Quantcast
Channel: Symantec Connect - Security - Discussions
Viewing all 5734 articles
Browse latest View live

SQL 2008 SP1 upgrade to SQL 2016

September 12, 2017, 8:28 am
$
0
0
I need a solution

Hello everybody,

Currently I am in the process of upgrading from SEPM 12.1.6 to SEPM14 MP2. During this upgrade process we need to upgrade our SEP database from SQL 2008 SP1 to SQL 2016 due to system requirments.

I was wondering what the best route would be to upgrade this database. Also, if anyone has performed this upgrade as the first time we attempted this upgrade we were able to connect to the database and then it stopped working about 15 minutes after the upgrade. So we are just looking for any suggestions or issues that might occur.

Thank you,

Jack McAloon

0
Search

How to interpret virus alert?

September 13, 2017, 4:00 am
$
0
0
I need a solution

Hi all.  I often see these with customer systems, via SEP 12, 14, SEPC, and SEP SBE deployments.  I alwyas wonder - do they indicate that a system compromise occured and somebody dumped active malware onto the computer, having bypassed endpoing security, or, because of the fact that it is a script and is likely launched via visiting a website, it's just showing a file path that scripts normally end up in when they try to launch.  Sorry, early in the morning, may not be wording myself correctly.  Here's a path to a sample detection found this morning: 

\users\username\appdata\local\packages\microsoft.microsoftedge_8wekyb3d8bbwe\ac\#!001\microsoftedge\cache\efg5451j\script[2].jsoc (I put "jsoc at the end, replacing .js just in case this post gets filtered).
So is this a script a website tried to store or launch, or does it mean someone already bypassed security and placed a script in a local file path?  Thanks very much.  
 
0

Bluetooth vulnerability #BlueBorne

September 13, 2017, 5:55 am
$
0
0
I do not need a solution (just sharing information)

Hello,

It will be nice to know more about this vulnerability and if SEP provides protection in case of OS mobile and desktop.

Info in media:

https://www.armis.com/blueborne/

https://techcrunch.com/2017/09/12/new-bluetooth-vu...

https://www.youtube.com/watch?v=QrHbZPO9Rnc

From ARMIS website:

Windows

All Windows computers since Windows Vista are affected by the “Bluetooth Pineapple” vulnerability which allows an attacker to perform a Man-in-The-Middle attack (CVE-2017-8628).

Microsoft is issuing security patches to all supported Windows versions at 10 AM, Tuesday, September 12. We recommend that Windows users should check with the Microsoft release here for the latest information.

Linux

Linux is the underlying operating system for a wide range of devices. The most commercial, and consumer-oriented platform based on Linux is the Tizen OS.

  • All Linux devices running BlueZ are affected by the information leak vulnerability (CVE-2017-1000250).
  • All Linux devices from version 3.3-rc1 (released in October 2011) are affected by the remote code execution vulnerability (CVE-2017-1000251).

Examples of impacted devices:

Information on Linux updates will be provided as soon as they are live.

iOS

0

Which files in the SEP Manager need to be monitored? (PCI)

September 13, 2017, 8:49 am
$
0
0
I need a solution

As per PCI 11.5:

"Deploy file-integrity monitoring software to alert personnel to unauthorized modification of critical system files, configuration files, or content files; and configure the software to perform critical file comparisons at least weekly."

Which files on the SEP Manager are deemed "critical system files, configuration files, or content files" ?

I'm setting up a File Integrity Montioring (FIM) solution, and need to know which files I need to watch for changes, that normally shouldn't be changed on the SEP Manager.

Thanks,

Brian

0

unable to find back trace information in Symantec Endpoint Protection

September 13, 2017, 10:49 am
$
0
0
I need a solution

I can not find back trace information in traffic in SEP when i try to get ip details its unable 

can you please guid me is it possible to get information of all hopes?

0

How to re-order the default management server list?

September 13, 2017, 5:00 pm
$
0
0
I need a solution

Hi everyone,

Just to be sure we're on the same page: I DO NOT WANT TO DELETE the default management server list. I just want to re-order it so that the top choice isn't an IP address but rather the FQDN of the management SEPM server. As it stands by default the list contains 3 entries on a single SEPM deployment:

1. the IP address of the SEPM server 

2. the host name of the SEPM server 

3. the FQDN of the SEPM server 

This is a simple deployment; one SEPM 12.1.4013.4013; no replication; no multiple sites or domains or any other complexities.

The reason I want to have FQDN of the management server on top is that so all SEP clients make that their first choice in precipitation of a future changes. That's all.

