Problems With Network Scanning During Product Evaluation

August 14, 2015, 1:08 pm

≫ Next: Using a server as a GUP

≪ Previous: Find who deleted incidents

$

0

0

I need a solution

Our IT director has tasked me with testing out the Symantec Endpoint Security trial so that we can move away from our current Kaspersky management system.  I've downloaded the trial (which installs the Symantec Endpoint Protection Manager) and installed it on our server.  The first thing I wanted to test was creating a deployment package so we can push out installations to end users from the server but I'm running into a problem.  A couple steps in it prompts to "select the computers to receive the client installation package" and pulls up a list of computers, but only for that physical site (it seems to be populating the list like it's pulling from Active Directory but I could be wrong.  It's definitely missing a good 80% of the computers on our entire network though).

First, what exactly is this trying to ask me to do?  I want to create the package on the server and be able to push to any computer that it picks up on the network.  Do I select the server, or do I need to select every single computer that populates on this step?

Secondly, when trying to search by IP range, the search continues for hours (it still hasn't finished)...and I'm only searching between 10.195.1.1 and 10.195.255.255.  Our Kaspersky can sniff the entire network on 2hr intervals and the sniff only takes about 30 minutes (and this includes ranges outside those previously listed like our 192.X.X.X and users connecting to our domains from home).  Any reason the network scan is so slow for Symantec or is there something I'm not noticing here?

• Screen_1.png

---

Using a server as a GUP

August 14, 2015, 1:16 pm

≫ Next: Endpoint encryption - keyboard not working properly on boot

≪ Previous: Problems With Network Scanning During Product Evaluation

$

0

0

I need a solution

I have a server that I have setup as a GUP but it still shows as "False". Is this because the server has a basic server client install and not the full client Install. The server and SEPM are both on 12.1.RU6

Endpoint encryption - keyboard not working properly on boot

August 14, 2015, 5:20 pm

≫ Next: MoveClient on Embedded Database

≪ Previous: Using a server as a GUP

$

0

0

I need a solution

Hi

I recently installed endpoint encryption on my new desktop.

This has worked flawlessly in the past, both on my laptop (win 8.1) and on my older desktop (win 7 home)

I encrypted the system drive and restarted. My password contains "special characters" like !"#¤¤%%& and upper- and lowercase letters.

When I try to type the password, it wont let me do any of these. None of the characters one get from shift + numbers only result in numbers. Shift + 1 results in "1".  It seems as the shift-button suddenly doesn't work.

Needless to say Im now very frustrated. I tried to change the keyboard from Norwegian to English and others but it's not helping.

Any help would really be apreciated!

Thanks in advance

Brukernavn

MoveClient on Embedded Database

August 17, 2015, 2:30 am

≫ Next: DNS Resolution Failure for Insight

≪ Previous: Endpoint encryption - keyboard not working properly on boot

$

0

0

I need a solution

Hi all,

I'm trying to use the MoveClient utility to move some clients between groups. When using the utility it requests the IP address where the database is located. What is the appropriate IP to add here for an embedded database on a local machine. I have tried the machine IP, 127.0.0.1 and localhost. Thanks :)

Rob

1439823890

DNS Resolution Failure for Insight

August 17, 2015, 4:39 am

≫ Next: SEPM Replication Partner Questions

≪ Previous: MoveClient on Embedded Database

$

0

0

I need a solution

Hi,

I have a question regarding DNS lookup failures on some Insight Lookups. The event ID in Event Viewer is 1014.

I know these are lookups for the Symantec Insight Server but why the DNS lookups are failing.

Below is screenshot:

SEPM Replication Partner Questions

August 17, 2015, 8:27 am

≫ Next: Liveupdate jdb Errors | SEPM

≪ Previous: DNS Resolution Failure for Insight

$

0

0

I need a solution

Can I have a SEPM that has a newer version as a replication partner?  For example: current SEPMs and clients are at 12.1.4. Can I add a SEPM with 12.1.6 as a replication partner then migrate clients to him?

