Dear Everyone,

I would like to ask help on how can I achieve correct SEP firewall policy which will prevent clients to report to the other SEP manager in our other sites. Out current setup is 1 SEPM each site and no replication. All sites are connected via MPLS.

We're using custom port for client server communication.

Thank you for those who responded.

Greetings,

We have remote locations that use Vonage for their phone systems, and SEP keeps blocking the update to the Vonage software. Anybody else seen this? I know there were issues with SEP blocking MS updates.

Cheers

I have a client that has old settings of installation Endpoint Protection 12.1.6607.6300 and i cant installl any other antivirus, please sent me the cleanwipe or a procedure to remove it. Server and other clients in my network are uninstalled full.

Hello,

Is it possible within SEPM to get an email alert anytime a specific .dll is quarantined on any machine? If you are in agreement about utilizing "Notification Condition" feature of SEPM for this, where exactly would I put the dll name under :risk name"? and Action taken would be "quarantined?"

Hello,

Is it possible within SEPM to get an email alert anytime a specific .dll is quarantined on any machine? If you are in agreement about utilizing "Notification Condition" feature of SEPM for this, where exactly would I put the dll name under :risk name"? and Action taken would be "quarantined?"

We have a Windows 2012 R2 server running Symantec Endpoint Protection 14.2.53.23.2000. Same behavior I am reporting was also observed with ver 14.0.3876.1100

We have a backup appliance Rubrik on version 5.2 that archives virtual machines fine to the above server fine. It is when we attempt to write a virtual machine tape, using Qstar software we run into a problem. The job keeps restarting.

If we disable Symantec the jobs fails. If we put exceptions in place for the Qstar directories the job fails too.

If we remove Symantec the job completes.

How do we go about troubleshooting this type of scenerio? Rubrik and Qstar believe Symantec is the cause.

Thanks!

Will SEP still be supported after the merger? Newer versions, newer definitions?

If not, when is the cut off?

Hi everyone,

We are using SEP 14.2 on our company and i wondered if it is possible to run smc -stop from a PoweShell/CMD command line and insert somehow automatically the password for stopping the service?

Besides the password, there is an "Are you sure?" dialog box while trying to stop the service. I think our problem is there...

This is for script proposals.

Thanks.

Hello all,

we still have issues with the new SEP client and the Windows Security Center after updating to the newest SEP version on some clients. The Security Center shows that Symantec is not started on some clients. Does anyone know how to fix that issue because its unsettle our users and some applications on our clients only starts when the Windows Security Center shows a "green" status.

I added some screenshots of the issue, unfortunately the Windows is a german one but it shows how the Security Center looks like on that clients.

Thank you!

Hi There,

Our environment is running on 14.2 build 1031 , All of the suddent all the desktops status shows offline though our servers are onnline  and still can report.

From Desktop we are able to telent the port even I can see the server side the connection established in netstat.But at client sidet its showing timeout was reached.

can any one help here .

Note- All servers in server farm can still able to connect the SMC only desktops were impacted .

https:///secars/secars.dll?hello,secars - servers status give ok

but client status show not available

Dear All,

We are currently working in a project where we need to deploy, Centralized AV update to 50 Servers (winSvr 2012) and 20 Workstation (Win8). Our current architecture as below;

L3 network (no internet access): Client Server and Workstations n

L3 network (no internet access): SEPM 

L3.5 DMZ (no internet access) : No SEPM instance

L4 (business netwrk with internet connection): SEPM 

 We need your help to advice the best practice and any sample architecture on how to deploy centralize AV update from L4 down to L3 clients. 

Regars,

Naragas

Hi,

I know Symantec has release the following workaround - https://support.symantec.com/us/en/article.tech256047.html - for the Google Chrome 78/79 'Aw Snap...' issue.

I also noticed that SEP 14.2 RU2 was released on November 12, 2019, and the release notes don't mention this issue been fixed.

When does SEP plan to address this issue?

Thanks

How to get log of Symantec SEP Manager and parse them with grok?

