I have been thinking that if SONAR is able to detect pre execution behavior and with the help of INSIGHT it can lower the false positives, how machine learning differs from SONAR.
AND as machine learning is definition less technology. how will SEP gets new sets of algorithms for machine learning from symantec live update?
Dears,
I just want to know if we have SEP and trend micro deep security in same environment will there be any chance that they would affect each other ?
Thanks in Advance
Hi Symantec Community,
My scenario. 1 site at Europe (Site 1 lets call it ) currently on SEPM 12, embedded database with about 10 clients. I have other sites at other countries around Europe using Windows defender, they are all talking to eachother via IPSEC tunnel. A decision is not made whether the workstations will be on SEP but i imagine they would be down the track so at this stage its just the servers with GUP.
What is the best way going about this as im concerned may it might be slow if it communicates to another country? Do i just deploy SEP server package to these other servers and it will find (site 1) and just see how it goes? or am I better off making these remote sites managers.
Any suggestion is welcomed.
Thank you
ZC
My company has Symantec Endpoint Protection ver 12.1.6 after 3 years the license has expired.
1. I would like to know whether or not the clients and the sep manger will keep updating with the lates virus definition although the license has expired
2. If I don't renew am I in any breach, if the clients are updating then why pay all that money to renew, what I am not getting?
3. Are there any risk without hastly acquiring a new license?
Please advise!
Jon
I have Symantec 12.1.6 MP6 installed as client. It has been detected with running a HACK tool. While running symdiag with root kit analysis, it doesnt complete and give error as
Please tell, how i complete my analysis
Waiting for quick response..Please suggest Help!
Hi,
I bought 3 units of SYMC Endpoint Protection 14 Per User I/O Essential 12 months and plan to install the antivirus individually.
From C://ProgramData/Symantec/Symantec Endpoint Protection/CurrentVersion/Data/Config, the sep.slf file indicate
<product_name>Symantec Endpoint Protection 14.0 Inbuilt Never Expires</product_name>
May I know is this slf file indicate that the antivirus will never expires?
May I know should I activite the license to 1 year expiry date? If need to activate it, how to activate?
hellow
i have encountered a weired behaivior of the symantec endpoint protection softwere
it jumps with multiple JPG files that thier origine is unknown
and do not stop adding these files to quarantine
i have installed a ransomewere defence softwere and i think my problem has a connection to the ransomewere defence softwere
for now this behavior disturebes my workfow and i do not know how to deal with it
please advise me how to handle this situation as soon as you can
*picture attached
thanks
hellow
i have encountered a weired behaivior of the symantec endpoint protection softwere
it jumps with multiple JPG files that thier origine is unknown
and do not stop adding these files to quarantine
i have installed a ransomewere defence softwere and i think my problem has a connection to the ransomewere defence softwere
for now this behavior disturebes my workfow and i do not know how to deal with it
please advise me how to handle this situation as soon as you can
*picture attached
thanks
I am running SEP 12.1.6 (12.1 RU6 MP5) build 7004 (12.1.7004.6500). I want to export network threat protection logs. When I attempt to do so it looks like it succeeds but then when I look no file has been created.
Hello Symantec,
today I get this alert from our corporate Symantec Endpoint Protection:
The details say this
You gotta be kidding me. I even payed for the license to Ghisler! Then I tested the file via virustotal.com and this is the result
Please don't make my manager ask me why si my computer suddenly infected with malware when it is not :-]
Hello,
I have two windows2012r2 servers, one for each location, on both servers installed SEPM 14.0.1904. One server has access to internet, second - not.There is replication between two sites. For two month everything was ok, replication scheduled to be done every 4 hours.
After today on my second server (which has no access to internet) i get error that replication finished unsuccessfully. Status: Failed to Submit. If I push replication manually from this server still same error.
But on my first server there is no error. Satus: Succeeded.
Please find in attachment scm-server-0.log.
Can someone advise on this issue?
I am inquiring to see if the data in the following folder path is needed, and if it can be removed without any negative effects.
C:/ProgramData/Symantec/Symantec Endpoint Protection/ 14.0.1904.0000.105/Data/CmnClnt/ccSubSDK.
We are low on space on the C: Drive, and this is taking up 6.6GB of space. If this can be deleted, can you please provide instructions on how to do so? Staff cannot print at the moment. Thank you.
Hi,
We are facing login issue without any error where login stucks at either 25% or 100% and if services are restarted SEPM 14 MP1 work fine. but again after random time, it does not allow us to login and all the clinets after random time SEP clients also gets disconnected from SEPM, Symantec thinks that there may be issue with java , however we are not able to generate jstack dump, getting below error -
“C:\Program Files\Java\jdk1.8.0_121\bin>psexec.exe -s "C:\Program Files\Java\jdk1
.8.0_121\bin\jstack.exe" -l 7436 "E:\SEPM14\sepm_stack.log"
PsExec v2.2 - Execute processes remotely
Copyright (C) 2001-2016 Mark Russinovich
Sysinternals - www.sysinternals.com
Attaching to core E:\SEPM14\sepm_stack.log from executable 7436, please wait...
