Good day,
Could someone please advise if it is possible to split in SEPM V14.x the push update into differant groups.
I have 6 * Servers (Windows Servers 2012/2016)
12 * Windows 10
I want to split the servers and clients to update the definition at differant intervals. If a definition is not correct, not to let all servers and clients fail at the same time.
I could not find a tech article regarding exceptions for Endpoint Protection in DLP. Can anyone help me on that?
We added an additional 5 device licenses to a customer who had 54 device licenses.
The new license pop up out of groups (Group: none). Groups are where we have all devices gathered, and attach appropriate policies. So what you say we should do, is have like 10 computers from Finance in one group, and 8 computers from Sales split in two groups, to fully use two licenses.
IT MAKES NO SENSE!
Another thing: When I look at a device, I cannot see who uses that device.
How do I find DESKTOP-2REBS2A without naming computers with the users name, or having a 3rd tool to match user and computer? The old on-prem Endpoint Protection could do this!
Offline Non-Persistent VDIs are not showing in Computer status report. We are able to see the offline NPVDIs on Dashboard but its not reflecting in Computer Status report. Please suggest.
Thanks
We are getting repeated SEP alerts from a client based on a temp file from Outlook and a file from a flash drive, both of which were deleted last week (flash drive isn't even in machine), but is triggering alerts every day. We have confirmed that the files are not on the host. A sample of the alert follows. Note the event date/time vs last updated time. We get multiple alerts per week from other machines with same config but have never seen this behavior before. We've run multiple full scans and reboots. Ideas?
2019-09-25 08:22:28,Virus found,IP Address: xxxxx,Computer name: xxxx,Intensive Protection Level: 0,Certificate issuer: ,Certificate signer: ,Certificate thumbprint: ,Signing timestamp: 0,Certificate serial number: ,Source: Auto-Protect scan,Risk name: ISB.Downloader!gen279,Occurrences: 1,C:\Users\xxxx\AppData\Local\Packages\oice_16_974fa576_32c1d314_1ab\AC\Temp\FB8C2FE1.doc,AP realtime deferred scanning,Actual action: Cleaned,Requested action: Cleaned,Secondary action: Quarantined,Event time: 2019-09-19 10:23:17,Inserted: 2019-09-19 10:27:41,End: 2019-09-19 10:23:18,Last update time: 2019-09-25 08:22:28,Domain: Default,Group: My Company\Client PCs\Windows Laptops,Server: symantec,User: xxx,Source computer: ,Source IP: ,Disposition: Bad,Download site: ,Web domain: ,Downloaded by: outlook.exe,Prevalence: Unknown,Confidence: This file is untrustworthy.,URL Tracking Status: On,,First Seen: Symantec has known about this file approximately 2 days.,Sensitivity: ,Not on the permitted application list,Application hash: 44193897B15E5B25ABD4FDAEC44923B9B44EEF2D49B330934BC47F91D6A82107,Hash type: SHA2,Company name: ,Application name: FB8C2FE1.doc,Application version: ,Application type: 127,File size (bytes): 327040,Category set: Malware,Category type: Heuristic Virus,Location: On Network
Hi,
Hope someone can help.
SEPM 14.2.1
Have rolled out Kingston Datalocker USB sticks across the estate.
Using Device control to lock down all USB sticks except these by device ID.
All is fine except for 3x machines.
Error - "DTLocker+ requires two free drive letters. One free drive letter is available at [sic] but an additional drive is not available"
On all 3 machines, there are at least 5 free letters available after the last physical drive.
Originally there wasn't (F and G were used) but I changed the mappings to ensure F to K are free.
If I remove SEP from the machines then the Datalocker works fine and launches the passphrase capture and assigns a free drive letter.
As soon as I put SEP back on, the error returns. - Again only on 3 machines though.
Have looked for cached drives, old MRU entries etc, but can't find anything that's stopping them working except for SEP.
Any ideas?
Thanks in advance.
Hello,
Please guide me on how to download Current Report of an agent communicating with Symantec.
Hello,
When I select the client's tab then my company, Then right click on the computers it is showing incorrect count. Please help me out how to check the Total number of Systems connected to Symantec.
Looking forward to your response.
hy,
i have a sepm and 120 clients with sep 14.2.4814.1101
i have not problems about this
do i update to 14.2.4815.1101 or not ? what is the best choice ?
Hello Team,
How to download Current online and offline report which users are connected to Symantec. Please guide me.
