Virus And Risk Detection everday for few of my client and later it is pointing to my shared drive.
Any solution?
| Filename: C:\Windows\CSC\v2.0.6\namespace\server01\Shareddrive01\ | ||
| Hash Type / File Hash: SHA-256 881C47FA638E064319BF2B2BC56663CE3D40B4416C7DDE8B1B19204EFB81ABCD |
Hi,
I work with SEP 14, and today for no apparent reason I’ve started to get the following IPS detection:
[SID: 30239] Audit: Unimplemented Trans2 Subcommand attack detected but not blocked. Application path: SYSTEM
The clients are in different Windows versions, such as: 7, 8 and 10. I can see that they are trying to reach a specific host on the network but nothing has changed in the last days.
Could this be a case of just a bad set of Defs? And why the attack is being detected and not blocked?
Thank you!
Hi All
Need your help here. I used to have bitorrent in my machine before installing Symantec Endpoint Protection. After the installtion, i started getting this pop up - Audit: P2P BitTorrent Traffic detected continously. Literally every second it's popping up.
I have removed all bittorrent contents in my machine but unable to stop the popping notification.
Any idea how i could stop the notification completely. I have feeling bittorrent still trying to access my machine but how i will be able to remove this completely. The pop up message is really annoying.
Appreciate your help.
regards
deven
Hi Everybody,
Can someone help tell me the proper of external log format of SEPM 14.2? After upgrading from SEPM 14.0.1 to SEPM 14.2 the external log format insert 02 columns
| SHA-256: | MD-5: |
as the below:
| 【previous log format】 | |||||||
| Jul 3 23:36:59 [] SymantecServer: [] | Local: [] | Local: 3 | Local: 4439C452B258 | Remote: [] | Remote: [] | Remote: 3 | Remote: 0024C38D0247 |
| 【current log format】 | |||||||
| Jul 11 15:33:20 [] SymantecServer: [] | SHA-256: | MD-5: | Host Integrity check passed | Local: [] | Local: B88A60E4A804 | Remote: | Remote: 0.0.0.0 |
Is the order of two columns of log format proper? Thanks in advance.
Regards,
TRUNG
Hi All
Need your help here. I used to have bitorrent in my machine before installing Symantec Endpoint Protection. After the installtion, i started getting this pop up - Audit: P2P BitTorrent Traffic detected continously. Literally every second it's popping up.
I have removed all bittorrent contents in my machine but unable to stop the popping notification.
Any idea how i could stop the notification completely. I have feeling bittorrent still trying to access my machine but how i will be able to remove this completely. The pop up message is really annoying.
Appreciate your help.
regards
deven
Hello all
How can I block opening any page related to Teamviwer using Symantec firewall?
*.teamviewer.com from any app (IE, Edge, Chrome, etc)
I have already tried creating a special rule but it is not working
Thanks
Hello,
we have an environment with around 600 Domains in our SEPM. At the moment we do the update package asignment manual within each domain to each group who has clients.
Is there a way to assign the "latest" client packackes 32/64 bit to the group with the SEPM api? I'm not able to find somenthing in the documentation.
Thanks!
Kind Regards
Andreas
Hi
I have several sites with of this problem. After upgrade to 14.2 RU1 MP1 clients unable to update Virus and Spyware Definitions from managment server. The client can update with live update.
Client system logs show this:
An update for Virus and Spyware Definitions SDS Win32 failed to install. Error: Content patching failure (0xE0010005), DuResult: Success (0). (repeate many times)
and also some logs like this:
New content update failed to download from the management server. Remote file path: https://SEPM-Server:443/content/{1A79EE79-891B-4CB6-9A00-8D07FC6BF1FF}/190914002/Full.zip
New content update failed to download from the management server. Remote file path: https://SEPM-Server:443/content/TempCache/{1A79EE79-891B-4CB6-9A00-8D07FC6BF1FF}/190904007/xdelta190904007_To_190910020.dax
New content update failed to download from the management server. Remote file path: https://SEPM-Server:443/content/{EDBD3BD0-8395-4d4d-BAC9-19DD32EF4758}/190910002/xdelta190910002_To_190911002.dax
New content update failed to download from the management server. Remote file path: https://SEPM-Server:443/content/{810D5A61-809F-49c2-BD75-177F0647D2BA}/190910052/xdelta190910052_To_190910056.dax
Does anyone else face this problem? How can I solve it?
Dear all,
The client disappeared in this column,
anyone have this issue before???
should Ii restore the certificate first?
