Dears,
I have a situation where I configured multiple GUP list by creating a rule that match by IP address and added in the list the IP addresses of the machines that should be acting as GUP in the subnet but after making sure that policy serial number is the latest on the machines when i open the client properties it says GUP "false".
Any idea what could be going wrong?
Thanks in Advance
Bonjour,
J'ai 2 serveurs physiques SEPM 12.1.5. (serveur A et serveur B) sous Windows 2003 avec chacun leur base de clients distinctes
J'ai crée une machine virtuelle sous Windows 2016 server (serveur C) sur laquelle je souhaite rassembler les 2 bases sur ce serveur pour n'en faire qu'une.
Le but final étant de supprimer les 2 anciens serveurs physiques et de migrer ensuite vers SEPM 14
Comment dois-je procéder ?
Merci
Hello. We've just migrated to Symantec from McAfee and are in the process of deploying clients, so am quite new to Symantec. I've enabled 2 machines (one on each of our subnets) as Unmanaged Detectors and can view the results under Home > Security Status > Security Status Details > Unknown Device Failures. Ideally what I'd like to do now is produce a report on these devices so I can identify them further and act (resolving the ip address to a name would be nice but even just a list of IPs would do). Can anyone help with any advice on this? Thanks.
Hi,
we are wondering if we can create an exception for files which is based on hash value but ignores file path.
When adding a file through risk log or application learning, the exception is always based on hash and file path. We want an exception based on hash which ignores where the file is located at.
Is that possible?
Regards
concentric
Hi All,
Here is the issue i'm facing. i have upgraded sepm et clients to version 14 but no update definitions coming.
When i lauch liveupdate it says no virus definitions found.
Thanks !
E.Y
Hello Symantec Team,
We purchased Symantec EP ( version 14 Mp2) with high hopes that it would be a smooth roll out. We have lot of 64bit Ubuntu Linux systems. The issue that we ran into is what is described in this tech article : https://support.symantec.com/en_US/article.TECH228118.html
All of our 64bit linux systems already have libc6 & libstdc++6 installed by default. There is a heavy dependency of these 2 libraries on our project applications & to the functioning of the OS as a whole. I am sorry, but does Dev team assume that it is that easy to just remove off libc6:64 bit & replace them with libc:32 bit ? Our case is no different than any other customer or end user who have either a web application or some other application installed on their 64bit linux systems which make use of libc6 & libstdc++6.
Pls see below attachment. Just as an example, If we try to remove libc6:amd64 from an existing 64bit system, the system warns us that it will have to further remove all those packages that are dependant on libc6 as well. This will technically make our system unusable if we were to proceed. I have a tech support ticket open but i am pretty sure there won't be any immediate fix & most likely i would be told to submit a feature request which can take months.
Is anybody else in the same boat as us ? Any advise will be appreciated.
Thanks,
Neeraj Shah
CyberSecurity Engineer
Hey guys,
What's the best approch for this? We need to migrate our SEPM to a new server bu we can' reuse the same IP address, how can we do this? Also we are using SQL Server for the database but we're not going to move it.
Thank you,
Hello,
I have upgrade my test server. I did not have issue during upgrade, all steps was the same like in previous upgrades. Unfortunately, after upgrade I found an issue. My Manager cannot open GUI when 'Symantec Enpoint Protection Manager API Service" is started. When I stop this service GUI open as expected. I can see in task manager that processes are running but guii wont open :
When I stop this service , manager GUI open corectly:
Someone can explain me why this issue happen?
Hello all,
Here is my case:
We had a SEP 12.1.6 MP5 with external DB connection to our SQL System (SQL Standard 2012 11.0.6523.0)
I want to migrate our SEPM System to a new VM so i did these steps
1. On the OLD i did Upgrade to latest Version 14.0.0 MP2 withoun any issue
2.On the New VM i installed Same Version "14.0.0 MP2" and i connected to the same external SQL DB with the configuration Wizard as a failover server.
3. I Created a new Management server Policy with the New Server and applied to the Group Of clients so they will connect to the new system.
4. All clients that point to the new they connect without issues (All running fine).
Now to my issue:
Since i upgraded to v14.0.0 MP2 i have a lot of errors (every 2min) on SQL server side under "System Event Log" about schannel. I dont know if they come from a connection from the old or from the new system. I suppose they come from both
Event ID 36888
The following fatal alert was generated: 20. The internal error state is 960.
Based on this (support.microsoft.com/en-us/help/3135244/tls-1-2-support-for-microsoft-sql-server) my SQL version supports TLS
How can i resolve the issue without disabling the Schannel Event Log?
Thanks in advance,
Andreas
Does anyone have any ideas for managing this with SEP 12.7.x? They want to block download of CCleaner all versions.
Our apps team is trying to develop a process that will execute a doscan on a file when it is dropped to a specific folder on a server. They need the process to run and then when it is complete, if the file still exists (was not deleted/quarantined by SEP) , then continues with other processing (non-SEP related).
The process was working during some initial testing, but now that they started to throw some load, we see multiple doscan.exe process (one for each file dropped) which causes the scans to never complete. We tried to end the task, but we get "Access denied" and the server has to be rebooted.
Has anyone tried something similar to this before? If so, any luck getting it to work?
