I have installed SEP 14.2.RU1MP1, Set a policy to get update from SEPM or Internet. When i click on Liveupdate on the SEP Client. it tries to connect to internet and fails.
The Client host does not have internet. But the SEP client is connected with SEPM and able to ping the SEPM server. But not getting the definition.
Ran a CleanWipe Tool and installed it, it was good for a week and still got the same Definition update iissue.
Hi,
I would like to know how to preapre SEP 14 client for VDI desktop.
Since all VDI desktops will be deployed from Golden image I have prepared.
If I pre-installed SEP client in Golden image, will all deployed VDI desktop encountered ID duplication issue ?
If yes, how can I prepare SEP client for Golden image ? I don't want to install for each VDI desktop.
Thanks
Prior to updating to 10.15.2 on a users computer 14.2 RU2 worked fine. After the update SEP would no longer open. I had them run a removal and tried a reinstall but still seem to be running into issues during the install. I've attached a doc with some of the info regarding the error.
Was there supposed to be a 14.2 RU2 refresh by chance for 10.15.2 or is it supposed to continue working with the new iteration of Catalina.
Any feedback would be helpful.
Hi All,
Is there any impact if we change the default admin accounts user name in SEPM console?
Could someone tell me why a device we have on our network reconnects automatically when I run the smc.exe -stop command in a cmd window?
When I issue the command, I quickly hover over the client in the system tray and the green dot disappears and within about 3 or 4 seconds, it automatically turns itself back on again. I don't want this to happen. When I issue the -stop command, I need it to stop and unload the client.
Also it's not picking up the latest policy even though it's in the correct OU. I've moved it out of the group and back in again and it's not picking up the policy.
I know I entered version 12.1 as our current version and yes, I know you're going to tell me to upgrade to the latest verison but in this circumstance I cannot do this on such a mission-critical platform.
What setting in 12.1 do I have to set to STOP it from reconnecting automatically?
I have been able to connect to my SEPM API using Postman, however when I try to access anything else I get this error:
{
"errorCode": "401",
"appErrorCode": "",
"errorMessage": "The user is not authorized to access this resource"
}I am using a full admin account to access the API.
I have looked at this documentation:
I cannot find anywhere to give a user permission to access specific APIs. Is there a setting in the SEP Management Console that I'm missing?
Hi,
Recently we are having issue with SEPM portal slowness.
we have done root cause analysis and we have find that we have enought 16GB of memory on windows server but Symantec Embedad Database using only 550MB. As per symantec guide line we have access database and we have check that maxcachsize is configured as 512MB. we have check with following command select property('MaxCacheSize');
But we are searching for the resolution that can upgrade the cache size.
Please help to resolve this issue.
Thanks
Shivang
Hi anyone,
After update from 14.2 RU1 to 14.2 RU2 (buil 5335) the the onnection to the LiveUpdate server failed via Proxy connection
This is urgent case, anyone can help?
Note: old version 14.2 RU1 liveupdate working fine with the same network enviroments.
Thanks in advance.
I have attached the capture liveupdate failure.
Good evening Everyone!
can anyone help me out here regarding SEP client communication settings, recently I hve just build new SEPM 14.2 on Win12R2 with enough HW resources, prioir we're using old SEPM 14.0,
Now I'm stuck here while moving existing SEP client from old server to new server, as we're here 500+ SEP clients are installed in office.
Solutions I have already tried:
- Manually replacing syslink ( it takes too much time)
- By adding New Server management list (but not succeed )
Regrads,
Ahsan
how the heck do I uninstall when It says contact the developer, but there is NO way to reach anyone!
We`ve been troubleshooting slow login and poor application performance on our Non Persistent VDI for a while now. App Volumes and Symantec Endpoint Protection 14.x doesn`t seem to like each other.
Without a SEP client installed everything is performing well and user experience feels like a persistent VDI. When SEP is installed including all obvious exceptions and even using the virtual image exception tool no significant change in performance is noticed. We`ve been testing all scenario`s disabling components of SEP. Only disabling "Application & Device Control" seems to improve login and application performance.