Good evening,
I have been trying to figure this one out all day. We are a small company with a dozen or so computers regularly hitting the main server with all of our data on it via mapped network drives. This has been working pretty much fine as long as I can remember being here (5 years almost) and we have an old version of Symantec Endpoint on the server, 12.1.4xxx.
Today I rebooted the server after personally being effected by trying to open a large excel sheet (database work is my main task) and it would just hang and eventually ive me an error about the application was waiting and fail. Other users were seeing just slow movement around the network, folders taking 5-30 seconds to open.
I found that if I turned off Endpoint entirely the problem goes away company wide. I personally tried opening my excel sheet on one monitor and on the other I turned off Endpoint on the server and my file stopped hanging and immediately opened. I tried again but this time only turned off the Network Threat Protection portion of Endpoint. Then finally tried again by only re-enabling Network Instrustion Protection and Browser Intrustion Prevention (leaving only the Firewall disbaled) and it continues to work just fine, the minute I turn the firewall back on, it dies again.
Anybody seen this before? I do not use Endpoint much, I inherited this when I Took the job as database manager, I was able to get into the primitive web console to try a few things out but nothing worked. I figured it might be a logging thing, like the logs are full type of deal? But could not figure out how to clear them, the only reason I Thought that is because of the fact that I don't change anything much on the server , especially with Endpoint, the only thing constantly changing is logs.
Any advice would be appreciative. I do not know what would cause this all of a sudden, it's quite strange that's for sure.
I did notice under Network Threat Protection there is "Definitions" that updated Sept 13, 2019 (friday) and says r61 after it, is there a way to roll whatever that is back and test?
Thanks for any help
We need to validate if the below details are a legitimate file or not. This was detected by Cynet. If anyone does know we would appreciate your help on what does the below details do
Details are as follows:
Thank you! |
My customer have 3 problem
1. Enpoint cannot connect to Symantec console if they're not join domain.
2. How to know which device installed Symantec EP it has licensed or not
3. Which open ports Firewall for connect to Symantec Console - Joined Domain and Not join Domain
Thanks for your support
Hi Guys,
When I trying to install SEP client using pushing from SEPM with appremover for existing 3rd party antiviruses, the jave is uninstalled also which causes issues since the users are using oracle application on thier PCs, any one facing the same issue? is there any solution?
We have multiple exception policies setup in SEPM 14.2, is there an easy way to export all exception policies using a tool? Does the API support exporting exception policies?
So I got a trial for SEP 15 to try on my PC for our organization. Did all of the tasks and imported the .dat files from SEPM. Once I download the package shown in the snip, however, it just installs the SEP 14.2 client. Cloud management panel it says it has 15, but the client still says 14.
Is this normal?
Have SEPM syncing to AD and I see my main OU with computers and everything broken down - laptops, desktops, servers. Each of those have different deployments and different policies. There are a decent number of machines that need SEP installed.....and they show up in the Clients list as never checked in, or just no information in general.
Is there an easy way to deploy a certain deployment to those machines? If I go to Install a client, I need to search. I thought there might be an easy way to get those machines that need SEP deployed.
Appreciate any insight.
14.2 MP1 4814
Random applications and processes trying to access the network. I block them all ofc, but other processes keep popping up. I get new firewall notifications 10-15 times a day.
Its not just the apps I installed, but Windows processes as well: notepad, explorer, host, etc.
Full scan didn't find anything. Could you help me please?
Hi,
I've had a read of the KBs but I wondered if anyone can add some additional information to the process.
Currently all Win 10 (1903) PCs are enrolled to Symatec MDM as part of the SEP installation. I now want to move the PCs to Intune MDM, the KB article suggests that just disabling the MDM option in the SEP admin will unenroll the devices from the Symantec MDM automatically, is this right? does this work? Or is it best to manually un-enrol the devices, disconnect them from the Symantec MDM then enrol into Intune and then enrol back into SEP? Are there any gotcha's I need to look out for during this process?
Any advice, thoughts gratefully received.
Rob
Is there anyway we can re-direct Definition/Updates Log file to another drive/folder?'
I am migrating to a new server and about to install 14.2. Not sure if we can do the redirection during installation or after installaton?
Regard
Jawn
hi
The latest version for Symantec endpoint 14 is
| 14.2.1.1 (14.2 RU1 MP1) | 14.2.4814.1101 | August 20, 2019 |
Can i use the above version on-premises. this quesion here becouse when i access MySymantec under download i found two categories under Endpoint protection
first : SPS-EE ( whitch include the above version)
second: Symantec Endpoint Protection 14 On-Prem Managed ( latest version is Jun 14, 2018)