Now I do know that one can NOT delete the default management server list - fine but can I edit it so that the first choice is NOT an IP address but the FQDN of the only SEPM server?

Thank you

~B 

0

Easiest way to move from one SEPM Server to another ??

September 13, 2017, 8:46 pm
$
0
0
I need a solution

Hi,

I have 1,xxx clients run on a SEPM server (12.1.5 with embedded DB) which occasionally crash.

Now we already have a new SEPM server (fresh install with MS SQL Server). And we want the clients from old server to report to this new server.

The company is very strict with their security policy so there're some conditions, I've tried several method but still doesn't work.

Here's what I tried.

1. Export and Import Sylink.xml 
>> This works on test site, but we cannot use this method since there're 1,xxx clients and we can't access the physical client.

2. Remote push
>> Doesn't work, couldn't scan the client since the compay doesn't allow ping and network sharing.

3. From the old server, I try adding the new server as primary and then deploy this new communication.
>> I can see the client trying to connect to the new server. but got error "The request was not in the expected format"
>> Anything I need to do if I want to complete this method? Looks like the client refuse to connect to the new server.

Any advise is appreciated.

Regards,
TK

0

Client windows 10

September 14, 2017, 12:12 am
$
0
0
I need a solution

Hello,

I tried to install Symantec Endpoint Protection version 14.0.1904.0000 for WIN64BIT  on Windows 10 but I receive the following message: This app can't run on this PC!!!!

0
Search

can SEP client block exe running from DVD-r or CD-R?

September 14, 2017, 3:21 am
$
0
0
I need a solution

HI,

Can Symantec Endpoint protection Client block the running process of exe residing on DVD-r or CD-R?

If its possible where should i need to do changes in Symantec Endpoint Protection Manager version 14?

Quick reply will be appreciated.

Thanks and Regards,

Tejas

0

Windows Firewall and Symantec Firewall simultaniously

September 14, 2017, 5:37 am
$
0
0
I need a solution

Hi there,

at first. I know it is not a recommended configuration.

But we have a lot of software installed that generates their "exceptions" while install. So i cannot deploy Symantec with the standard settings.

The only thing to achieve is that i can block surfing or traffic to wildcard DNS like *.dropbox.com or other sites that are not allowed from the clients. Yes we can block this in our company firewall but there are 80% mobile workers who surf with their 3G/4G or Wireless.

I cannot achieve this with Windows Firewall (at least i could not find anything) so i thought i can use Symantec for this. At the moment the Client is installed without the firewall part. But for the new deployment i would like to use this blocking or other features that need an active firewall.

So should i just but any / any to inbound/outbound rules. Leave the windows firewall active and move the domains to block to the top?

Best regards

Stephan

0

Remote Desktop Connections

September 14, 2017, 6:26 am
$
0
0
I need a solution

Hi Dear ,

Is there a Remote Desktop Connections features in symantec endpoint manager ? so that help to access any client throw it.

Regards ,

Ali

0

SEP12 to SEP14 migration - Domain export/import with NAC settings in policy

September 14, 2017, 6:51 am
$
0
0
I need a solution

Hi,

one of our customers is facing an issue with SEP 14 MP2.

We have migrated from SEP 12.1.6 MP7 and performed a new SEP 14 installation.

Customer used NAC before and had the setting in “General settings” activated. 

We exported the domain in SEP 12 and imported in SEP 14

After installation of a new client with default installation package from 14, we see “Network Access Control” in client UI. Is there any option to disable it later on or via database script?

Thanks in advance!

0

Symantic Endpoint Protection, Windows 2016 - Network Connectivity Problems

September 14, 2017, 7:03 am
$
0
0
I need a solution

Hi All,

We have a windows 2016 web server which runs RDP, Database Server & IIS.

We have added the applications, Configured the database able to connect to all of the servers services as expected (Windows Firewall configured to permit WebServer/RDP access etc)

We install Symantec Endpoint Protection 14 on to this system. After this we are no longer able to connect to these services.

Assumed that the Symantic Endpoint Firewall was the issue so we configured the Endpoint Protection firewall to permit Port 80,443 and RDP - First Rule in the List.

We are still unable to access these services over the network.

We therefore disabled the network protection. Still unavilable.

Disabled all aspects of the Symantic Endpoint protection. Still Unavilable.

Uninstalled Symantic endpoint protection. Services are running but are Still Unavilable. Checked the windows firewall for incoming rules which are present.

This is a virtual machine so we revert to the backup snapshot we took - Services are now avilable and working. Install Symantic again, Same symtoms.