I was tried to parse them with grok but without success.

Someone know how to do it ?

Hello,

I wanted to update my Symantec 14 to 14.2 RU2. The starting version was 14.0.1 becaue I'm using Windows 10 64bit. I successively updated to newer versions which was successful till version 14.2.1.1 (14.2 RU1 MP1)  14.2.4814.1101 but when I run the patch to update to the newest version, hence, 14.2.2.0 (14.2 RU2) 14.2.5323.2000, it doesn't work. The SEP_INST_PATCH.log shows the following output:

01/09 09:04:49.949 [ec]  SymDelta FileVersion: 14.0.0.0
 Log initialized: LogLevel=4 Log, Size=2097152, RotationCount=2
01/09 09:04:49.965 [ec]  (SymDelta::CSymDelta::invokeUnzip)  Inflating...\\?\C:\Users\xxx\AppData\Local\Temp\pft34D4.tmp\Patch.dax
01/09 09:04:50.684 [ec]  (SymDelta::CSymDelta::invokeUnzip)     UnZipTask took (milliseconds): 703
01/09 09:04:50.684 [ec]  (SymDelta::CSymDelta::PerformApplyDelta) Performing [ XDELTA3 - Apply Delta ]
01/09 09:04:50.699 [ec]  (SymDelta::CXDeltaTool::Apply) Dir: \\?\C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4814.1101.105\Data\Cached Installs
01/09 09:04:50.699 [ec]  (ApplyPackage) Apply package command line: "DummyXdeltaPath" -d -s %src% %patch% %out%
01/09 09:04:50.699 [121fc]  (LaunchXDeltaInternalAndWait) Launching: "DummyXdeltaPath" -d -s "\\?\C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4814.1101.105\Data\Cached Installs\Setup.exe""C:\Users\xxx\AppData\Local\Temp\SymDelta_65416\Patch.dax.tmp\Setup.exe.DIFF""\\?\C:\Users\xxx\AppData\Local\Temp\pft34D4.tmp\SmcLU\Setup.exe":
01/09 09:04:50.746 [121fc]  (LaunchXDeltaInternalAndWait) Launching: "DummyXdeltaPath" -d -s "\\?\C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4814.1101.105\Data\Cached Installs\dcsagent.cab""C:\Users\xxx\AppData\Local\Temp\SymDelta_65416\Patch.dax.tmp\dcsagent.cab.DIFF""\\?\C:\Users\xxx\AppData\Local\Temp\pft34D4.tmp\SmcLU\dcsagent.cab":
01/09 09:04:50.949 [121fc]  (LaunchXDeltaInternalAndWait) Launching: "DummyXdeltaPath" -d -s "\\?\C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4814.1101.105\Data\Cached Installs\Sep64.msi""C:\Users\xxx\AppData\Local\Temp\SymDelta_65416\Patch.dax.tmp\Sep64.msi.DIFF""\\?\C:\Users\xxx\AppData\Local\Temp\pft34D4.tmp\SmcLU\Sep64.msi":
01/09 09:04:51.152 [121fc]  (CDeltaApplyThread::run) 74236 \\?\C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4814.1101.105\Data\Cached Installs\sep_NE.slf CRC match failed.
01/09 09:04:51.152 [ec]  (SymDelta::CXDeltaTool::Apply)     Return Code: 31
01/09 09:04:51.152 [ec]  (SymDelta::CSymDelta::processDirs) ApplyDelta Operation failed.

What's the problem?

I installed the SEPM consol, when I try to connect to the server a message displays to me "Failed to connect to the server"
 

and after this error if I close he SEPM console and re-open the Consol again it wont apear after execution  till I unistall and instal it again.

Hi all,

 Aforetime, Google released Update 78 for Chrome and since then it's seems to be broken for symantec endpoint protection users.

The problem is you can't load any pages, You will get "Aw, Snap" Error.

Anyone know a permanent solution?