Do all policies replicate? What about Policy Components such as Host Groups, Hardware Devices, etc.? 

Thank you.

1439826509

Liveupdate jdb Errors | SEPM

August 17, 2015, 1:59 pm

≫ Next: SEP 12.1.6 Installer Drops VM Console Session

≪ Previous: SEPM Replication Partner Questions

$

0

0

I need a solution

Greetings,

I am gettnig the following errors in my Sesmlu.log when I run jdb files. Issue started in June and updates will not successfully go out through SEPM with any of the new .jdb definitions I add to the "incoming" folder. It will sit for about an hour and then build an .err file.

The network is not connected to the internet. Definitions need to be pushed to the machines on the network. Getting the following errors on the Sesmlu.log file located on the server running SEPM.

ERROR Sesmlu failed to notify Sesm servlet of new live update package .\SesmLu.cpp[1319]

WARNING Sesmlu content catalogue update lock already acquired, unable to update contect info: SEPM Virus Definitions Win32 V12.1 Microdefts.Curdefs SymAllLanguages

ERROR Sesmlu failed to notify server on new content at .\SemsLu.cpp[475]

Not sure what these mean. I have tried reinstalling, stopping/starting the service, and removing all previous saved definition files but still get the same error. Can anyone suggest anything?

SEP 12.1.6 Installer Drops VM Console Session

August 17, 2015, 4:08 pm

≫ Next: PGP Registry Entries

≪ Previous: Liveupdate jdb Errors | SEPM

$

0

0

I need a solution

Is it common for the SEP Client Installer (12.1.6) to drop any VMware console sessions when installing? I had to back out of the my VMware client software and reload the console view for selected VMs I was running the installer on. I don't recall being an issue with previous versions, not that it is a show stopper, just inconvenient when you have to logout of your VM vSphere Client to bring back the console view the impacted vm guest. Let me know if I need further guest information, VM tools version, etc. Really I want to know if this is typical behavior or not.

---

PGP Registry Entries

August 17, 2015, 10:31 pm

≫ Next: Mise à niveau Symantec endpoint protection 12.1.6

≪ Previous: SEP 12.1.6 Installer Drops VM Console Session

$

0

0

I need a solution

Hello,

We have PGP encryption installed on our laptops and in the registry is the user path where the PGP client looks for the pubring.pkr and secring.skr files

Currently  it points to C:\Users\<user name>\Appdata\Roaming\PGP Corporation\PGP\

I am wondering if there is a way to adjust the registry so that rather then looking for the current users profile it points to a fixed location on the laptop.

Like C:\Windows\<Custom folder name>

Or something like that.

Any help would be greatly appreciated

Angus

Mise à niveau Symantec endpoint protection 12.1.6

August 18, 2015, 12:08 am

≫ Next: Monitors tab and all reports "No information"

≪ Previous: PGP Registry Entries

$

0

0

I need a solution

bonjour,

vue que la taille de la partition c: du mon serveur SEPM est insufiisant j'ai installé le serveur dans la partition D: , le problèeme c'est que a chaque mise à niveau d'un client ou l'installation d'une nouvelle package client déja exporté depuis le meme serveur la partation D: du machine client disparaitre 

Y a t'il une solution pour remediér a cette problème?

Monitors tab and all reports "No information"

August 18, 2015, 1:36 am

≫ Next: SDCS 6.5 with sym_win_protection_core and SEP 12.1.6MP1

≪ Previous: Mise à niveau Symantec endpoint protection 12.1.6

$

0

0

I need a solution

SEP 12

I am trying to figure out why the most of the items in the Monitor tab of the Manager Console show 'No Information.' The 'Compliance Status Distribution' is the only one that seems to have any data.

Has anyone seen this before or have any ideas of what I can check to see why SEP manager is not monitoring everything it should be?

