I need a solution
Hello everyone
Does anyone know how to generate a report which lists all users who have access to CD/USB based on exception?
Thanks
Roshan
0
↧
Custom Reports - Who has CD/USB access?
↧
The client will block traffic from IP address
I need a solution
The client will block traffic from IP address for the next 600 seconds, anything a MAC book connected to my network. It try to scan over 500 ports/host. any idea
0
↧
↧
Can't disable notification sounds in Windows 10.
I need a solution
Hi,
I'm strugling to disable notification sounds on managed clients.
Even if I disable sound for specific notification (for symatec service framworks) using windows notification and actions settings the the sound still persists.
Please see screenshot.
0
↧
Warning for potential attach - nothing in logs
I need a solution
Hi everyone,
i am having a problem with my clients. I recently got contacted by one of my colleagues that he got this message:
As i tried to examine the logs - all were empty on the client. The server did not even get the message from the client.
How exactly can this happen?
Best regards
Stephan
0
↧
Scannen von ISOs .img
I do not need a solution (just sharing information)
Hallo zusammen,
wir haben heute eine schadhafte Image-Datei erhalten, die Symantec nicht scannen konnte. Ist SEP nicht in der Lage in .ISO oder .IMG-Dateien hineinzuschauen?
Erst nachdem die Datei per ZIP entpackt wurde oder als Laufwerk verbunden wurde, konnte der Schadcode gefunden werden.
Haben wir eventuell unsere Richtlinien falsch angepasst?
MfG
FuGe
**
Today we received a damaged image file that Symantec was unable to scan. Is SEP unable to look into .ISO or .IMG files?
Only after the file was unzipped by ZIP or connected as a drive, the malicious code could be found.
Have we possibly misadapted our guidelines?
0
↧
↧
Script Tool to disable tampered protection
I need a solution
Is there a way to disable tampered protection for the endpoint client that does get the policy. A script or any tool how to disable tampered protection on remote computers.?
0
↧
SEPM 14.2 RU2 (14.2.5323.2000) Mac Agent Upgrade Broken?
I need a solution
Currently testing SEPM 14.2 RU2 (14.2.5323.2000) on a Macintosh with macOS Catalina(10.15). upgraded from macOS High-Sierra(10.13). It's definitely Broken...
- The device has macOS High-Sierra(10.13) installed (New out of the box Mac Air (3 separate test units)
- Installed SEPM 14.2 RU2 via the SEPM console upgrade assignment (previously 14.2 RU1-MP1 on each device), verified that SEPM is functional after the upgrade.
- Upgraded each device to macOS Catalina(10.15).
- SEPM 14.2 RU2 agent now shows that "System Extensions need authorization" and a "Fix" button is displayed.
- There's no extension available to be re-authorized.
I've opened up an incident with Symantec yesterday, I have yet to hear back after placing a followup call.
Is anyone else seeing a similar issue?
0
↧
Blocked msiexec.exe from accessing
I need a solution
Hello,
When I install the Microsoft Office update, the Symantec Endpoint Protection show "Blocked msiexec.exe from accessing", the update is failed.
Can I set something in SEPM to allow msiexec.msi from accessing?
0
↧
How to start Full Scan Using PowerShell.
I need a solution
Hi Team,
I want to know how can i start "Full Scan" using PowerShell Scripting. I performed the below scripting but its starting "Active Scan" which i can view in SEP Scan Logs, but i need to start "Full Scan".
$arg1 = '/c'
$arg2 = '/ScanAllDrives'
$logFile = '/LOGFILE="C:\Users\debojyoti.p\AppData\Local\Symantec\Symantec Endpoint Protection\Logs\test.log"'
Start-Job -ScriptBlock {& "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.3897.1101.105\Bin\DoScan.exe" $Args[0] $Args[1] $Args[2]} -ArgumentList $arg1, $arg2, $logFile}
I checked in command line where-in the switched are present only for "Active Scan".