My symantec endpoint protection version is 14 (14.0 RU1 MP1) build 3897

Hi

Does Symantec offer any similar service/product to Trends Virtual Patching? 

Thanks

Hello - per the title, I have thus far been unable to get the SEP Intelligent Updater to install definitions for SEP.

This is the log I've received:

Tue Dec 31 04:10:51 2019 : ******************************************************************
Tue Dec 31 04:10:51 2019 :         Starting Intelligent Updater - Version 5.1.7.29
Tue Dec 31 04:10:51 2019 : ******************************************************************
Tue Dec 31 04:10:51 2019 : AUTH SYMSIGNED BEGIN: Started.
Tue Dec 31 04:10:51 2019 : AUTH SYMSIGNED CLASS3 BEGIN: Entering CriticalSection Initialization .
Tue Dec 31 04:10:51 2019 : AUTH SYMSIGNED CLASS3: Finding code signing : TRUE.
Tue Dec 31 04:10:51 2019 : AUTH SYMSIGNED END: Finished processing. Returns TRUE
Tue Dec 31 04:10:51 2019 : IU RES SYMSIGNED SUCCESS: Successfully verified Symantec Signature for the iuResource DLL
Tue Dec 31 04:10:51 2019 : IU RES LOAD: Successfully loaded the resource file..
Tue Dec 31 04:10:51 2019 : CONFIG LOAD SUCCESS: Successfully loaded the configuration file: iuConfig.xml.
Tue Dec 31 04:10:51 2019 :     IU INFO: File-name : 20191230-002-Core3SDSv5i64.EXE
Tue Dec 31 04:10:51 2019 :     IU INFO: Creation-date : 20191230
Tue Dec 31 04:10:51 2019 : AUTH DLL LOCATION: IU will read the DLL SAVIUAuth location from registry.
Tue Dec 31 04:10:51 2019 : REG FAILURE: Failed while opening the key  from registry. Return code: 2
Tue Dec 31 04:10:51 2019 : REG SUCCESS: Success while opening key 
Tue Dec 31 04:10:51 2019 : REG SUCCESS: Succeeded while fetching the path from registry.
Tue Dec 31 04:10:51 2019 : AUTH DLL: DLL found for Entry number 0.
Tue Dec 31 04:10:51 2019 : Identified as 32-bit product installation. Continuing...
Tue Dec 31 04:10:51 2019 : IU MODE: IU is running is FULL mode.
Tue Dec 31 04:10:57 2019 : CONFIG LOAD SUCCESS: Successfully loaded the configuration file: iuConfig.xml.
Tue Dec 31 04:10:57 2019 :     IU INFO: File-name : 20191230-002-Core3SDSv5i64.EXE
Tue Dec 31 04:10:57 2019 :     IU INFO: Creation-date : 20191230
Tue Dec 31 04:10:57 2019 : PROCESSING ENTRY: VIRSCAN.zip - Virus Definitions
Tue Dec 31 04:10:57 2019 : Entry details:
Tue Dec 31 04:10:57 2019 :     Update-File:             VIRSCAN.zip
Tue Dec 31 04:10:57 2019 :     Update-Desc:             Virus Definitions
Tue Dec 31 04:10:57 2019 :     Auth DLL Name:             SAVIUAuth
Tue Dec 31 04:10:57 2019 :     Auth DLL Location:         local
Tue Dec 31 04:10:57 2019 :     Auth Content-Type:         virus definitions core 3 sds x64
Tue Dec 31 04:10:57 2019 :     Deploy Content-Type:         virus definitions core 3 sds x64
Tue Dec 31 04:10:57 2019 :     Deploy DLL Name:         SAVIUDeploy
Tue Dec 31 04:10:57 2019 :     Deploy DLL Location:         local
Tue Dec 31 04:10:57 2019 : AUTH DLL LOCATION: IU will read the DLL location from registry - SAVIUAuth
Tue Dec 31 04:10:57 2019 : REG SUCCESS: Success while opening key 
Tue Dec 31 04:10:57 2019 : REG SUCCESS: Succeeded while fetching the path from registry.
Tue Dec 31 04:10:57 2019 : DEPLOY DLL LOCATION: IU will read the DLL location from registry - SAVIUDeploy
Tue Dec 31 04:10:57 2019 : REG SUCCESS: Success while opening key 
Tue Dec 31 04:10:57 2019 : REG SUCCESS: Succeeded while fetching the path from registry.
Tue Dec 31 04:10:57 2019 : AUTH SYMSIGNED BEGIN: Started.
Tue Dec 31 04:10:57 2019 : AUTH SYMSIGNED CLASS3 BEGIN: Entering CriticalSection Initialization .
Tue Dec 31 04:10:57 2019 : AUTH SYMSIGNED CLASS3: Finding code signing : TRUE.
Tue Dec 31 04:10:57 2019 : AUTH SYMSIGNED END: Finished processing. Returns TRUE
Tue Dec 31 04:10:57 2019 : AUTH SYMSIGNED SUCCESS: Successfully verified Symantec Signature for the authorization dll C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5323.2000.105\Bin\LuAuth.dll
Tue Dec 31 04:10:57 2019 : AUTH LOAD SUCCESS: Successfully loaded the authorization dll - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5323.2000.105\Bin\LuAuth.dll
Tue Dec 31 04:10:57 2019 : AUTH SYMSIGNED BEGIN: Started.
