Quantcast
Channel: Symantec Connect - Products - Discussions
Viewing all 12029 articles
Browse latest View live

Pushing Installers Out to Clients - Says Success, Is NOT Showing Up on The Clients Tab

October 2, 2019, 1:55 pm
$
0
0
I need a solution

Hello, and whoever can give me a solution to this has my blessings.

Here is the current situation. My company is attempting to roll out Symantec Endpoint Protection V14.2 to our client machines. Currently, we do have another AV on those machines, but I can confirm that we can have those simultaneously (with intentions to uninstall the older AV obviously). 

I was given a list of devices to deploy to. I grab the correct installer, I select the text file I created with all of the computer names, they are recognized. I move them over to be deployed, it prepares for the install appropriately. 

Finally, I am ready to install. It hangs at 0 percent for a very long time (assuming that is just SEP working its magic behind the scenes). Then one by one, the clients pop up as a "success". Great!

I click on the clients tab to search for these, because I would like to verify that these have actually been rolled out. Sure enough, I search by computer name and a total of zero of the "success" computers show up.

Has anyone had this issue before? We have another whitelisting program, and I have ensured that the installer is approved. I checked the computers for anything that has been blocked. 

This has been a serious head scratcher, even for SEP support. If anyone knows how to remediate this issue, it would be greatly appreciated :)

0
Search

SEP clients connecting to telemetry URL of Symantec.

October 3, 2019, 1:30 am
$
0
0
I need a solution

I have mix of SEP client in my environmet statring from SEP 14.0 to SEP 14.2 RU1. Recently i saw connection to central.b6.crsi.symantec.com from different SEP client. As per article https://support.symantec.com/us/en/article.TECH253692.html & https://support.symantec.com/us/en/article.TECH162286.html need ot allow these for SEP 15.0 however my concern is I have disbaled live update on SEP clients, GUP & SEPM is providing all type of update to SEP clients. Do I still need to allow all these URLs at my internet firewall. 

0

How to use DoScan.exe to start a Symantec Endpoint Protection (SEP) client scan from a command-line in Asp.net c#

October 3, 2019, 5:33 am

Update/Install fails with error 1708

October 3, 2019, 7:44 am
$
0
0
I need a solution

The update/install of the Endpoint Protection client failes and rolls back.

=== Verbose logging started: 02.10.2019  13:09:57  Build type: SHIP UNICODE 5.00.10011.00  Calling process: C:\WINDOWS\system32\msiexec.exe ===

[snip]
[snip]

