Quantcast
Channel: Symantec Connect - Products - Discussions
Viewing all 12029 articles
Browse latest View live

Disable Scanning after Live Update on Unmanaged client

December 3, 2013, 8:33 pm
$
0
0
I need a solution

SEP unmanaged version 12.1:

 

This is a followup to a similar issue:

"The last two Windows 7 computers I have set up run multiple scans daily. This despite the fact that I disabled the active scan on startup and the scheduled active scan. When I review the virus and spyware scan log, I can see the scans that have been run. The only clue is "logged by" manual scan.

It appears to happen at various times, 3 times a day. I can assure nobody is running these scans manually. Please advise."

-----------------------------------------------------------

Note: Any unexpected scedules have been verified and deleted in the registry as per instructions. 

I understand that by default, once new definitions are loaded by Live update, SEP will automatically initiate one of the scheduled scans (if any exist). 

However, I would like to disable this behavoir on an unmanaged client. 

Since there is no checkbox available, is there a registry option for this behavior?

Thanks,

Search

Whether wake on lan is available in SEPM 12.x

December 3, 2013, 11:03 pm
$
0
0
I need a solution

Whether wake on lan is available in SEPM 12.x.

 

Wake on Lan: Manager should copy the definitions/policies to the shutdown machine's boot disk.

 

SCCM is having this feature.

add new site

December 4, 2013, 12:23 am
$
0
0
I need a solution

dear all

I have one site (default Local Site) and 500 client and 2 SEPM.

I decide to convert second SEPM to new site.

What I do for this?

If I install new site, client for this server connect automatically connect to new site???

Need help to solve a problem of appearing/disappearing machines.

December 4, 2013, 2:51 am
$
0
0
I need a solution

Hi,

I administer a network with more than 500 servers, with Windows 2000, 2003 and 2008. All machines has the 11.0.4242.75 version of Symantec Endpoint Protection.

Many machines have been installed from a cloned image of the operating system with sysprep, and the antivirus installed. Now, in the SEP Management console, some of the machines are missing, and when one machine updates its policy, appears in the console in place of other. For example, we have server1, server2, server3, all with the antivirus installed, the console shows just server2. We log into server1, update the policy, and in the console server2 dissapears and server1 appears. Then, update the policy in server3, and server1 dissappears and server3 appears.

How can we solve this problem? We have tried to uninstall the client and install again, and the problem persists. We have more than 50 servers affected.

Thank you

 

 

Denial of Service is logged

December 4, 2013, 3:09 am
$
0
0
I need a solution

Hello,

Having a user with sep client software version 11.0.5002.333.

The user get notices about Denial of Service (Traffic from IP address is blocked).

Any action that should be taken for this type of event?

SEP Time Stamp Issue

December 4, 2013, 6:16 am
$
0
0
I need a solution

Hi,

We are using SEPM 11.0.7 version,Currently we are facing issue with SEP time stamp issue.

We are pulling out the risk logs using RSA Envision 4.x version, Event create and End date is perfect but there is a mismatch in Event inseryt time.

 

Example : if we pull the yesterday risk logs it gives the report like

<ip> <system name> Event create date and time:04/12/13 12.xx.xx Event insert time : 04/12/2012 12.xx.xx Event end date:04/12/13 12.xx.xx

if you look at the above said example the create and end time stamp is 2013 and the insert time is 2012.

is this known issue with Symantec Endpoint Protection.

Looking forward promp solution.

Thanks in Advance.

 

 

 

SEPM upgrade hung?

December 4, 2013, 8:41 am
$
0
0
I need a solution

I'm in the process of upgrading to 12.1.4 and followed the upggrade document. Everything appeared to be fine and a box came up saying the files were successfully upgrade and to click Next to proceed to the database upgrade. I did click Next and waited and waited but nothing came up after roughly 15 minutes.I rebooted the server thinking this may help but still nothing. I'm stuck on how to proceed. I'm fairly new to this process and was hoping for community support before opening a ticket.

I was upgrading from 12.1.2. Server 2008 R2. x64.

Thanks!

LUA 2.3.2.99 download schedule constantly fails

December 4, 2013, 9:19 am
$
0
0
I need a solution

Hi,

I have a new installation of LUA v2.3.2.99 running on Windows Server 2012, along with SEP clients 12.1 RU2.

