | ConvertTo-Json
$authrequest = Invoke-RestMethod -Uri https://192.168.2.104:8446/sepm/api/v1/identity/au... -Method Post -Body $auth -ContentType 'application/json'
#access token from SEPM Authentication script
$access_token = $authrequest.token
#format HTTP header
$header =@{Authorization='Bearer '+$access_token}
$result = Invoke-RestMethod -Uri https://192.168.2.104:8446/sepm/api/v1/computers -Headers $header
--------------------------------------
The content of $result comes out looking like this...
{"content":[{"group":{"id":"A9C5F6A8C0A802681CDA41B0DD225D79","name":"My Company\\Default Group","f
ullPathName":null,"domain":{"id":"5595B9D6C0A8026862FF00463BD85216","name":"Default"},"externalRefe
renceId":null,"source":null},"ipAddresses":["192.168.2.111"],"macAddresses":["00-0C-29-7C-8C-55"],"
gateways":["192.168.2.1","0.0.0.0","0.0.0.0","0.0.0.0"],"subnetMasks":["255.255.255.0"],"dnsServers
":["192.168.2.100","0.0.0.0"],"winServers":["0.0.0.0","0.0.0.0"],"description":"","computerName":"D
LPEndpoint","logonUserName":"admin","domainOrWorkgroup":"test.ads","computerDescription":"","proces
sorType":"Intel64 Family 6 Model 62 Stepping 4","processorClock":2800,"physicalCpus":2,"logicalCpus
It appears to be a system object with no properties.... I'm having no luck parsing the data. Anybody have any insight on how to do this?
-Steve
Just raising awarness of a helpful new feature that can help admins find and fix their environment's vulnerabilities swiftly. Prioritizing and mitigating vulnerable software is important because many malware samples can only function by exploiting a vulnerability.
Some resources:
Introducing Symantec Endpoint Vulnerability Remediation
https://help.symantec.com/cs/SAEP/SAEP/v131106726_v123284638/Introducing-Symantec-Endpoint-Vulnerability-Remediation?locale=EN_USHow Symantec Endpoint Vulnerability Remediation works?
https://help.symantec.com/cs/SAEP/SAEP/v132122463_v123284638/How-Symantec-Endpoint-Vulnerability-Remediation-works?%3Flocale=EN_US&locale=EN_USGetting started with Symantec Endpoint Vulnerability Remediation
https://help.symantec.com/cs/SAEP/SAEP/v132283782_v123284638/Getting-started-with-Symantec-Endpoint-Vulnerability-Remediation?locale=EN_US
The product launch webinar for Symantec Endpoint Vulnerability Remediationis available to view on demand. https://www.symantec.com/connect/events/webinar-symantec-endpoint-vulnerability-remediation-product-launch
Dear Support,
We have multiple admin users in Symantec Ednpoint Protection Manager as administrator but tow of them is left their position and shift to another unit which are not interacted with Symantec anymore. therefore we want to disable their account not to delete but there is not such option to disable administrator account in Symantec Manager. hence we are rqeusting you to add this feature to disable the admin accounts from Symantec Manager. even though we have contacted your technical support to check this feature if it's possible to disable the account from backend but they also checked and counldn't fine any option to do then suggested us to submit an enhancment reqeust to Symantec to add in next or coming release. that's why we are writing here for your attention to do the needful by ASAP.
Best Regards,
Habibullah Salimy
Afghanistan International Bank.
Hi All,
The topic for discussion is about Host Integrity Policy, Version 14.0.3876.
Yes, this is the version my organization is currently running with, as we had the necessity to scan any External storage media connected to the host.
As SEP do not have the feature, we leveraged HI policy and we used our in-house Powershell script, which worked fine to scan every one minute and log even outside SEP on Windows 10 PCs.
However we have a challenge with Windows7 PC’s, as the Policy could not successfully download the script however, it creates a “DING” noise everyone minute. And we tried taking assistance from MS / Symantec, which went in vain.
Please share your suggestions, if anyone would have come across this try !!!
We need to fix this on Windows 7 PC’s only, as it works perfectly fine on Win10.
On windows 7, we tried setting powershell execution policy to different mode as “restricted”, “unrestricted”, “bypass”. But the result was same as earlier, the script works fine when it was tried locally, ran.
Hi Folks,
We have a situation where we have source IP as a loadbalancer for VMs and when SEP is in place it detects the source LB IP as an attacker.
The LB can add the X-Forwarded-For header, but SEP will happily ignore it.
How to enable X-Forwarded-For header so it wont ignore the origin IP?
Regards
Dev
Hi All,
We have whitelisted the some of our IPs in IPS policy so now it wont be preventing the traffic but should it log as security log if any attacks comes through?
Can we place some mechanism where we can get the alerts for security logs which is an attack detected by IDS?
Regards
Dev
Zydus Cadila Client want to export report All SEPM users right access list.
Example: - Administrator:- Full admin access
3000000:- View Right
I have a support contract. The website where you create cases won't accept anything I put in and no-one answers the phone. How do I get in touch with anyone? Sending an email just gets an automated response to go to the website (which doesn't work).
Hello Everyone,
Is there anyway to block list of HASH files in ADC policy using txt file. Its difficult to manually block one by one so please let me know if we can export the file to block all the hashes.