SDCS 6.5 with sym_win_protection_core and SEP 12.1.6MP1

August 18, 2015, 2:48 am

≫ Next: Symantec CCS agentless RBC data collection on VMware ESX 4.x without vCenter

≪ Previous: Monitors tab and all reports "No information"

$

0

0

I need a solution

Hi, 

Im having trouble getting SEP 12.1.6 working properly with SDCS 6.5 and the protection core policy.

It seems that there is a script that is being blocked and Im unable to create a working exception for it.

Details are:

DETAILS

Description                     Process Assignment for CSCRIPT.EXE to svc_nopriv_ps
Policy Name                     sym_win_protection_core_sbp_TMSPRDT
Rule Name                       Programs that services should not execute
Process                         C:\WINDOWS\SYSTEM32\CSCRIPT.EXE
Parent Process                  C:\WINDOWS\SYSTEM32\WINLOGON.EXE
Module Path                     \WINDOWS\SYSTEM32\WLNOTIFY.DLL
Sandbox                         svc_nopriv_ps
Operation                       create
Process ID                      13328
Thread ID                       14048
Parent PID                      4272
Arguments                       C:\WINDOWS\system32\cscript.exe  //E:JScript //Job:AgentHIScript "C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.6306.6100.105\Bin\AVScript16.js""48640""Helper.exe""Symantec.SSHelper""C:""22""C:\WINDOWS\TEMP\""0"
Process Signature               Microsoft Signed  (00039417)
Parent Process Signature        Microsoft OS Component (00039437)

cscript.exe is blocked: Programs that services should not execute

When I create an exception to this Im struggling with the arguments, they are not fixed so Im trying to wildcard it but it is still being blocked.

//E:JScript //Job:AgentHIScript "C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.6306.6100.105\Bin\AVScript??.js""?????""Helper.exe""Symantec.SSHelper""C:""??""C:\WINDOWS\TEMP\""0"

When I work with the above question marks it doesnt seem to work. Any ideas anyone?

Thanks a lot!

Symantec CCS agentless RBC data collection on VMware ESX 4.x without vCenter

August 18, 2015, 3:23 am

≫ Next: Best Practice How to update 12.1.5 to cloud hosted

≪ Previous: SDCS 6.5 with sym_win_protection_core and SEP 12.1.6MP1

$

0

0

I need a solution

Hi Guys,

I'm trying to find the way how to configure agentless RBC data collection with Symantec CCS for VMware ESX 4.x WITHOUT vCenter.

On following page I've found this entry, so it seems to be possible:

https://www.symantec.com/security_response/securit...

VMware ESX

4.x

x86, AMD64 and EM64T

lnx-x86

11.0

1st May 2012

Agentless RBC only

Please could you share any knowledge / documentation describing configuration of agentless RBC data collection with Symantec CCS for VMware ESX 4.x WITHOUT vCenter ?

Thanks, best regards

Mikulas

Best Practice How to update 12.1.5 to cloud hosted

August 18, 2015, 6:47 am

≫ Next: PGP Desktop 10.2.1 Compatibility with Win10

≪ Previous: Symantec CCS agentless RBC data collection on VMware ESX 4.x without vCenter

$

0

0

I need a solution

Hi all,

at the moment we use the SEP Manager  and have a SEP Clients (12.1.5) installed and configured. The installation package is deployed over a gpo.

What is now the best practise to migrate these clients to the cloud hosted  https://hostedendpoint.spn.com

We have already a login and i can add clients manually with the e-mail invitation process. The question ist how to upgrade easily all the clients to the cloud.

Thanks for your answers!