Tue Dec 31 04:10:57 2019 : AUTH SYMSIGNED CLASS3 BEGIN: Entering CriticalSection Initialization .
Tue Dec 31 04:10:57 2019 : AUTH SYMSIGNED CLASS3: Finding code signing : TRUE.
Tue Dec 31 04:10:57 2019 : AUTH SYMSIGNED END: Finished processing. Returns TRUE
Tue Dec 31 04:10:57 2019 : DEPLOY SYMSIGNED SUCCESS: Successfully verified Symantec Signature for the deployment dll C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5323.2000.105\Bin\LueEim.dll
Tue Dec 31 04:10:57 2019 : DEPLOY LOAD SUCCESS: Successfully loaded the deployment dll - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5323.2000.105\Bin\LueEim.dll
Tue Dec 31 04:10:58 2019 : AUTHORIZATION FAILED: VIRSCAN.zip is not authorized for deployment. Error code : 104
Tue Dec 31 04:10:58 2019 : IGNORE ENTRY: Ignoring entry for VIRSCAN.zip because it is not authorized for deployment
Tue Dec 31 04:10:58 2019 : Cleaning up the AuthorizationEngine
Tue Dec 31 04:10:58 2019 : After release
Tue Dec 31 04:10:58 2019 : Done cleaning up authorization engine
Tue Dec 31 04:10:58 2019 : PROCESSING ENTRY: VIRSCAN.zip - Virus Definitions
Tue Dec 31 04:10:58 2019 : Entry details:
Tue Dec 31 04:10:58 2019 :     Update-File:             VIRSCAN.zip
Tue Dec 31 04:10:58 2019 :     Update-Desc:             Virus Definitions
Tue Dec 31 04:10:58 2019 :     Auth DLL Name:             ISAuthDLL
Tue Dec 31 04:10:58 2019 :     Auth DLL Location:         local
Tue Dec 31 04:10:58 2019 :     Auth Content-Type:         virus definitions core 3 sds x64
Tue Dec 31 04:10:58 2019 :     Deploy Content-Type:         virus definitions core 3 sds x64
Tue Dec 31 04:10:58 2019 :     Deploy DLL Name:         ISDeployDLL
Tue Dec 31 04:10:58 2019 :     Deploy DLL Location:         local
Tue Dec 31 04:10:58 2019 : AUTH DLL LOCATION: IU will read the DLL location from registry - ISAuthDLL
Tue Dec 31 04:10:58 2019 : REG SUCCESS: Success while opening key 
Tue Dec 31 04:10:58 2019 : REG FAILURE: Failed while fetching the path from registry.
Tue Dec 31 04:10:58 2019 : DEPLOY DLL LOCATION: IU will read the DLL location from registry - ISDeployDLL
Tue Dec 31 04:10:58 2019 : REG SUCCESS: Success while opening key 
Tue Dec 31 04:10:58 2019 : REG FAILURE: Failed while fetching the path from registry.
Tue Dec 31 04:10:58 2019 : IGNORE ENTRY: Ignoring entry for VIRSCAN.zip because of registry read failure. Error occurred while reading the path for the Authorization DLL from the registry.
Tue Dec 31 04:10:58 2019 : The product corresponding to this entry in iuconfig.xml is not installed on the system.
Tue Dec 31 04:10:58 2019 : PROCESSING ENTRY: VIRSCAN.zip - Virus Definitions
Tue Dec 31 04:10:58 2019 : Entry details:
Tue Dec 31 04:10:58 2019 :     Update-File:             VIRSCAN.zip
Tue Dec 31 04:10:58 2019 :     Update-Desc:             Virus Definitions
Tue Dec 31 04:10:58 2019 :     Auth DLL Name:             Norton X64 AuthDLL
Tue Dec 31 04:10:58 2019 :     Auth DLL Location:         local
Tue Dec 31 04:10:58 2019 :     Auth Content-Type:         SDSDefs
Tue Dec 31 04:10:58 2019 :     Deploy Content-Type:         SDSDefs
Tue Dec 31 04:10:58 2019 :     Deploy DLL Name:         Norton X64 DeployDLL
Tue Dec 31 04:10:58 2019 :     Deploy DLL Location:         local
Tue Dec 31 04:10:58 2019 : AUTH DLL LOCATION: IU will read the DLL location from registry - Norton X64 AuthDLL
Tue Dec 31 04:10:58 2019 : REG SUCCESS: Success while opening key 
Tue Dec 31 04:10:58 2019 : REG FAILURE: Failed while fetching the path from registry.
Tue Dec 31 04:10:58 2019 : DEPLOY DLL LOCATION: IU will read the DLL location from registry - Norton X64 DeployDLL
Tue Dec 31 04:10:58 2019 : REG SUCCESS: Success while opening key 
Tue Dec 31 04:10:58 2019 : REG FAILURE: Failed while fetching the path from registry.
Tue Dec 31 04:10:58 2019 : IGNORE ENTRY: Ignoring entry for VIRSCAN.zip because of registry read failure. Error occurred while reading the path for the Authorization DLL from the registry.
Tue Dec 31 04:10:58 2019 : The product corresponding to this entry in iuconfig.xml is not installed on the system.
Tue Dec 31 04:11:25 2019 : Done with IU Operations