Kindly help me to get the solution.
Thanks & Regards,
Debojyoti Paul.
0
↧
↧
Creating Secondary server
I need a solution
Hi I have on - premise SEPM at site A.
Site B is on other location
How to create secondary server at site B and connect to Site A
thanks
Madan
0
↧
Some way to automatize SEPM backups from a script?
I need a solution
Hello!,
Currently in SEPM 14.2.5323.2000 , do you have some script to automatize the execution of a full backup?
Any hint is welcome,
Thank you,
0
↧
Solution to repeat "Traffic has been blocked from this application: Host process for Windows Services (svchost.exe)"
I do not need a solution (just sharing information)
I surfferd this issue (or inconvenience) for a while.
Sometime, the Symantec Endpoint Protection client (14.0.RU1.MP2) installed on my computer poped up a warning message "Traffic has been blocked from this application: Host process for Windows Services (svchost.exe)" repeatly. After seveeal days, it disappeared. Suddenly it appeared again in some day.
My computer was in private network (172.21.0.0) and SEP client was managed by a centralized SEPM server. Everytime I checked the SEP traffic log in my computer and found, it usually pointed these alerts came from the SEPM firewall rule "Block uPnP Discovery" to block outgoing UDP traffice from my computer to remote UDP port 19000, after several successful "Allow UPnP Discovery from private IP addresses" records . I didn't understand why I enable "Allow UPnP Discovery from private IP addresses" but it didn't work well. didn't want to disable "Block uPnP Discovery" rule in risk and it didn't cause big problem, so I usually tolerated little inconvenices caused.
Ten days ago, I got news that SEP 15 was released. So I checked what's new is SEP15 and known issues are fixed here. https://support.symantec.com/us/en/article.howto12... . I noticed the issue# SEP-50901 on the page, it states " The default rule Allow UPnP Discovery from private IP addresses caused too many blocked events. ....".
An idean hit me that my issue might be same or similiar to issue# SEP-50901, so I took manual modification based on its instruction. After my Firewall policy modification and SEP client received the updated policy, the annoying messages didn't bother me anymore. YES, this solution not only applies to SEPv15 but also SEPv14
Instead of modifying "Allow UPnP Discovery from private IP addresses rule" directly, I copied and pasted it as duplicated policy. I renamed the duplicated policy and revised it, then make it active.
Below are actions you could take to to modify the Allow UPnP Discovery from private IP addresses rule:
Go to the Firewall policy, and under the Firewall Rules list, select the Allow UPnP Discovery from private IP addresses rule.
In the Edit Firewall Rule dialog box, select Hosts.
Edit each host entry so that the host type is Source.
Go to the Services page and change the existing default entry from Local/Remote to Source/Destination.
Remove 1900 from Source Port field and add 1900 to the Destination Port field.
Select Save> Submit.
Save the policy.
0
↧
SEP unmanaged client 14.2 RU1 MP1 will not upgrade to 14.2 RU2 (5323)
I need a solution
Hello,
I have always been able to upgrade 14.x unmanaged SEP clients to new versions using the client-only patches (Windows) downloaded from Symantec. Not so with 14.2 RU1 MP1 (build 4814). The upgrade to build 5323 always fails silently. Running SymDiag gives no helpful info. Even if I enable built-in Administrator account and enable Remote Registry service, client will not upgrade. I'm running Windows 10 Home x64 version 1909. Is this expected behavior?
Thanks.
0
↧
↧
A hardware change to the client computer has been detected
I need a solution
I've gotten more of these email alerts recently. Not a huge amount, just handful, but I haven't gotten many or any in the past I think. I googled a bit but I'm not finding anything interesting.
For the alerts I've gotten recently, three have been on virtual machines. For my VMs, settings are static, so the VMs don't change their hardware, MAC address, etc. that I'm aware of. A few more physical machines popped up with these hardware change alerts.