Everytime i have manually ran or scheduled the download task on the LUA, it fails at various stages, usually between 50-85%.  At the moment i have the download job set to run and grab all the Symantec Endpoint Protection v12.1 RU2 components.

I've tried clearing down all the download directories temp, program files, program data directories, but still the download fails.  I have noticed that LUA is trying to download near 5gb worth of data each time.  I can confirm that the LUA has access to the internet and i can access the Symantec Liveupdate URL's

Might also be worth noting that we have 2 LUA setups, one live and on backup on different sites, the download task has failed to complete on both sites.

I've tried looking through various other posts and the suggestions in them but with no luck.

Anyone else to bounce some idea's off, or were to look for clues to why it's constantly failing?

Thanks,

John

Search

symantec endpoint protection manager best practices for logs

December 4, 2013, 11:34 pm
$
0
0
I need a solution

HI

symantec endpoint protection manager best practices for client logs

 how we can save  more logs and report on Symantec endpoint protection manager

Symentec Endpoint : My computer hangs during 20 min after switch on

December 5, 2013, 12:35 am
$
0
0
I need a solution

Hello

 

Every day my computer hangs permore or less 20 minutes with HDD working at 100%. CPU usage is more or less 0%

If I stop symantec I can use my computer

Sometimes it is due to ccSvtHst.exe, somteimes it Smc.exe

See here under a screenshot of performance monitor, HDD is 100% :Cattura.PNG

Any idea?

My version of Symantec Endpoint:

Cattura2.PNG

Regards

To use Advanced Download Protection or SONAR, you must install IPS?

December 5, 2013, 12:43 am

Installing new site error

December 5, 2013, 1:06 am
$
0
0
I need a solution

Hi

i want to install new site and replicate with existin site. in wizard , afte create database , when replication start , an error show.

i test connctivity. it is ok.

033.png

SEP Policy confirmation

December 5, 2013, 2:19 am
$
0
0
I need a solution

Hi Expert's.

Looking for a confirmation, Will a SEP policy apply to a client if the client does not have that sep feature installed?

I have installed a sep agent on a system without Intrusion Prevention feature. but I have put that client to a Group that does have a policy assigned for IPS.

So that policy will work or not on that system.

Manually ran a live update, 1 update found, but FAILED to install

December 5, 2013, 8:09 am
$
0
0
I need a solution

So it's 1 update, 0 installed. Update installed.

There are 1 update(s) to be downloaded.
Downloading update package (1 of 1) failed.
Encountered an error while downloading file 1386237193jtun_irev131205002.7z.
0 update(s) have been downloaded.

Processing updates...
Encountered an error while processing an update for Revocation Data.
Failed to install update for Revocation Data.

Session summary: 1 update(s) available, 0 update(s) installed.
LiveUpdate session is complete.

 

Why?

 

1386269625

Updates issues

December 5, 2013, 11:11 am
$
0
0
I need a solution

After downloading LiveUpdate content, we get this constantly at the bottom of the Local site > Servers screen.

December 5, 2013 1:01:35 PM CST:  C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\..\Inetpub\content\{C25CEA47-63E5-447b-8D95-C79CAE13FF79}\80929016\full.zip.tmp (The system cannot find the path specified)  [Site: My Site]  [Server: XXXX]

 

Obviously things aren't up to date, I believe due to the above issue.

