Quantcast
Channel: Symantec Connect - Security - Discussions
Viewing all 5734 articles
Browse latest View live

How to exclude a host IP from denial of service events

February 9, 2018, 1:01 am
$
0
0
I need a solution

Hi,

Does anyone know how to add a host to be excluded for the following event:

Event Description: Denial of Service "Smurf" attack detected. Description: A Smurf attack occurs when a hacker spoofs your system's IP address and then broadcasts a ping request to several subnets. The resulting deluge of ping responses ties up your system as well as the various network subnets pinged.
Event Type: Denial of Service
Hack Type: 4097
Severity: Major and above
Application Name: N\A
Network Protocol: ICMP
Traffic Direction: Outbound

0
Search

Install additional management server with embedded database.

February 9, 2018, 2:54 am
$
0
0
I need a solution

Hi all!

I have SEPM 12.1.6 (12.1 RU6 MP) with embedded database on Windows 2008 Enterprise 32-bit  installed.

Because the new SEPM 14 doesn't support 32-bit systems, an in-place upgrade is impossible,so i have installed a new temporary server with Windows 2012 R2 64-bit

and trying to install additional SEPM management server to my site.

The problem is that installation wizard asks me about location of MS SQL Client tools and SQL server location and port ( i tryed both SEPM 12 & SEPM 14 ), and don't allow me to

choose Embedded database.

Why i need to install SQL server for 100-client installation? How can i install secondary management server with embedded database?

Regards, Alex

0

Disable saving of VBS files from mail

February 9, 2018, 8:35 am
$
0
0
I need a solution

More malware is coming in via links to web sites that want to to download and runa VB script

Is there a way to disable the saving (or execution) of VB script files

I see in Policies / Applicaiton and Device Control / Application Control that there is an option to enable various scripts and files (eg : autorun.inf)

Is there any downside in enabling AC7 (Block access to scripts)

Thanks,

Steve

0

Firewall is malfunctioning

February 9, 2018, 11:55 pm

One SEPM for SEP 12.1 and 14.1 agents

February 11, 2018, 2:58 am
$
0
0
I need a solution

Hello everybody,

Want to monitor SEP12.1 and SEP14.1 agents from a single SEPM. SEP12.1 using on Windows XP.

How can it be done perfectly where from one single SEPM both SEP14.1 and SEP12.1 agent computers can be monitored and administrate well.

Looking for a solution please.  

Thanks in Advance 

@Riyad

0

SEP Client for MAC

February 12, 2018, 12:19 am
$
0
0
I need a solution

Hello guys,

I am trying to install SEP client on iOS. I have exported the setup Client for this OS.

But after successfull instalation on MacBook I can not see this computer in the specific group.

Could anybody help me please?

Thank you

0

Reinstall SEP Client

February 12, 2018, 12:30 am
$
0
0
I need a solution

Hello guys, 

I am trying to solve this issue. I have exported SEP client setup files each group.

After installing SEP on a new computer, the comuputer appears in the right group.That is good.

But if I uninstall SEP client (this client is for group A) and install the new SEP clinet (for example for Group B),

the computer will show up again in Group A. Each group has own policies. I have tried delete the computer in SEP manager

and install it again, but the result is the same. The computer shows up in the group A again.

Could anyone please help me with this issue.

Thank you.

0

IPS and Nessus scanner

February 12, 2018, 2:52 am
$
0
0
I need a solution

Hello,

according https://support.symantec.com/en_US/article.TECH239... I added IP Nessus scanner to IPS Excluded Hosts list. But I can see records on the Nessus host itself. How do I get rid of these records?

Signature Name:Web Attack: Nessus Vulnerability Scanner Activity 3
Signature ID:30369
Signature Sub ID:71921
Intrusion URL:d456187.usb.root.lc:49152/
Intrusion Payload URL:N/A
Event Description:[SID: 30369] Web Attack: Nessus Vulnerability Scanner Activity 3 attack blocked. Traffic has been blocked for this application: C:\PROGRAM FILES\TENABLE\NESSUS\NESSUSD.EXE
Event Type:Intrusion Prevention
Hack Type:0
Severity:Critical
Application Name:C:\PROGRAM FILES\TENABLE\NESSUS\NESSUSD.EXE
Network Protocol:TCP
Traffic Direction:Outbound
0
Search

Centralized Reputation Component

February 12, 2018, 10:22 am
$
0
0
I need a solution

Two of our servers need a restart based on the following error "the centralized reputation component has a component configuration error to fix."