Error attaching to core file: Windbg Error: OpenDumpFile failed!
sun.jvm.hotspot.debugger.DebuggerException: Windbg Error: OpenDumpFile failed!
at sun.jvm.hotspot.debugger.windbg.WindbgDebuggerLocal.attach0(Native Me
thod)
at sun.jvm.hotspot.debugger.windbg.WindbgDebuggerLocal.attach(WindbgDebu
ggerLocal.java:160)
at sun.jvm.hotspot.HotSpotAgent.attachDebugger(HotSpotAgent.java:673)
at sun.jvm.hotspot.HotSpotAgent.setupDebuggerWin32(HotSpotAgent.java:569
)
at sun.jvm.hotspot.HotSpotAgent.setupDebugger(HotSpotAgent.java:335)
at sun.jvm.hotspot.HotSpotAgent.go(HotSpotAgent.java:304)
at sun.jvm.hotspot.HotSpotAgent.attach(HotSpotAgent.java:156)
at sun.jvm.hotspot.tools.Tool.start(Tool.java:191)
at sun.jvm.hotspot.tools.Tool.execute(Tool.java:118)
at sun.jvm.hotspot.tools.JStack.main(JStack.java:92)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at sun.tools.jstack.JStack.runJStackTool(JStack.java:140)
at sun.tools.jstack.JStack.main(JStack.java:106)
C:\Program Files\Java\jdk1.8.0_121\bin\jstack.exe exited on HSLSEPM with error c
ode 1.”
Do any one know the cause or any answer is helpful to get it solved.
I have an environment with multiple replication partners. If I set the primary server to sync up with active directory successfully, do I only have to do that one time? As in will this change be replicated to the other servers? Or will I have to do this on all of the replication partners?
Thanks!
-Alex
I was wondering if SEP 12.1.6 scans Microsoft Shadow Copies. Ocer the past few weeks I've noticed my nightly scans taking longer, sometimes even running over a 36 hour period or not ending. The drive I'm scanning onlyhas around 200,000 files located on it, but the log of a scan can be close to 4,000,000 files. I've gone into the scan and excluded system volume and $Recycle.bin from the scan. Would it be a better idea so split my scans up?
Hi, ALL.
I have problems installing SEP clients 12.1.RU 6MP5
in client server activity logs only two events
Time Stamp Event Type
17.03.2017 19:17 The client computer has been added to the group
17.03.2017 19:17 Client has registered
in ruru log error : Enable to detect product
In the SEP_Inst.log
MSI (s) (28:84) [22:12:37:841]: User policy value 'DisableRollback' is 0
but no events (NOT MIGRATIONPENDINGREBOOT) OR SISFAILED=1
sep.log and sis_inst.log atached
Thanks/
I have Symantec Endpoints Protection v14 and that I installed on new windows 10 pro (64bit) computer.
I can access smoothly Microsoft Access 2003 files without or disable Symantec Endpoints Protection v14(Client).
Once I enable Symantec Endpoint Auto protection v14, I can't anymore open the Microsoft Access 2003 files.
The error is showing "Microsoft Access has stop working". Please kindly help me.
Thank You.
Hello,
We are using Symantec Endpoint Protection 12.1.6 on a Windows Server 2008 R2. This is an outward facing web server that runs our Ecomm websites. We use Cloudflare as a CDN which has an acceleration service named Railgun. The Railgun server resides on our network, not Cloudflare.
The way it works is the http request for our websites first go to Cloudflare, their edge servers forward the request to our Railgun server which is hosted on our network. The Railgun server forwards the request to our origin web server, described above. A hacker sends a request to one of our websites which goes to the Railgun server which then goes to the web server. Symantec blocks that request because it sees it as a hack attempt, this is good. Symantec then proceeds to block, for 10 minutes, any further requests that come from our Railgun server whether they are hack requests or legitimate requests. This blocks all traffic for any of our websites for 10 minutes, this is bad.
Is there a way to tell Symantec Endpoint Protection to continue to block those bad requests, from the Railgun server, but also not block the good/legit requests from the Railgun server for 10 minutes?
Any ideas are greatly appreciated.
Joe
Hello,
We have been using SEPM 12 and have set the policies to not allow users to disable the SEP client using the instructions found here:
https://support.symantec.com/en_US/article.TECH168...
With the policies set as found in the link above, when the users right-click on the taskbar SEP icon, the option to 'Disable Symantec Endpoint Protection' is greyed out and cannot be chosen.
We have upgraded our SEPM to version 14 and have deployed the SEP 14 client to our test group. Now if one right-clicks on the taskbar SEP icon, the option 'Disable Symantec Endpoint Protection' is no longer greyed out. After doing some digging in the policies, it looks like there is a new setting found at:
Clients -> Policies -> Intrusion Prevention Policy -> Generic Exploit Mitigation -> Enable Generic Exploit Mitigation
that must be enabled otherwise, it will allow for portions of the SEP client to be disabled.
But even with that setting in place, the option to disable SEP in the taskbar icon is still not greyed out. Is this expected behavior, or are there other settings that need to be adjusted in order to prevent users from disabling the SEP client?
Thanks.
Gilbert
Hi,
Could you help me on this?
I have Symantec Endpoints Protection v14 and that I installed on new windows 10 pro (64bit) computer.
I can access smoothly Microsoft Access 2003 files without or disable Symantec Endpoints Protection v14(Client).
Once I enable Symantec Endpoint Auto protection v14, I can't anymore open the Microsoft Access 2003 files.
The error is showing "Microsoft Access has stop working". Please kindly help me.
Thank You.