Symantec Endpoint Protection Manager Content Catalog 11.02011-05-19 rev. 701November 17, 2012 3:28:56 PM CST
Antivirus and antispyware definitions Win64 11.0 MicroDefsB.CurDefs2013-07-18 rev. 004July 18, 2013 10:30:34 AM CDT
Antivirus and antispyware definitions Win32 11.0 MicroDefsB.CurDefs2013-09-30 rev. 002September 30, 2013 10:14:11 AM CDT
Decomposer Win32 and Win64 11.02012-11-14 rev. 000December 3, 2012 2:21:26 PM CST
TruScan proactive threat scan engine Win64 11.02008-08-20 rev. 001March 4, 2013 10:13:58 AM CST
TruScan proactive threat scan data 11.02008-08-20 rev. 001March 4, 2013 10:13:49 AM CST
TruScan proactive threat scan engine Win32 11.02008-08-20 rev. 001March 4, 2013 10:14:27 AM CST
TruScan proactive threat scan whitelist Win32 11.02013-09-30 rev. 003September 30, 2013 10:19:15 AM CDT
TruScan proactive threat scan commercial application list Win32 11.02013-09-30 rev. 003September 30, 2013 10:20:39 AM CDT
TruScan proactive threat scan commercial application engine 11.02008-09-29 rev. 016November 17, 2012 3:28:54 PM CST
TruScan proactive threat scan whitelist Win64 11.02013-09-30 rev. 003September 30, 2013 10:20:30 AM CDT
TruScan proactive threat scan commercial application list Win64 11.02013-09-30 rev. 003September 30, 2013 10:18:12 AM CDT
Intrusion Prevention signatures Win32 11.02013-09-27 rev. 001September 30, 2013 9:51:32 AM CDT
Intrusion Prevention signatures Win64 11.02013-09-27 rev. 001September 30, 2013 10:19:29 AM CDT
Submission Control signatures 11.02010-12-01 rev. 096November 19, 2012 3:05:29 PM CST

 

I am not sure what to do. Any ideas?

Thanks

Search

SEP clients not getting A/V def. updates from SEPM server.

December 5, 2013, 11:25 am
$
0
0
I need a solution

I'm having an issue with some of my SEP clients not updating A/V definitions from the SEPM server. They call all ping the SEPM server but for some reason, some workstations are not getting the latest virus def. When I launch the SEPM console, the semsvc CPU usage jumps between 30%-60% and it slows to a crawl. The communication settings are set to Push mode with heartbeat interval set on 5 minutes. Even when right click one of the troublesome machines on the Clients section and select Update Content, it shows that it completes but the client machines still reads antivirus and antispyware definitons are out of date On the smc-server-0.log, there area bunch of these errors:

SEVERE: Error while extracting full content under c:\program files\symantec\symantec endpoint protection manager\tomcat\..\inetpub\content\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\xxxxxxxx\Full

Upgrade from SEPM 12.1.2 to SEPM 12.1.4

December 5, 2013, 11:54 am
$
0
0
I need a solution

Hello,

We have 3 SEPM servers that are in one site connected to one database (SQL 2008) .  We want to upgrade the SEPM servers to the latest release.  Because we have so many clients that are depending on the SEPM servers, we want to be cautious, and only upgrade two SEPM servers in case anythng goes wrong, we will have 1 SEPM server still on the old version.

Does the logic above make sense and will it work?  Can we have a mix version environment of SEPM servers in the same site connecting to one database? Or will the 3rd server not work?

Thanks,

1386277083
2501571

LiveUpdate fails when run manually

December 5, 2013, 9:10 am
$
0
0
I need a solution

Hi

I've installed the 12.1 RU4 version in some Macintosh clients and I presented the problem: LiveUpdate fails when run manually through client interface

I tryied to run the LiveUpdate, as the article recomends, using the LUTool, but I  get the following message:

objc[29698]: Class XByteCountFormatter is implemented in both /Library/PrivateFrameworks/SymAppKitAdditions.framework/Versions/B/SymAppKitAdditions and /Library/Application Support/Symantec/LiveUpdate/./LUTool. One of the two will be used. Which one is undefined.
2013-12-04 14:45:16.854 LUTool[29698:407] in ConnectionDied, stopping current run loop
 
 
Cheking the liveupdate.log I have the following:
Wed Dec  4 14:45:15 2013: Daemon Launched
 
Wed Dec  4 14:45:15 2013: Daemon version: LiveUpdate 6.2.2f1, <C2><A9> 2013 Symantec Corporation, All Rights Reserved.
Wed Dec  4 14:45:15 2013:  *** Adding Command
Wed Dec  4 14:45:15 2013: **** Command Key/Value (RegistryPath//Library/Application Support/Symantec/LiveUpdate/ActiveRegistry)
 
Wed Dec  4 14:45:15 2013: **** Command Key/Value (VolumeRoot//)
 
Wed Dec  4 14:45:15 2013: **** Command Key/Value (PlugInPath//Library/Application Support/Symantec/LiveUpdate/PlugIns)
 
