Quantcast
Channel: Symantec Connect - Security - Discussions
Viewing all 5734 articles
Browse latest View live

Remove SEP components with 'Update Content'

0
0
I need a solution

Good morning guys,

I'm trying to remove features from an exisitng SEP 12.1.4 client installation using the automatic client deployment features in SEPM. What happened is we deployed the 12.1.4 client over the top of the existing 12.1.2 clients using the auto-deployment feature and things went well (to our test group).  I didn't realise however that I had included the Outlook features and the Firewall features in this install.

No problem I thought,  just follow the instructions for re-deploying the client features to remove the ones we want.  This seems to not work as expected and I cant figure out why.

To try and remove these features I've done these steps:

  1. Remove Install Packages from client group
  2. Create a new install feature set (Minus Outlook and Firewall Components)
  3. Add a new install package for the group using the new feature set
  4. 'Update Content' on the group
  5. Force a few test clients to contact the SEPM immediately to get the new policy

The deployment settings are set to go immediately but none of them seem to go.  If I upgrade an old client (12.1.2) with the new client and feature set,  this works as expected.  I've left the clients for more than 24 hours with still no change.

So basically my question is - Am I missing some steps to force an exisiting client to remove features using the same deployed version?


CLEAN WIPE - PLEASE HELP"

0
0
I need a solution

 To the following on this community, this is a open letter please, please help this novice remove(Clean Wipe) from his operating

system. It's causing me more trouble than one would want to explain. Any help would be appreciated. It pops up on my system and it

keeps installing constantly. Thank you.

 

ronsmuseum@yahoo.com

Tool for symantec endpoint protection

0
0
I need a solution

Hello All,

In my organization I have to install sep ru4 on all system. But currently we are using some other antivirus.

So I am looking for a tool from which I can uninstall the current antivirus and install SEP RU4 on all system.

SEP 12.1.3 install and GUP

0
0
I need a solution

Hi,

We have 2 site

SEP 12.1.3 to be installed at Site A  (Windows Svr 2008 Standard r2- with 100 clients

Site B - with 50 clients on a separate subnet. Site A & B are connected via a leased line connection.

Whats the best way to push updates and policy to to Site B? Install a secondary server or use GUP ?

 

Thanks

 

Endpoint Clients hitting proxy

0
0
I need a solution

SEMP 12.1.3 - I have policies in place for the client to NOT use the proxy for any reason...updates, communcations etc....the proxy is only used for external commucation. Firewall feature is NOT enabled ...

However we are still seeing traffic from the clients back to the endpoint manager on our designated server. The clients are hitting the proxy every second and creating 407 errors in our logs

TCP_DENIED/407 0 GET http://"Servername":****/content/

Has anyone experienced this before? if so how do you block the commuication?

 

 

 

Symantec endpoint protection exceptions (profile corruptions)

0
0
I need a solution

Hi,

When a centralized exception (extension) is added in SEPM with action 'ignore' should SEP on clients skip scanning the filetype altogether or simply ignore alerts if a file is infected?

We've specified a centralized exception for the extension 'DAT' on our networks. Looking at a client computer registry I can see the rule is present yet strangely when doing any AV scan RTVScan.exe also opens all users ntuser.dat. By any AV scan I actually mean it, if I scan 'C:\temp' folder (which contains only 1 desktop.ini) sysinternals process monitor shows RTVScan accessing the profilelist registry key and then scanning all user ntuser.dat's.

 

There's a wider issue this is causing on our networks related to corrupt profiles. Like all windows networks with roaming profiles we occasionally get profile corruptions; and if particularly bad windows attempts to recover the ntuser.dat on the client machine, a process which is often accompanied by an event viewer entry:

EventID: 5

{Registry Hive Recovered} Registry hive (file): '\??\C:\Users\UserAccount\ntuser.dat' was corrupted and it has been recovered. Some data might have been lost.

We resolve these corruptions by resetting/restoring a users network ntuser.dat back to default. In most cases after restoring ntuser.dat the user will then successfully log on as windows can see the network profile is newer than the local corrupted profile on the machine. What we're finding is that when RTVScan accesses the ntuser.dat on local machines it triggers windows to rebuild these corrupt profiles again which in turn updates the modified date on them. On next logon the locally cached copy is seen as newer and is used instead of the fresh network copy. As an AV scan is triggered each time new definitions are loaded these profiles can be rebuilt multiple times throughout the day making it hard to stay on top of corruptions, especially as windows aged profile deletion will never see them as being old enough to remove.

 

SEPM Version: 11.0.6100.645

Client SEP Version: 11.0.6100.645

 

Thank you in advance for any help with this matter.

Andrew

SEP 12 RU4 - Reduce memory utilization

0
0
I need a solution

One of the branches we work with are hesitant to use SEP on their systems. They say that before they install SEP, their memory utilization is 10%, but after installation it jumps to 55%.

 

How to reduce memory utilization of SEP?

Best practice - deploy Endpoint via GPO or manager?

0
0
I need a solution

I'm new to SEPM and wanted to know which method is considered best practice for deploying SEP to computers in a domain? Last sys admin had it deployed via GPO but new sys admin deleted said policy. 

 


Symantec Endpoint Protection Outlook Add-on purpose

0
0
I need a solution

We have SEP on all our computers in our network. A few users use Microsofts CRM. Recently the users with CRM experienced a problem which after hours of support calls was resolved. One of the steps the technician instructed was to disable the SEP Outlook add-on. 

That got me to wondering what the add-on does, and after some searching all I found is that it scans attachments. What I'm still curious about is what else it does, if anything.