Property(S): MsiLogFileLocation = C:\Users\ADMINI~1\AppData\Local\Temp\SEP_INST.LOG
Property(S): PackageCode = {AF3439CE-A633-4C9B-99F8-C445A17B6BFE}
Property(S): ProductState = -1
Property(S): PackagecodeChanging = 1
Property(S): CURRENTDIRECTORY = C:\Users\ADMINI~1\AppData\Local\Temp\6c7ddeb3-d864-4dff-933c-eeab0db9690b
Property(S): CLIENTUILEVEL = 2
Property(S): CLIENTPROCESSID = 9564
Property(S): VersionDatabase = 200
Property(S): MsiSystemRebootPending = 1
Property(S): VersionMsi = 5.00
Property(S): VersionNT = 603
Property(S): WindowsBuild = 9600
Property(S): ServicePackLevel = 0
Property(S): ServicePackLevelMinor = 0
Property(S): MsiNTProductType = 1
Property(S): WindowsVolume = C:\
Property(S): System64Folder = C:\WINDOWS\system32\
Property(S): RemoteAdminTS = 1
Property(S): TempFolder = C:\Users\ADMINI~1\AppData\Local\Temp\
Property(S): ProgramFiles64Folder = C:\Program Files\
Property(S): CommonFiles64Folder = C:\Program Files\Common Files\
Property(S): AppDataFolder = C:\Users\administrator\AppData\Roaming\
Property(S): FavoritesFolder = C:\Users\administrator\Favorites\
Property(S): NetHoodFolder = C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts\
Property(S): PersonalFolder = C:\Users\administrator\Documents\
Property(S): PrintHoodFolder = C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\
Property(S): RecentFolder = C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Recent\
Property(S): SendToFolder = C:\Users\administrator\AppData\Roaming\Microsoft\Windows\SendTo\
Property(S): TemplateFolder = C:\ProgramData\Microsoft\Windows\Templates\
Property(S): LocalAppDataFolder = C:\Users\administrator\AppData\Local\
Property(S): MyPicturesFolder = C:\Users\administrator\Pictures\
Property(S): AdminToolsFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
Property(S): StartupFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Property(S): StartMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\
Property(S): FontsFolder = C:\WINDOWS\Fonts\
Property(S): GPTSupport = 1
Property(S): OLEAdvtSupport = 1
Property(S): ShellAdvtSupport = 1
Property(S): MsiAMD64 = 6
Property(S): Msix64 = 6
Property(S): Intel = 6
Property(S): PhysicalMemory = 8117
Property(S): VirtualMemory = 5853
Property(S): AdminUser = 1
Property(S): MsiTrueAdminUser = 1
Property(S): LogonUser = administrator
Property(S): UserSID = S-1-5-21-1910545008-2276187321-3739630811-500
Property(S): UserLanguageID = 3079
Property(S): ComputerName = TECHNIK09
Property(S): SystemLanguageID = 3079
Property(S): ScreenX = 1024
Property(S): ScreenY = 768
Property(S): CaptionHeight = 23
Property(S): BorderTop = 1
Property(S): BorderSide = 1
Property(S): TextHeight = 16
Property(S): TextInternalLeading = 3
Property(S): ColorBits = 32
Property(S): TTCSupport = 1
Property(S): Time = 13:10:18
Property(S): Date = 02.10.2019
Property(S): MsiNetAssemblySupport = 4.7.3056.0
Property(S): MsiWin32AssemblySupport = 6.3.17134.1
Property(S): RedirectedDllSupport = 2
Property(S): MsiRunningElevated = 1
Property(S): Privileged = 1
Property(S): USERNAME = Egger
Property(S): COMPANYNAME = Microsoft
Property(S): DATABASE = C:\WINDOWS\Installer\1160eed.msi
Property(S): OriginalDatabase = C:\Users\administrator\AppData\Local\Temp\6c7ddeb3-d864-4dff-933c-eeab0db9690b\Sep.msi
Property(S): UILevel = 3
Property(S): MsiUIHideCancel = 1
Property(S): ACTION = INSTALL
Property(S): BFEServiceRunning = 1
Property(S): SYMVERSIONNT64 = 1000
Property(S): EMBEDDEDSYSTEM = 0
Property(S): AlreadyElevated = 1
MSI (s) (C0:F0) [13:10:18:763]: Note: 1: 1708 
MSI (s) (C0:F0) [13:10:18:763]: Product: Symantec Endpoint Protection -- Installation operation failed.

MSI (s) (C0:F0) [13:10:18:764]: Das Produkt wurde durch Windows Installer installiert. Produktname: Symantec Endpoint Protection. Produktversion: 14.0.3929.1200. Produktsprache: 1033. Hersteller: Symantec Corporation. Erfolg- bzw. Fehlerstatus der Installation: 1603.

MSI (s) (C0:F0) [13:10:18:771]: Deferring clean up of packages/files, if any exist
MSI (s) (C0:F0) [13:10:18:771]: MainEngineThread is returning 1603
MSI (s) (C0:44) [13:10:18:771]: Calling SRSetRestorePoint API. dwRestorePtType: 13, dwEventType: 103, llSequenceNumber: 11, szDescription: "".
MSI (s) (C0:44) [13:10:18:772]: The call to SRSetRestorePoint API succeeded. Returned status: 0.
=== Logging stopped: 02.10.2019  13:10:18 ===
MSI (s) (C0:44) [13:10:18:773]: User policy value 'DisableRollback' is 0
MSI (s) (C0:44) [13:10:18:773]: Machine policy value 'DisableRollback' is 0
MSI (s) (C0:44) [13:10:18:773]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (C0:44) [13:10:18:774]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 
MSI (s) (C0:44) [13:10:18:774]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 
MSI (s) (C0:44) [13:10:18:774]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied.  Counter after decrement: -1
MSI (s) (C0:44) [13:10:18:774]: Destroying RemoteAPI object.
MSI (s) (C0:A0) [13:10:18:774]: Custom Action Manager thread ending.
MSI (c) (5C:90) [13:10:18:776]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied.  Counter after decrement: -1
MSI (c) (5C:90) [13:10:18:777]: MainEngineThread is returning 1603
=== Verbose logging stopped: 02.10.2019  13:10:18 ===
0

Citrix VDI appearing offline over console.

October 3, 2019, 7:59 am
$
0
0
I need a solution

Citrix VDI systems are appearing offline on SEPM console post cloning due to duplicate GUID. However all VDI’s are online over network and taking definition update regularly.

Followed all Symantec guidelines while cloning VDI's still showing offline.