I mentioned that this seems like a job for Symantec Protection Engine, but we do not really have that here, so we have been attempting to get this running.
We also tried the "/A" switch, but since they are waiting for the result of the scan before continuing, this is not an option.
Thanks
Martin
Hi, I am using SEP12.0 in my environment. its support expired 2015. can i go for version upgrade? or go for new licenses.
Hello,
I have a Windows Server 2008 R2 SP1 production environment with Citrix User Profile Management installed. On these servers we are running Symantec Endpoint Protection version 14.0.2349.0100. This in essence utilizes the Windows Roaming profile mechanism and local user profiles are created under C:\Users. Occasionally, I observe the following behavior:
When a user logs off from Citrix, the corresponding local profile folder under C:\Users is not deleted thus creating issues with Citrix profile properties not being retained as a temporary profile is created on subsequent logon. After having carried out in-depth troubleshooting, the issue is narrowed down to the following folder/file not being deleted.
If i try to manually delete these folders I get an "Access is Denied" error and I cannot change the owner of the folders to any domain administrator or local administrator user.
The above file/folder cannot be deleted due to permissions/security reasons and they are only deleted after server reboot or if I temporarily disable the Symantec client on the affected servers, which of course is not an acceptable fix to the issue. We have tried applying MS hotfix https://support.microsoft.com/en-us/help/2661663/stale-user-profile-folders-are-not-deleted-completely-in-windows-7-or on the affected servers but to no avail.
Do you have any ideas or thoughts? Is this is a known issue with Symantec Endpoint Protection? Is there a Symantec or Microsoft specific patch which fixes this issue?
Hi,
one of our customers is facing the following issue.
When they're running a software that tries to sync files from a USB device, SEP automatically creates a file called Lightningsand.cfd on the device which causes the sync job to fail. The software is not able to exclude certain file extensions. Is there any way to fix this?
Thanks!
Hi,
We use IPv4 manual IPs,
When a client(12.1.6 MP8) tick(select) the checkbox (under local area connection settings) IPv6 : then the result is policy applied to the client simply bypasses.
I mean policy works only on with IPV4.
Any workaround
Thanks,
I'm trying to update my 14.0 MP1 installation as usual, by running the downloaded installer. It asks if i want to update, asks if i want to do DB backup and then it starts updating. Last thing shown is that it is waiting for LiveUpdate. Then it throws a bunch of cmd windows and starts to roll back. And now i have unfunctional SEPM server. Where can i see why it fails to update. Is my install completely broken now and do i have to do clean install now?
I have a SEPM server on an air-gapped network. I've been updating it via a LiveUpdate Administrator server which could connect to the Internet, but now that's become unavailable.
When I copy the jdb files according to this guide https://support.symantec.com/en_US/article.TECH102... , nothing happens. I think the permissions are OK. Lots of sem... users have rights.
I've tried both the dark network definitions (which I want) and the normal definitions:
I'm running version 14.0.2415.0200 on the SEPM server. The server has been upgraded from version 12:
I hope someone can help, maybe let me know which logs I could look at.
Thanks,
Marius
management server running on windows 2008 server.
currently on symantec endpoint protection 12.1 ru6 MP5, wanting to upgrade to latest version, 14.0 MP2
first step is to upgrade the management server, so I have backed up the database, then ended the management server, and then attempted the upgrade.
but each time I attempt upgrade, I get prompt to repair or uninstall instead of upgrading.
am I missing a step?
Just a heads up, we ran into an issue with a handful of Windows 7 x64 workstations with the upgrade from SEPM 12.1 to SEPM14.0 MP2.
Installing the SEP14 client, IE fails to launch. When users (even local administrators) try to launch IE, via command line or taskbar/start menu/desktop shotcurt, the process starts for a second then silently exits.
We tested different Feature Sets for the installer, and it came down to Advanced Download Protection (which also unchecks SONAR because ADP is a required component).
This isn't affecting all Windows 7 workstations running SEP14 clients (version 14.0.2415.0200), just a handful out of hundreds. Still trying to isolate the WHY of that. Has anyone else experienced this behavior?
Hello all,
Here is my case:
We had a SEP 12.1.6 MP5 with external DB connection to our SQL System (SQL Standard 2012 11.0.6523.0)
I want to migrate our SEPM System to a new VM so i did these steps
1. On the OLD i did Upgrade to latest Version 14.0.0 MP2 withoun any issue
2.On the New VM i installed Same Version "14.0.0 MP2" and i connected to the same external SQL DB with the configuration Wizard as a failover server.
3. I Created a new Management server Policy with the New Server and applied to the Group Of clients so they will connect to the new system.
4. All clients that point to the new they connect without issues (All running fine).
Now to my issue:
Since i upgraded to v14.0.0 MP2 i have a lot of errors (every 2min) on SQL server side under "System Event Log" about schannel. I dont know if they come from a connection from the old or from the new system. I suppose they come from both
Event ID 36888
The following fatal alert was generated: 20. The internal error state is 960.
Based on this (support.microsoft.com/en-us/help/3135244/tls-1-2-support-for-microsoft-sql-server) my SQL version supports TLS
How can i resolve the issue without disabling the Schannel Event Log?
Thanks in advance,
Andreas