Is defiently SEP which is causing the issues and its not a configuration issue with the firewall as proven by the uninstall of symantic still causing the issues.

At all states we are able to ping the system and the system is able to access external/internal services.

If anyone has any suggestions it would be apprivated. I'd raise a case but waiting on symantic to add my license details out my symantic account.

Thanks

Joe.

0

Symantec Endpoint Protection Manager could not update Intrusion Prevention Signatures 14.0

September 14, 2017, 8:21 am
$
0
0
I need a solution

Has anyone experienced the error Symantec Endpoint Protection Manager could not update Intrusion Prevention Signatures 14.0 since about September 6th with SEPM Version 14.0 MP2?  I had the same issue with SEP 12.1 RU6 last month.  See https://www.symantec.com/connect/forums/could-not-update-client-intrusion-detection-system-signatures-121-ru6 and the issue was fixed automatically after a couple of weeks.  I am not seeing any info on this with 14.0 MP2.  Both intrusion prevention signatures 14.0 and 14.0 MP2 are stuck on 9/6/2017 r21?  I would love to know why this keep happening.  Please fix or tell me how to fix it.

Thanks for your help!

0

Screen flashes / explorer crashing in Windows 10

September 14, 2017, 1:16 pm
$
0
0
I need a solution

I installed SEP on 3 workstations at our Church. I installed it as the built-in Administrator account.

After doing so, I can log in as other users, but can no longer use the built-in admin account anymore. When I log in, the screne constantly flickers and expllorer crashes every other second and I can't browse around or open any applications.

After uninstalling SEP, the problem goes away. If I re-install it, the problem comes back again.

Strange thing though: This only happened on 2 of the 3 computers. Not rhyme or reason as to why.

Any suggestions on how I can get this resolved?

0
Search

Script / Automation Full Definition Download

September 14, 2017, 1:29 pm
$
0
0
I need a solution

Hi,

We enable Full Definitions Download and allow our client to download the full definition via internet, we enable this because some clients are outdated and had problem on downloading the full definition on their local GUPs.

Question:

-Is there a script or way to schedule the enable and disable of "Full Definition Download"

-What else might be the problem why client are not downloading the full definition on their local GUPs?

0

Win 10 Fall Creator's Update (or whatever its called)

September 14, 2017, 2:49 pm
$
0
0
I need a solution

Hi,

I thought I would get the ball rolling.  The next upgrade of Win 10 is scheduled to be released sometime in October 2017.  I know the release of SEP 14 RU1 is imminent.  It looks like RU1 will resolve many current SEP issues.  What is Symantec's time-line for support of the next Win 10 release?   Hopefully RU1 will clear up many bugs in SEP but it is a bit discouraging this is coming right before a new Win 10 release.  I have been reading Microsoft is hardening security in this next release and IMHO SEP will have conflicts that will need to be addressed.

Thanks,

CQ

0

Locking Down a Win7 Pro so only a few programs can run

September 15, 2017, 8:48 am
$
0
0
I need a solution

SEP Forum,

Got hit with a very specific question that I am not exactly sure this product can resolve. Wondering if anyone out there has some insights or suggestions.

Management wants a group of computers locked down so they can only run 2-3 installed programs.  All internet, chat, FTP, etc blocked.  No mapping of drives. No USB sticks.  No customizations of the PC what-so-ever.  You run these 2-3 programs only. The rest of the PC is basically a door stop.

On concept, I think I can tell SEP to block everything and then add exceptions but I think I will find it harder than that because applications may need components like .net and I don't want to stop internal processes like Windows Updates and Defrag.

I think it is an interesting concept/challenge.  I don't want to say no right off the bat without at least exploring the possibility.  Any productive thoughts would be appreciated.

Douglas

0

Incident response presentation for virus removal

September 16, 2017, 4:14 pm
$
0
0
I need a solution

I need incident response presentation for virus removal and trouble shooting.. please share me 

0

Redeploying SEP clients using third party tool

September 17, 2017, 11:51 pm
$
0
0
I need a solution

Hi

We are redeploying SEP client installer for both x86 and x64 using a thrid party tool (Tivoli Endpoint Manager Client Deploy Tool) and the success rate of deployment is not that high.

I was thinking if the tamper protection and the password settings set to SEPM is the one causing deployment of SEP clients fail.

Currently the tamper protection is set as block and log and we have set password for SEP client.

Is it possible that these 2 setting is the reason why some SEP client deployment fail?

Or do you experience any issue using third party tool?

Thanks in advanced.

0
Viewing all 5734 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>