Wed Dec  4 14:45:15 2013: =======================================================================
Wed Dec  4 14:45:15 2013: Starting up
Wed Dec  4 14:45:15 2013: Setting last check time now
Wed Dec  4 14:45:15 2013: Should download now and install later: 0
Wed Dec  4 14:45:15 2013: Gathering plug-ins and registry plists
Wed Dec  4 14:45:15 2013: Setting up request array
Wed Dec  4 14:45:15 2013: LiveUpdatePlugInNAV::GetRequestArray.
Wed Dec  4 14:45:15 2013: License processing
Wed Dec  4 14:45:15 2013: Checking License Settings
Wed Dec  4 14:45:15 2013: Searching for best LiveUpdate server
Wed Dec  4 14:45:15 2013: Requesting mini-TRI flag: http://10.1.2.2/checaav/MacintoshUpdatesAV/minitri.flg
Wed Dec  4 14:45:16 2013: Download Error for file minitri.flg (NSError): -1100
Wed Dec  4 14:45:16 2013: Attempted download of minitri.flg with error 9
Wed Dec  4 14:45:16 2013: Finding Best Server, got error: 9
Wed Dec  4 14:45:16 2013: Searching for best LiveUpdate server
Wed Dec  4 14:45:16 2013: Requesting mini-TRI flag: http://10.1.2.2/checaav/MacintoshUpdatesAV/livetri.zip
Wed Dec  4 14:45:16 2013: Attempted download of livetri.zip with error 0
Wed Dec  4 14:45:16 2013: Requesting TRI files
Wed Dec  4 14:45:16 2013: Requesting livetri.zip: http://10.1.2.2/checaav/MacintoshUpdatesAV/livetri.zip
Wed Dec  4 14:45:16 2013: Attempted download of livetri.zip with error 0
Wed Dec  4 14:45:16 2013: main: CAUGHT ???
Wed Dec  4 14:45:16 2013: Daemon Quitting
 
I have a Windows Server (http://10.1.2.2/checaav/MacintoshUpdatesAV/) as Internal LiveUpdate Server.
I update the definitions, using the LiveUpdate Administrator Utility (1.5), once a week; Just in case I've allready checked the Symantec Endpoint Protection v12.1 RU4 product line.
Other SEP for Mac clients (RU2) update well with the same LiveUpdate schema.
 
Any idea what is causing this problem?
 
Regards
 
 

proactive threat protection is not functioning correctly due to an intrusion prevention component

December 6, 2013, 4:20 am
$
0
0
I need a solution

Seeing this error can someone help to resovle in the virus software please. Only start today, no idea why.

 

 

SEP 12.1.4 Mac Client not getting IPS udates

December 6, 2013, 7:24 am
$
0
0
I need a solution
I recently upgraded to SEP 12.1.4 and am having a little issue getting IPS updates for Macs.  The SEPMs were installed mid-November and after initial configuration and testing, the properly exported Mac clients were installed on 12/2/13.
 
We only have about 20 Macs out of 950ish total endpoints so a LU Administrator server isn't really called for.  Our endpoints can only get to the Internet through authenticated proxy so doing passive LiveUpdates from the Mac directly to the Symantec web site doesn't work.  So, I set up an Apache reverse proxy configuration on the SEPMs for the Macs.  The Reverse Proxy setup seems to work pretty good for AV updates but it doesn't appear to work at all for IPS updates. 
 
On the SEPM home page the "Out of Date" row in Endpoint Status" shows only the Macs, and only the IP Signature column is shown as "out of date".  I visited the "Virus Definition and Security Updates" web page and there is no mention of IPS Signatures for SEP 12.x for Mac-just the traditional antivirus.
 
This all leads me to believe one or more of the following: 1. Symantec doesn't know that SEP 12.1.4 for Mac now has IPS and therefore doesn't feel the need to supply updates for it, or  2. the Apache Reverse proxy doesn't download IPS Signatures for Mac and that special feature isn't documented anywhere, or  3. There are no IPS Updates for Mac since 11/27/13 and nobody told the SEPM that that the signature isn't really out of date.
 
I'd love to make this problem go away so I can get my upline out of my face. 
 
Does anybody have any insight?
 
Viewing all 12029 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>