PGP Desktop 10.2.1 Compatibility with Win10

August 18, 2015, 8:18 am

≫ Next: Need to start endpoint agent

≪ Previous: Best Practice How to update 12.1.5 to cloud hosted

$

0

0

I need a solution

I'm currently using a perpetually licensed PGP Desktop 10.2.1 on Windows 7 machines.  This desktop machine is using Bitlocker disk encryption and shows no incompatibility with upgrading to Win10. My laptop uses PGP Disk encryption and shows PGP as not being compatible with Win10 upgrade.  Has anyone been able to use some PGP 10.2.1 components on Win10?

---

Need to start endpoint agent

August 18, 2015, 9:08 am

≫ Next: Salesforce Marketing Cloud Block Inquiry

≪ Previous: PGP Desktop 10.2.1 Compatibility with Win10

$

0

0

I need a solution

Does anyone know of a way to start the endpoint agent via command line? I cannot reboot a particular computer and it appears the agent shut itself down. I just need to know of a way to turn the agent back on without rebooting the computer.

1439949736

Salesforce Marketing Cloud Block Inquiry

August 18, 2015, 9:08 am

≫ Next: Endpoint Email Prevent Pop Up

≪ Previous: Need to start endpoint agent

$

0

0

I need a solution

Hello There, 

I work for Salesforce Marketing Cloud, an email service provider located in Indianapolis.  It looks like mail from one of our customers is being rejected at many domains using Symantec. I used your web form, however, all IPs received the same response: The IP address you submitted does not have a negative reputation and therefore cannot be submitted for investigation

Error Sample:
smtp;553 Message filtered. Refer to the Troubleshooting page at http://www.symanteccloud.com/troubleshooting for more information. (#5.7.1)

Our customer is sending emails to subscribers that signed up at their website. I’m happy to send you more details if you provide a support email address.

It is our policy that clients send mail only to people who have given consent. I'm wondering if you have any outstanding spam issue with our customer that we could work together to address? 

Please contact me if you need further information, or have any information to share about this situation.

Kindest Regards,

Josie Garcia
Principal, Deliverability Services | salesforce.com

Endpoint Email Prevent Pop Up

August 18, 2015, 10:07 am

≫ Next: questions

≪ Previous: Salesforce Marketing Cloud Block Inquiry

$

0

0

I need a solution

Hi All,

I have created an endpoint policy to prevent user from sending email if matching keyword found only in an attachment not in body of email. But the problem is policy is working fine but pop up comes when matching word found in body of email which i dont want. I only want pop up to comes if matching keyword detect in attachment only.. right now it is showing pop for both body and attachment keyword is detecting fine but why it is detecting in body mail this is the problem.

following are the details i have configured:

add policy> content match >> keyword "confidential">>on whole words>>match on "Only attachment" is selected rest other options "Envelope", Subject, Body are unchecked as i only want detection in attachment.

along with AND condition below

protocol and endpoint monitoring >> email /SMTP is selected only.

Response rule - > prevent user pop up block options with multiple options

Now this policy works like this confidential word matching in body or attachment it shows pop up but i have only selected attachment in keyword match option then why it is picking from body mail.. i only want detection in attachment not in body.

Please suggest whats wrong with this..

questions

August 18, 2015, 11:00 am

≫ Next: SEPM 12.1.6 migraiton

≪ Previous: Endpoint Email Prevent Pop Up

$

0

0

I need a solution

I have a few questions I'm hoping someone can answer, how can I perform the following tasks with symantec protection suite enterprise editon.

modify the dashboard views

block pages that contain malicious script when a user opens a web page

log these visits so I can run a report

protect documents from unautohorized change or encryption

block processes commonly associated with ransomeware

log c&c callbacks, see those in reports, set outbreak alerts with a threshold

scan subnets for systems without protection, by subnet or domain

thank you

SEPM 12.1.6 migraiton

August 18, 2015, 5:45 pm

≫ Next: Policy to Monitor Google Drive

≪ Previous: questions

$

0

0

I need a solution

Hi All,

Planning to migrate SEPM from 12.1.5 to 12.1.6 on same server (Windows 2008 R2).

Please advice.

Thanks