By accident we found out that SEP didn't work at all !! Everything looked fine from SEPM and SEP side.The SEP GUI indicated that there were no problems detected "Your computer is protected", but stopping and then starting the smc.exe resulted in a crash. It may seem that the service is running, but in reality the Symantec client has crashed see image below. The only way to start the SEP client was rebooting. We also saw that a simple EICAR test virus was not detected even when the SEP client was running and the GUI indicating that the computer was protected. Then we discovered that this behavior only occurs when an app stack is attached.
With the knowledge we had that this behavior only occurs when an app stack is attached, we added exceptions for Symantec in the snapvol.cfg of the App Stack. These exceptions have solved the problem that the client could be restarted/stopped and also a EICAR test virus was detected again.
Since Symantec is working now we see better startup times of thinapps in an app stack . Login times unfortunately not. We declared all the collected log files to be unreliable before the exceptions in snapvol.cfg, because the SEPclient did not work at all. And so we believe that specific non-persistent SEP policies and exceptions may not have worked at all. We collected a large set of logs and offered it to Symantec for a second review.
Another Interesting fact that is noticed by 'Scarlito' on the VMware forum (see link at the end of this post) is that this problem only appears after I applying Microsoft Security KB4056897 or later (and of course, with SEP agent installed and AppStacks mounted)
This means the problem is not only with SEP + AppVolumes, but SEP + AppVolumes + MS Updates (starting january 2018 and all the Intel security breaches fixes).
If I remove ANY ONE of these 3 elements, everything works well.
Until now, no Monthly security updates from Microsoft has solved anything.
These are the standard exceptions in the snapvol.cfg:
>
exclude_path=\ProgramData\Symantec
exclude_path=\Program Files\Symantec
exclude_path=\Program Files\Common Files\Symantec
exclude_path=\Program Files (x86)\Symantec
exclude_path=\Program Files (x86)\Common Files\Symantec
These are the custom exceptions we added to the snapvol.cfg:
Disclaimer: I would like to warn you and everyone else that this is at your own risk. On the other hand, without these exclusions the virus scanner probably didn't work at all !
For validation of these exceptions we opened a PR at VMware. Please report to VMware if you're facing the same problem.
>
# Custom Exclusion Symantec Performance Issues
exclude_registry=\REGISTRY\MACHINE\SOFTWARE\Symantec
exclude_registry=\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Symantec
exclude_registry=\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\BHDrvx64
exclude_registry=\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\eeCtrl
exclude_registry=\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\EraserUtilRebootDrv
exclude_registry=\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\IDSVia64
exclude_registry=\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SepMasterService
exclude_registry=\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SNAC
exclude_registry=\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SRTSP
exclude_registry=\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SRTSPX
exclude_registry=\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SyDvCrtl
exclude_registry=\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SymEFASI
exclude_registry=\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SymELAM
exclude_registry=\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SymEvent
exclude_registry=\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SymIRON
exclude_registry=\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SYMNETS
exclude_registry=\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SysMain
exclude_registry=\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SysPlant
exclude_registry=\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Teefer2
exclude_registry=\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Eventlog\Application\Symantec Antivirus
exclude_registry=\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Eventlog\Application\Symantec Endpoint Protection
exclude_registry=\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Eventlog\Application\Symantec Network Protection
exclude_registry=\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Eventlog\Application\Symantec WSS Traffic Redirection
exclude_registry=\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Eventlog\Symantec Endpoint Protection Client
exclude_path=\Program Files\Common Files\Symantec Shared
exclude_path=\Program Files (x86)\Common Files\Symantec Shared
exclude_process_name=ccSvcHst.exe
exclude_process_name=SmcGui.exe
exclude_process_name=SISIDSService.exe
exclude_process_name=SISIPSService.exe
exclude_process_name=SISIPSUtil.exe
exclude_process_name=sepWscSvc64.exe
>
This is the link of the topic we posted on the VMware forum.
https://communities.vmware.com/thread/617203
I'm curious if there are more people who have this problem. Hopefully this post has also made people aware of the fact that their security may not function without them noticing.