Obviously they need a restart, but what exactly is the centralized reputation component?  Knowing that will help us decide if this needs to be done today or can wait until the weekend.

0
1518460849

Symantec Endpoint Protection is not compatible with the upgrade

February 12, 2018, 10:37 am
$
0
0
I need a solution

Hello

I have an issue about Windows 10,  when windows is looking for updates, it shows a message:

  • Symantec Endpoint Protection " Uninstall this app now beacuase it isn't copatible with Windows 10"  due to that issue windows doesn't allow to upgrade

0

Exceptions - process vs application

February 12, 2018, 3:06 pm
$
0
0
I need a solution

If I need to exclude an .exe process - should I exlude that as an application or as a file?

0

SEP with Application Control on stand-alone PC

February 13, 2018, 12:13 am
$
0
0
I need a solution

Hi there,

One of our customers wants to install Symantec Endpoint Protection V14 on a standalone (neither network nor internet access) PC - so far so good. The customer has a special interest in implementing the Application Control mechanism within SEP V14. My question is if it is possible to install, configure and run Application Control on a stand-alone PC (Win 10 Pro) ?

Thanks a lot.

Best regards,

Christoph 

0

Actual Action Details Pending

February 12, 2018, 1:01 pm
$
0
0
I need a solution

Hello,

Is it safe to assume that if an event says Actual Action: Details pending it will eventually be followed by the Requested Action?
 

For example:

Actual action: Details pending,Requested action: Quarantined

Thank you!

0
1518548165

Porting custom HI policy templates onto a standalone system

February 12, 2018, 7:27 pm
$
0
0
I need a solution

Hi all,

I currently need to deploy SEP 14 on a standalone machine which is isolated and I would like to know if it is possible to download the custom Host Integrity policy templates, such as the Secure Workstation templates, from Symantec LiveUpdate onto a separate machine and transfer it into the standalone machine when the opportunity arises.

If anyone could point me to a documentation that shows if it can be done, I would greatly appreciate it.

Thank you in advance,

Joel

0
1518567743

SEPM unkown error after upgrade 12.1.6 to 14 clients not updating definitions

February 13, 2018, 12:06 am
$
0
0
I need a solution

After upgrade from 12.1.6 to 14.0.1 (14 RU1) clients stopped updating definitions. All clients with old and new client version.

Than I upgraded to 14.0.1.1 (14 RU1 MP1) but it didnt help. Clients are communicating with sepm. Sepm updates definitions correctly.

I also upgrade few replica servers and they works fine.

There are a lot of unkown errors in sepm:

java.lang.NullPointerException com.sygate.scm.server.util.ServerException: unexpected server error.
at com.sygate.scm.server.util.ServerLogger.log(ServerLogger.java:476)
at com.sygate.scm.server.util.ServerLogger.log(ServerLogger.java:441)
at com.sygate.scm.server.util.ServerLogger.log(ServerLogger.java:437)
at com.sygate.scm.server.util.ServerLogger.log(ServerLogger.java:433)
at com.sygate.scm.server.task.PackageTask.run(PackageTask.java:817)
at java.util.TimerThread.mainLoop(Timer.java:555)
at java.util.TimerThread.run(Timer.java:505)
Caused by: java.lang.NullPointerException

yeasterday many below errors but today only above:

2018-02-12 12:57:54.096 THREAD 35 WARNING: Recompile all groups for key [progress.serverVersion].
2018-02-12 12:57:56.589 THREAD 35 SEVERE: Unknown Exception in: com.sygate.scm.server.task.PackageTask
java.lang.NullPointerException
    at com.sygate.scm.server.metadata.BinaryFileCollection.getFile(BinaryFileCollection.java:2266)
    at com.sygate.scm.server.metadata.MetadataManager.getFile(MetadataManager.java:579)
    at com.sygate.scm.server.metadata.MetadataManager.getFile(MetadataManager.java:574)
    at com.sygate.scm.server.configmanager.ConfigManager.getFile(ConfigManager.java:2500)
    at com.sygate.scm.server.task.PackageTask.writeBinaryFileToDisk(PackageTask.java:4182)
    at com.sygate.scm.server.task.PackageTask.publishContent(PackageTask.java:3981)
    at com.sygate.scm.server.task.PackageTask.publishLiveUpdateDirectory(PackageTask.java:3672)
    at com.sygate.scm.server.task.PackageTask.publishSecurityContents(PackageTask.java:926)
    at com.sygate.scm.server.task.PackageTask.run(PackageTask.java:583)
    at java.util.TimerThread.mainLoop(Timer.java:555)
    at java.util.TimerThread.run(Timer.java:505)