Any ideas on what they could be? Or can you point me to the log location (is that in the SEPM manager or the client machine's windows system event log?)?
0
↧
Block USB from unmanaged SEP client
I need a solution
I want to blovk USB devices on a Win10 machine via SEP 14.
I've Googled it, but all the answers I've found are via SEPM - this is a standalone machine. How can I achieve this through the SEP Client please?
0
↧
Uninstall Errors 1603 & 1622
I need a solution
I’m trying to uninstall Symantec Endpoint Protection on several of our machines using only the command prompt and not requiring any user input. This is the command I’ve been using:
wmic product where (name = “symantec endpoint protection”) call uninstallThis worked for the majority of the time, but some machines (~40) say that the method has completed, but return an error code and don't actually uninstall. They either return a 1603 or a 1622.
Here is a link to the error code meanings: https://cloudywindows.io/windowsinstallererrorcodes/
1603 Fatal error during installation
1622 Error opening installation log file. Verify that the specified log file location exists and is writable
The command prompt is elevated to SYSTEM, so it shouldn't be a permissions issue.
I've also tried doing this in PowerShell with similar results using this command:
(Get-WmiObject -Class Win32_Product -Filter "Name='Symantec Endpoint Protection'" -ComputerName COMPUTERNAME).Uninstall()Does anyone know what the issue is, or know of any Symantec uninstall utility that can be run from the command line? I'd like to not have to restart the computer and not require user input as well.
Thanks in advance!
0
↧
Symantec Endpoint services are getting stopped automatically after a certain interval
I need a solution
I have symantec endpoint protection client version 14.2.1031.0100 on windows server 2012 R2. It is a GUP server and I m getting the below error
Faulting application name: ccSvcHst.exe, version: 13.4.0.20, time stamp: 0x5b5a79c7
Faulting module name: ntdll.dll, version: 6.2.9200.22794, time stamp: 0x5cf92937
Exception code: 0xc0000005
Fault offset: 0x000505ab
Faulting process id: 0x1a90
Faulting application start time: 0x01d5a9aaf83657d0
Faulting application path: C:\Program Files (x86)\Symantec\14.2.1031.0100.105\Bin\ccSvcHst.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
and the symantec services are getting stopped after a certain time interval .
However when I restart the services it works normally for sometime.
0
↧
↧
SEP 14.2 RU2 Products - Rollbacks
I need a solution
I'm currently configuring our LiveUpdate Administrator to get SEP 14.2 RU2 Products. I noticed that there are new products in the SEP 14.2 RU2 Content Updates.
Client - Network Threat Protection (IPS) Rollback
Client - Virus Definitions SDS (Win32) Rollback
Client - Virus Definitions SDS (Win64) Rollback
etc.
Can someone provide more details regarding these products? I can't see any articles pertaining to these. Also, I'm saving space in our LUA Server's HDD so I avoid adding products that we are not using.
Thanks!
0
↧
Getting Zone ID Portal in "Downloaded by" section if risk log.
I do not need a solution (just sharing information)
We are trying to use the "Downloaded by" section in risk log to know from which source the infection is being downloaded. However many a times we see an entry stating "Zone ID portal". I wanted to know when does SEP display the same.
0
↧
SEP client showing as out-of-date
I need a solution
Hi, we were running SEP14.2 RU1MP1. The SEP Manager is running fine and is distributing updates to the SEP clients. The clients show that they are connected to the SEP Manager and are receiving updates and policies. The issue is that when you open the SEP client GUI, it says that the client is out of date. Virus and Spyware, PTP and NTP updates are all up-to-date. I have checked between the Endpoint client, SEP Manager, and from Symantec site. They are all the same with the latest definitions update versions. What can I check for? What is causing this issue? We do not even see the green dots on the SEP client icon as the client thinks that it is out-of-date. Note, it is happening on all the SEP clients. We have upgrared to SEP14.2RU2. The issue still exists.
Thanks in advanced, MabundaG
0
↧