Currently we have cases for these problems ongoing at Symantec and Vmware
Hi,
I enrolled my SEPM to the cloud. Decided to apply my license. Have a case with Symantec since 21/10/19 because license appearing as invalid or expired though I have license till July 2020.
I need add exception for a folder. What are my options apart from unenrolling from the cloud? Is there a registry setting that can be changed so that I can get the option. Anyway to whitelist the folder for a specific device from the cloud.
Thanks to help!
Hello.
So, I have a couple of MACs running SEP, and recentrly I pushed newest update (14.2 RU2) for them.
This version adds support for OSX Catalina (10.15), and, as far as I can see, on Catalina everything is really fine.
But older OSX versions (10.13, 10.14) face a couple of troubles:
1. Random reboots. I don't know, how it is called in OSX terminology, but I mean black screen with white text "Your computer restarted because of a problem. Press a key or wait a few seconds to continue starting up."
2. Firewall notifications. At my SEPM server, my firewall policy for MACs have entry "Display a notification on the computer when the client blocks an application" disabled. But, ignoring this, users began to face notifications about different remote connections with buttons "allow" and "deny". The strangest part is the header of notifications - it says "Norton Security" :) Tested a bit, withdrawing firewall policy via SEPM prevents notifications from spawning.
Maybe anyone else faced these issues? Any ideas?
Hi,
We are running EPM 14.2 RU1 MP1 on Server 2008 R2 SP1 but when we recently tried to instlla the RU2, its observed that instllation is failed due to Error 2738: could not access VBScript run time for custom action
We tried to re register the VB Script but unsucessful, so need solution to get it done
So I am not exactly sure where to begin.
We have had the SEPM installed for years. I just recently started at my company and took over some of the IT duties that were orignally outsourced. I reached out to our management company (also our reseller) about obtaining updated software packages for the SEPM and my clients to upgrade their version. I was told that the license has moved and we need to be registered with our own account and that they started the process for me.
I receive the email confirmation for my account and attempt to access MySymantec for dowloads. I enter my support ID and it says that i have to wait for a Site Manager or Symantec Support Agent to approve my request. It has now been over 24 hours and I have not heard anything.
Chat bot is useless and it doesnt appear that any support agents are working or answering tickets, every place where it says to open a case or "call us" has broken links. I have my licsense number and a support ID but no way to get it registered or contact anyone for assistance.
Our organization have recently upgraded ASA to support new Cisco AnyConnect VPN Client ver. 4.8. During the upgrade host-scan module was upgraded to latest version as well (4.8).
Same time we are testing SEP client ver 14.2 RU2 for Mac to cover newest MacOS Catalina. In our test atfer upgrade SEP 14.2RU2 is no longer detected by the new host-scan module therfore not passing posture check and preveniting VPN connection to succeed. Same Windows SEP client is passing host-scan for Windows with no issues (same AnyConnect and host-scan version as Mac).
Is there anyone with same issue? Was this reprted to Cisco or Symantec? Is there a workaround?
Any help is appreciated.
We are considering converting to MAC desktops. Can anyone give feedback on SEP 14.2 support for MACs? Are all SEP features supported? How's the firewall support, etc?
Thanks,
Wally
Can anyone share their experience with SEP 15? How does it compare to the SEPM feature and functionality-wise?
Are there any security concerns using the cloud? We noticed some months ago in the license agreement that Symantec may collect passwords but not user ids. What's that all about? Anyone know what passwords Symantec is referring to?
ftp.symantec.com seems to be down.
Adress resolution not working for this domain worldwide (https://dnschecker.org/#A/ftp.symantec.com).
Did anyone got a notification that they will shutdown this ftp site?
We need this site to automatically download the latest intelligent updater files.
After I upgrade to SEP 14.2 RU2 client, then MS edge, Cortana (Windows 10).. can not open. However, like Chrome, firefox works fine. Even I rollback to my previous version, 14.0, the MS edge and Cortana also do not work. Before my upgrade to 14.2 RU2, they worked fine.
Also, I uninstall 14.2 RU2 client, the MS edge, Cortana works fine.
Any suggestion?