Both SEP and the Intelligent Updater are of the newest version (14.2 RU2 build 5323 and 20191229-003-core3sdsv5i64 respectively) and I had used LiveUpdate prior to opening the Intelligent Updater.

While I realise that it's probably unnecessary to use the IU when the SEP has access to LiveUpdate, my current setup will not have internet connection after commissioning and would not be able to update definitions the same way. Is that the only way in which the IU can be used? Is my current error due to having already updated definitions? 

Many thanks for your time.

Dear All,

We are currently working in a project where we need to deploy, Centralized AV update to 50 Servers (winSvr 2012) and 20 Workstation (Win8). Our current architecture as below;

L3 network (no internet access): Client Server and Workstations n

L3 network (no internet access): SEPM 

L3.5 DMZ (no internet access) : No SEPM instance

L4 (business netwrk with internet connection): SEPM 

 We need your help to advice the best practice and any sample architecture on how to deploy centralize AV update from L4 down to L3 clients. 

Regars,

Naragas

Hi,

I know Symantec has release the following workaround - https://support.symantec.com/us/en/article.tech256047.html - for the Google Chrome 78/79 'Aw Snap...' issue.

I also noticed that SEP 14.2 RU2 was released on November 12, 2019, and the release notes don't mention this issue been fixed.

When does SEP plan to address this issue?

Thanks