After upgrade to SEPM 14.2.1, we lost the ability to log in to the Management Console with AD authentication. This is a known issue:
https://support.symantec.com/us/en/article.tech251819.html
If you use AD authentication to log in to SEPM, MAKE SURE you have a working local administrator account before you perform the 14.2.1 upgrade. You will not be able to use your AD account on SEPM login page. You will have to be able to log in using a local admin account in order to fix the AD authentication problem:
Admin/Servers/Select management server below Local Site (My Site)/Edit the server properties/Directory Servers tab/Select a Directory Server and click Edit/Enter a FQDN in the "Server IP Address or Name" field - not just the hostname
I found that the IP address of a DC did not work for me, but a FQDN did.
Also, if you are running SEPM in a virtualized environment, create a snapshot of the server before attempting the 14.2.1 upgrade.
Dear admin,
Can you help check Symantec endpoint Protection have update worm Win32/Mofksys.NA!MTB, my company does exist this Worm and Symantec Endpoint Protection can not found this worm, but Windows Defender is ok. Pls help add it on Symantec Endpoint Protection. Thanks you
Since a week i see these events 400 in the application log:
Web Attack: Malicious Scan Request 2 attack blocked. Traffic has been blocked for this application: SYSTEM |
Since system is the windows kernel i worry what this could mean.
The symantec signature description doesn't bring any clarity, it only makes me worry more:
https://www.symantec.com/security_response/attacks...
Does somebody know what is happening here and if action is needed and what?
gr,
Ronald
Hi team!
I'm looking info to create a bootable USB or disk, in order to make a full scan on a server which we suspect is currently infected.
I was searching but I only find this info for older versions of SEP.
Thank you for all your help on this!
Hi,
I have customer with Endpoint Prevent detection is used only for confidential files, the question is, how to configure the policy to prevent the user from uploading these confidential document to be uploaded to gmail attachment or facebook, or any other public file hosting in the internet?
Thanks
Hello,
there are some things that I don't understand regarding the download protection feature.
On my environment there is the Basic Download Protection feature that is enabled but without Download Insight.
From what I saw on internet that this features allows: " Endpoint Protection the ability to track URLs " but I don't understand what is the capacity of Download protection without Download Insight ?
I saw that almost every client has a "Download Protection Content" out of date. What is this content used for ?
Best Regards,
Joris KIEFFEr
We are facing issue that client entries are showing as offline in SEPM & the under "properties" most of the fields are blank.
But, when checked locally on those machines, SEP clients show as Up-to-date & connected under "Server connection status " with very recent time stamp. Out of 650 odd windows VM's we have, around 15 VMs we are facing this issue.
The client & SEPM version = 14.2.1031.0100
Logged a support case and they as well suggested its due to clonning. But these were not built via clone process.
Hence, as suggested by support team we had deleted the offline entries and ran rebuild DB indexing.
This showed up no progress.
Hence, please some one have an idea of this issue please help, Thanks
Hello,
It seems that there is a false positive for chromium > 78.
Our defs are current 9/30/19 r18.
Can anyone confirm this false positive? Timeline for rapid release fix?
Thanks,
Antoine
Zip : https://storage.googleapis.com/chromium-browser-snapshots/Win_x64/701533/chrome-win.zip
Binarie : chrome.exe
Symantec Endpoint Protection Notification :
Scan type: Auto-Protect Scan
Event: Security Risk Found!
Security risk detected: WS.Reputation.1
File: xxxxx\chrome-win\chrome.exe
Location: Deleted or access blocked
Computer: xxxx
User: xxxx
Action taken: Leave Alone succeeded
Date found: mercredi 2 octobre 2019 08:33:27
Network and host settings, options, go to change settings, untick firewall and chrome works, but ticking it, can't use chrome.
Colleague also has same issue with Chrome and with FTP client, although our settings look the same.
Any ideas?
Is there a way to view through the console how often users are disabling their SEP firewall? We want to allow users to temporarily disable the firewall (to get online at hotels, etc.), but we're curious as to how often the feature is actually being used. We want to make sure it's used enough to make it worthwhile but not so much that it's being abused (we're only allowing 2 disables for 2 minutes each, so hard to abuse, but still...).
I've looked through all the monitors in the console and haven't come across anything. It is logged on the local SEP client's system logs, but doesn't seem to get transferred to the server.
Am I just missing it?
Thanks!