0

Search

SEPM 12.1.6MP5 Port 80 Uses

February 13, 2018, 7:56 am
$
0
0
I need a solution

I am running SEPM 12.1.6 MP5 on Windows Server 2012 R2 Datacenter with an external database. 

The server is in an extremely controlled environment and security is wanting us to justify Port 80.  We do not use LiveUpdate but import virus definitions from the previous day from our user network Symantec Server (by downloading the .jdb file) to this server as a requirement. Please don't get lost in the WHY we do that ... I just need to know if we can safely disable port 80 if we are not using Live Update?  I previously understood Port 80 was required for the User Interface Web GUI and/or communications between the SEPM and the client.  I have looked at several links and could not really verify my understanding of this port.  I appreciate any guidance you can lend.  Thanks!

0
1518539635

SEP 14 vs. Cisco Umbrella

February 13, 2018, 8:30 am
$
0
0
I need a solution

We recently upgraded to SEP v14.0 RU1 MP1 build 3876. Our clients have the Cisco Umbrella Client v 2.1.0. Multiple people, including myself, have noticed that SEP doesn't seem to be playing well with the Umbrella client. (SEP 12 did not have any issues.) For me, when I browse the web, CPU use for Chrome & IE both shoot up when I go to a webpage. Even opening blank tab causes it. I am normally playing music in VLC and it stutters something fierce. A couple instances of chrome.exe shoot up to 25 in the Task Manager. Occasionally dnscrypt-proxy.exe, part of the Umbrella client, will also start hogging CPU.

I uninstalled SEP and everything was fine immediately. I reinstalled it and found that the problem started again, though not as bad as before. However, it has gradually gotten worse and is back to where it was.

Has anyone else noticed this kind of behavior or any other conflict between SEP 14 and Cisco Umbrella?

Skip

0

Having issues blocking Files & Applications

February 13, 2018, 11:09 am
$
0
0
I need a solution

I'm testing the Applciation & Device Control policy and I've ran in to an issue.

I've created a custom Bat file and I've attempted to block the file using its MD5 hash.

After reading and follwoing the documentation; I can still launch the Bat File.

https://support.symantec.com/en_US/article.HOWTO80...

Has anyone tried to block files by MD5 Hash?

Is there a better discpritive tutorial on how to block rogue files and appliations?

0

Best practice for Exceptions

February 13, 2018, 12:54 pm
$
0
0
I need a solution

I am trying to do some clean up and better management of our SEP environment. Currently we have our groups laid out in this fashion:

- Main company

       - default group

- Our organization

      - Servers

             (Under here are the individual server groups)

       - Workstations

             (Under here are the individual workstation groups)

Th issue I run into is that the individual groups do not inherit the policies of the parent (due to exceptions and such), so when I do have an exception that I need to apply to all devices, I have to go into every policy (Which currently sits at about 60) and add the exception in.

Is there a better way of managing the exceptions that apply to all devices, while still having the individual policies for application exceptions?

0

Symantec EndPoint Protection API and User Access

February 13, 2018, 1:24 pm
$
0
0
I need a solution

I could connect to Symantec Endpoint Protection 14.x via API. I Can do this with sysadmin user:

"role": {"bitMask": 8,"title": "sysadmin"
}

when I change this user to admin, I couldn't access some resources like groups and fingerprints (I can do this from admin panel)

"role": {"bitMask": 4,"title": "admin"
}

Is it normal? Why couldn't admin access to resources? some companies don't want to give sysadmin user for integrations. Is there any solution for this?

Any help or document would be appreciated.

0
Viewing all 5734 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>