0

Enrolled but can not see it

October 3, 2019, 11:37 am
$
0
0
I need a solution

Laptop is enrolled according to the dashboard but can't see/find Symantec on the laptop to undertake full scan etc..

any ideas?

0

Start Menu Freeze using SEP 14.2 RU1 MP1/build 14.2.4814.1101 on Windows 10 Build 1903

October 4, 2019, 12:05 pm
$
0
0
I need a solution

I am having an issue on a brand new Fujitsu Windows 10 1903 64- bit laptop with 64-bit SEP client version 14.2 RU1 MP1/build 14.2.4814.1101. The issue is that the Start menu, and any icons by the clock such as WiFi icon to connect to a WiFi network, volume, etc do nothing when clicked. Removing SEP resolves the issue, but it comes back after a reinstall of SEP.

  1. I see a new refresh build of 14.2 RU1 MP1, build 14.2.4815.1101 was released on 09/24. Do we know if the refresh 14.2 RU1 MP1/build 14.2.4815.1101 is available yet from My.Symantec? I want to try it just to see if the Fix ID: ESCRT-2418 that fixes an issue where certain programs (MMC.exe, RegEdit.exe, AD Console) won't open or Windows Updates will not install with 14.2.4814.1101 installed, will resolve my issue.
  2. There was a post opened of someone reporting my same issue with using 14.2 RU1 (not MP1), build 14.2.1031.0100, but it was locked without a resolution. Does anyone have any additional info regarding this issue?https://www.symantec.com/connect/forums/start-button-freezes-after-sep-142-installation
  3. I have another user reporting the same issue, but only when he RDPs onto a machine running the same versions.

Thanks!

0

Spyware and Risk

October 4, 2019, 9:44 pm
$
0
0
I need a solution

Hi Team,

Today on my scan report under Spyware and Risk it was showing  risk below are the details. Need help on this on urgently.

Risk Name: Sonar.susplaunch!g90 security Risk    Sethic.exe is cleaned/Blocked  

Regards,

Rajesh Vanapalli

0
Search

Collect information to generate Full report (Network Threat Protection)

October 5, 2019, 12:41 pm
$
0
0
I need a solution

Hi,

I am new and I have started using the SEPM API 14.2 to collect information and generate reports. So far, I have been able to collect enough information to generate a Computer Status Report.

My next step is to generate a report using the information for the Network Threat Protection - Full Report. However, I cannot get the information I need.

Using the following API:

/api/v1/stats/client/infection/{reportType}/{startTime}/to/{endTime}

I am able to collect some basic information but not all I need (attack, severity, etc) and only at a very high level aggregation - I need the information for each Group Id or host.

I am wondering if it is possible to get the information using the SEPM API or if there is any other way to get it from an API.

Thanks.

0

Convert basic protection for servers to full protection for clients

October 8, 2019, 2:39 am
$
0
0
I need a solution

Hi,

Someone wrongly installed basic protection for servers package for normal users. I now need to convert it to full protection for clients. How can I proceed?

0
1570528730

update from 14.2.4814.1101 to 14.2.4815.1101 or not ?

September 26, 2019, 5:36 am
$
0
0
I need a solution

hy,

i have a sepm and 120 clients with sep 14.2.4814.1101

i have not problems about this

do i update to 14.2.4815.1101 or not ? what is the best choice ?

0
1569510710

How to make Reporting with Symantec.

October 9, 2019, 7:28 am
$
0
0
I do not need a solution (just sharing information)

Hello,

I want us to write some reports about Symantec. The content of these reports is as follows;

Do you have blocked on the machines (file, exe, bat, etc ...). Preparing them weekly.

Default view with USB and CD-ROM enabled.

1 week Viewing systems that are offline weekly.

Reporting machines with virus definitions older than 3 days.

shaped.

There may be other correspondence, but I'm sorry. I'm new here and symantec. I would be very happy if you could support me on this.

Thank you very much to everyone in advance.

Regards,

0

How can groups threats comes as an email notifications

October 9, 2019, 7:31 am
$
0
0
I do not need a solution (just sharing information)

Hello,

I'm USING SYMANTEC ENDPOINT PROTECTION MANAGER 

I have been facing challengs that i have received alot of notifcations to my mail box, so what i want is to group together lets say 5 threats detection comes as one tofication.

Kindly assist to know.

0

how to stop Symantec Endpoint Protection Cloud service

October 9, 2019, 12:08 pm
$
0
0
I need a solution

Hi,

How can I stop the service Symantec Endpoint Protection Cloud ( SCS )

0

My Symantec and Support

October 10, 2019, 12:55 am
$
0
0
I need a solution

Hi,

Where can I download the updated software and where can I create a case? 