 

Long story short: Is leaving the add-on disabled a bad idea? If so, why?

 

Thanks for any advice!

SEP client 12.1.4 unable to update definition from SEPM

0
0
I need a solution

 As I found that there are SEP clients unable to update from SEPM, however, the definition in SEPM is up-to-date. Please kindly HELP.

Specified Network Name No Longer Available - Lotus Notes in Terminal Server 2003

0
0
I need a solution

Hi, just an introduction, my name is macky from philippines, i work in a quite big company as a windows server admin. Just want to seek help regarding this issue. So here it is.

This is our setup.

Windows Server 2003 x64 SP2 Terminal Server with the following installed.
Lotus Notes 8.5
SEP 12.1.2
Thin Print
MS Office

Windows 2003 Server with Symantec Endpoint Protection 12.1.2 installed

Lotus Notes Setup:
Installed on the local drive of the Terminal Servers
User Data files are stored on a network shared folder in a File Server Cluster with SEP 12.1.2 Installed

Symantec Endpoint Protection Features being used:
Terminal Servers - Virus and Spyware Protection
File Server - Virus and Spyware Protection + Proactive Threat Protection + Network theat protection(but was recently removed)

The issue:

Users are reporting everyday that when they are using Lotus Notes inside the terminal server they encounter this error once in a while. The error "Specified Network Name No Longer Available" will appear on the IBM Lotus notes, the workaround is to exit lotus notes and open it again but that is so much of a hassel in terms of business continuity. In the eventvwr of the terminal server:

Source: Application Pop up
Event ID 26:
Application popup: Windows - Delayed Write Failed : Windows was unable to save all the data for the file \\SERVERNAME\lotus\USERFOLDER\Notes\Data\IBM_TECHNICAL_SUPPORT\console.log. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.

Source: MRxSmb
Event ID 50:
{Delayed Write Failed} Windows was unable to save all the data for the file \Device\LanmanRedirector. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.

 

I had read an article saying that Network Threat Protection causes a blockage of unknown threats and share access are being recognized as one, so we removed it but the problem still occurs.

This only happens on the Lotus Notes. If we try to access via windows explorer the network shared folder where the data files are stored we do not encounter any problem.

This has been going for months, any help to solve this problem would be much appreciated.

 

regards,
Macky

Disable Scanning after Live Update on Unmanaged client

0
0
I need a solution

SEP unmanaged version 12.1:

 

This is a followup to a similar issue:

"The last two Windows 7 computers I have set up run multiple scans daily. This despite the fact that I disabled the active scan on startup and the scheduled active scan. When I review the virus and spyware scan log, I can see the scans that have been run. The only clue is "logged by" manual scan.

It appears to happen at various times, 3 times a day. I can assure nobody is running these scans manually. Please advise."

-----------------------------------------------------------

Note: Any unexpected scedules have been verified and deleted in the registry as per instructions. 

I understand that by default, once new definitions are loaded by Live update, SEP will automatically initiate one of the scheduled scans (if any exist). 

However, I would like to disable this behavoir on an unmanaged client. 

Since there is no checkbox available, is there a registry option for this behavior?

Thanks,

Whether wake on lan is available in SEPM 12.x

0
0
I need a solution

Whether wake on lan is available in SEPM 12.x.

 

Wake on Lan: Manager should copy the definitions/policies to the shutdown machine's boot disk.

 

SCCM is having this feature.

add new site

0
0
I need a solution

dear all

I have one site (default Local Site) and 500 client and 2 SEPM.

I decide to convert second SEPM to new site.

What I do for this?

If I install new site, client for this server connect automatically connect to new site???

SEP Logs: Actual Action: Left alone

0
0
I need a solution

I am trying to figure out from the logs I am seeing/getting where I see "Actual action: Left alone,Requested action: Cleaned,Secondary action: Deleted" if it actaully didn't do anything.  Currently all I have are the logs and no access into the management server or workstation.  

Can someone confirm for me what actually was done?  Does "Actual action" really mean that it left it alone? 


SEPM showing two server properties

0
0
I need a solution

Hi

Just want to check if it's normal to have two server properties on SEPM console? When will it show this way? Please see attached file

Windows 2012 R2 SP1

0
0
I need a solution

Forgive this question as I have been out of the loop with SEP for a while.  Looking to roll out the latest version of Windows Server 2012 R2 SP1.  Do I need to updated the SEP Manager in order to update the clients to 12.1.4?  We are currently at 12.1.2015.

Client is facing network slowness from 40Mbps to 100kbps due to NTP.

0
0
I need a solution

Client is facing network slowness from 40Mbps to 100kbps due to NTP.

after disabling NTP, getting the good speed.

(NTP enabled)After restarting the SEP client getting the good speed - after soetime going to slow.

 

Using SEP12.1.3

symantec endpoint protection manager best practices for logs

0
0
I need a solution

HI

symantec endpoint protection manager best practices for client logs

 how we can save  more logs and report on Symantec endpoint protection manager

Symentec Endpoint : My computer hangs during 20 min after switch on

0
0
I need a solution

Hello

 

Every day my computer hangs permore or less 20 minutes with HDD working at 100%. CPU usage is more or less 0%

If I stop symantec I can use my computer

Sometimes it is due to ccSvtHst.exe, somteimes it Smc.exe

See here under a screenshot of performance monitor, HDD is 100% :Cattura.PNG

Any idea?

My version of Symantec Endpoint:

Cattura2.PNG

Regards

Viewing all 5734 articles
Browse latest View live




Latest Images