Hello all,
It seems like Symantec is publishing it's own IP Address (98.158.243.x) and hiding the correct Public IP Address I get at home. I understand it's good for security but, I need to use my own Public IP in order to connect to my company's Internet. This is the first time this has happened to me and I was not able to find a solution for it on my own. My question is, how can I disable this feature?
Thank you,
Sam M.
I got the below email alert but the sepm stil function, may I know any suggest for this error ?
I also found the sem5.log already 3,897,888kb, may I know any limit for the log file ?
Server System Events
|
I using SEPM Version is 12.1.5337.5000 in Windows Server 2008r2
hello,
we have upgraded SEP12 to 14 after upgradation around 1000+ clients reflecting offline on daily basis.we have done all the necessary steps to resolve the issue but its same.the systems are connected once in day or week after its reflecting offline.
Other issues:
notification from home page it shoud be export in some file formate so we can easily monitor and create the report
if we apply device control policy as per shedule time line so it will help to adminstrator to control device access and less manual efforts required
Hi does anyone know how ot extend the days before SEP14 gives a definitions out of date warning? I have mannaged to find how to do it in RegEdit for SEP 12 from other forums but cannot duplicate fix for SEP 14. I have dark net instalations and do not want the wanring to come up until 33 days has past since pay virus definition update.
Hi Team,
Every now and then, one of my servers will have SEP detect a potential threat or an active attack. The SEP notification will pop up just briefly enough for me to see what was happening. However, when I go to investigate the logs, they're completely empty. The only details I can find are the recent scan logs, which are also empty.
The most recent event occurred while I was still logged in. My VCenter had been open overnight and my profile never locked. This isn't the first time it's happened and it mostly occurs on my servers that are web facing.
Any ideas? I'll offer as much info as I can. I'd love to be able to find these logs and the details on the threat that occurred so I can maybe try to remediate.
Thanks
We recently upgraded our SEPM and rolled out SEP 14.2.1031.0100. Since the update, users attempting to run an MS .Net ClickOnce App (DeltekVision.exe) are met with a blank Microsoft Edge window and the ClickOnce (dfsvc.exe in C:\Windows\Microsoft.NET\Framework64\v4.0.30319) process running hung in task manager with very high CPU consumption. The workaround is to set Internet Explorer as the true default, although we would prefer to have Edge as the system default. Any thoughts on how to exempt the ClickOnce process? We already tried a central exemption of the executables listed above. Clearly there is a difference in the release (new feature?) as this only affects clients with 14.2.1031.0100. Thoughts, greatly appreciated. Thanks.
Hi,
I have observed that everyday Out-of-date machines count is increasing.Please suggest.
Hi,
I want exclude a folder from being scanned, but option is greyed out. Please help how to go about?
Thanks!
I am having problems with understanding Actual Action and Secondary Action. In forum the answer is:
Actual action - the action SEP took to remdiate the threat
Requested action - usually the same as actual action. this is action SEP is wants to perform.
Secondary action - action to take if the actual action does not work
How do we know that the Actual Action didn't work and the Secondary Action was then taken?
What is the meaning of 'Application Type: 127' ?
SEPM 으로 현재 연결되어있는 각 클라이언트들의 바이러스 정의 패턴이 어떻게 적용되었는지 확인할 수가 없네요.
클라이언트 정보에서 정의 패턴이 어떻게 적용되었는지 확인이 됐으면 합니다.
**
I can not see how the virus definition pattern of each client currently connected to SEPM is applied.
I would like to see how the definition pattern is applied in the client information.
Configured the 14.2 RU1 client upgrade to "Distribute upgrades over 30 days". A couple hours later I noticed more then half of our workstations were pending reboots from upgrades. Has anyone else experienced 14.2 RU1 upgrading clients right away instead of distributing over the set number of days?
I used below endpoint, It's need to 'file_path' (query param) so I couldn't find any file path to use this endpoint; could you please tell how to get the file path.
- /api/v1/cammand-queue/files
I referred this documentation
https://apidocs.symantec.com/home/saep#_run_a_scan...
Thank you.
Hi Guys,
I have an issue where File path is being shown as "Unavailable" in risk log and the source of detection is "Scheduled Scan".
On raising a ticket with Symantec they said that possibly the file is still in RAM. Does Auto-Protect and Scheduled Scan have the ability to scan files in RAM?
Most of the forums that I have seen points to detection source as Download insight however there is no mention about detection using Auto-Protect and Scheduled Scan.
Please share a few instances when File path is shown as "Unavailable" and if it does how do we actually remediate the infection?
Thanks,
Vasudev
Hi!
I have just upgraded my SEPM and some clients from 14.0.3876.1100 to 14.2.3332.1000. I noticed that most of my windows 2012 R2 and windows 2008 servers either having system freezed or SEP clients crashed with the following application error in the event logs:
faulting application name: ccSvcHst.exe, version: 13.4.0.26
faulting module name: libcurl-wintls.dll, version 7.64.0.0
Exception Code: 0xc0000005
fault offset: 0x00000b3ac
I had opened a Support Case with symantec, but still no solution..
Does anyone out there having the same issue? how did you manage to resolve?
Regards,
Isaac
When I click on "GET SOFTWARE" in MySymantec account (the page that shows the software detail and serial number), it just redirects me to the MySymantec logged i page. What am I supposed to do?
Cheers,
Russell Coghlan
Perth, WA, Australia
I used below endpoint to upload the file from SEP to SEPM so I want to fetch uploaded data I used this endpoint (command-queue/file/{file_id}/details) to do that but it needs to file_id; but the first endpoint only returns the command_id.. Please someone help me to get the file_id.
1.api/v1/command-queue/files
When I try to move it to the column from the right with admin rights, I get this error:
"Login to xxxx (xx.x.xx.xx) failed. The client could not be installed on the remote computer
For detailed information about possible solutions, see the following Symantec Technical Support Knowloadge base article......."
We have already checked the ports needed and all of them are opened
Someone know how to scan client machine remotly I used it for below endpoint, so It's need eoc.xsd, I got that file but I don't know how to use it. could you please someone explain how to use that.
- api/v1/command-queue/eoc
Hi All,
I known that
Actual action - the action SEP took to remediate the threat
Requested action - usually the same as actual action. this is action SEP is wants to perform.
Secondary action - action to take if the actual action does not work
But I found some logs shown "Actual action: Deleted, Requested action: Deleted, Secondary action: Left alone".
What does this mean? pls help me.
Thank you.
Hello,
With SEP 15 cloud, all client is directly connect to the managment console cloud.
It's possible to install a liveupdate server on local to carry update from symantec website and permit client to download virus definitions on local?