It seems Symantec updated the site.

Below site required the support ID - I only have serial number of my product.

https://mysymantec.force.com/

Thanks,

APK

0
Search

.dat files in Library/Application Support/Symantec/Antivirus on Mac

October 10, 2019, 8:22 am
$
0
0
I do not need a solution (just sharing information)

I'm a mac user and have been running low on disk space for a while. I recently found out most of the disk space was occupied by 'system files,' a huge part of which consisted of various .dat files under dozens of folders named after dates (e.g., "20171212,""20171121") in Library/Application Support/Symantec/Antivirus folder. 

My questions are, 

1) What are these files? 

Individiual .dat file names include "tcdefs,""viruscan,""hp,""hf,""tcscan," and some others. 

2) Is it safe to remove some of the older folders/files? This AntiVirus folder (under Library/Applciation Support/Symantec) is taking up more than a 100 GB space. 

I would much appreciate any advise/help! Thank you. 

0

Will Auto-Protect block a malicious file from being copied

October 10, 2019, 8:00 pm
$
0
0
I need a solution

Hi All,

I need help in identifying how Auto-Protect will treat a particular scenario. 

Say for instance I have a bunch of file shares that do not have any form of Anti-Virus software on them but I have Symantec Endpoint Protection on my computer in an enterprise environment.

I conduct the following scenarios,

- I connect a external storage device to my machine and copy a file from the external storage directly to the unprotected file share.

- I'm browsing the internet and download a file directly from the internet to a fileshare. 

During both of these scenarios I'm connected to the corporate network. 

Now if the file in both scenarios happens to be of malicious nature, will it be blocked? 

https://support.symantec.com/us/en/article.tech94990.html states that,

" File System Auto-Protect is a type of ongoing or background scan that provides real-time protection for files on your computer. Whenever you access, copy, save, move, open, or close a file, Auto-Protect scans it to ensure that a threat or security risk is not present."

In these scenarios, the file is not being copied to the local machine and as far as im aware, no temporary files are created, so will SEP block/treat this action? 

Thank you guys.

0

start date license symantec end point change when renewal

October 11, 2019, 8:03 pm
$
0
0
I need a solution

Hi all.

     Please help. the license symantec end point start date wil be change because the purchase is license 3 year old, starting 06 sep 2019 and expire on 06 sep 2022,

*see picture symantec1.JPG

and has extend the license for 1 year to expire 06 sep 2023,

*see picture symantec2.JPG

     but when activate license on symantec end point.   I found that the start date is 06 sep 2022 and expire 06 sep 2023, why start day is not 06 sep 2019 and expire 06 sep 2023.

*see picture symantec3.JPG

     Ps. This year in picture show is thai year (buddhist)

Thank.

0

Migrating from 14.x (on premise) to 15 (cloud)

October 14, 2019, 12:58 am
$
0
0
I need a solution

Hi to everyone.

I am little bit confused regarding what is the best way to move from on prem SEPM to cloud.

We have a 14.2 SEPM installation and most of our endpoints runs 14.1 or 14.2 agents.

We need to 2 things:

1. to be able to download updates from a local (LU or SEPM) server (because utilizing bandwidth everyday to update 500+ agents is not acceptable and also there are servers that do not have internet access)

2. to be able to upload events and logs to a local server and then to cloud

As far as I understand, there is no GUP functionality as we speak.

Question 1: If we go forward with a clean configuration in the Cloud console, we have to create multiple system policies for each site for the different LU sever, in order to achieve LU update from on premises server. I am correct?

Question 2: If we go forward with a clean configuration in the Cloud console, is there a way to sync with on prem AD (like the integration that exists in the on prem SEPM) or the only option is to re-create all groups from scratch?

Question 3: If we create a hybrid setup an continue to manage the endpoints from the local SEPM, is there the possibility to manage our laptops from the Cloud and all the rest from SEPM?

Question 4: SEP agent 15 is supported from SEPM 14.2?

Question 5: In hybrid setup, is there the possibility that a laptop is manages, updates etc from the SEPM and when it is out of the enterprise network to get managed, updated etc from the Cloud?

Question 6: What is effect, policy-wised, to migrate policies from SEPM to Cloud?

I know I ask for lots of information but those are basic questions that I do not seem to get answers from the documentation.

Thanks in advance,

George

0

Is Symantec aware of the Team Viewer Compromise(ATP41) ?

October 13, 2019, 6:21 am
Viewing all 12029 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>