Ja, ich suche eine Lösung
I see Symantec has just released 14.2.3335.1000 . Does anyone know what changes were made since 14.2.3332.1000?
0
↧
New Version of SEP 14.2 RU1
↧
Creating Firewall Rules
Ja, ich suche eine Lösung
Does anyone know if there is an ability to allow RDP connections from end point to end point based on someting OTHER than IP? I would ideally like to create DNS rules or end point names to end point name firewall rules, since IP addresses can change, and it'll turn into a huge list of IPs that I need to keep updated.
0
↧
↧
Endpoint Protection Evidence of Compromise file validation failed
Ja, ich suche eine Lösung
I used below endpoint; but I don't know how to validate the eoc.xsd file please someone explain me how to validate the file and how to pass eoc.xsd file to request body.
- api/v1/command-queue/eoc
I got this error: Unable to provide the request - Evidence of Compromise file validation failed.
Thanks.
0
↧
SEP 14.2 Windows Server 2019 Browse Network Error
Ja, ich suche eine Lösung
When I remote push to Clients I get a network error when I browse network " The network location can not be reached, for more information see windows help". I can search via the search network function but not the browse network. I am running SEP 14.2 on Windows Server 2019 GUI. I have included a screenshot.
0
↧
What windows user rights and permissions required to run luall.exe and to install/upgrade SEPM ?
Ja, ich suche eine Lösung
In my environment ,we're runing luall.exe to update Definition in SEPM.
usually we run the luall.exe as an administrator.now our AD team going to disable all admin rights to our user.
So they requested us what kind of permission or rights for our user to perform daily SEPM tasks such as manual def update(also to upgrade SEPM).so they can create a restricted user,allowed to perform only the required task
I want to know is there any way to run/upgrade without full admin rights
I read the article about file permission https://support.symantec.com/en_US/article.TECH91181.html
which leads me to another question .whether A user without full admin rights ,can able to perform manual live update (luall.exe)\upgrade SEPM ,if that user with full access control (read,write and execute) only to all the Endpoint Protection Manager and its sub folders?
0
↧
↧
SEP Syslog(or Event log)
Ja, ich suche eine Lösung
Hello All,
I'm using SEP v14.
And I'm trying to forward SEP Syslogs to our SIEM.
But, I can't find Syslog format. To normalize in our SIEM, I have to know about syslog format which is coming in SIEM.
After nomalizing, we can monitor it with this.
Also, I'm trying to get Windows Event ID to monitor AV for us from SEP.
So, My question is..
1. Where can I get syslog format?
2. Where can I get Windows Event ID for AV monitor?
Thank you in advance for any assistance.
0
↧
SEPM 12.1 - Unexpected server error pertaining to Java
Ja, ich suche eine Lösung
Hi! We re are continously having an error in our SEPM. Please see below for the entire Stack Trace.
Please advise.
| java.lang.NumberFormatException: This is not an valid IP address. at com.sygate.scm.util.Utility.getIpLong(Utility.java:530) at com.sygate.scm.server.agentmanager.actions.AgentRegisterHandler.registerComputer(AgentRegisterHandler.java:958) at com.sygate.scm.server.agentmanager.actions.AgentRegisterHandler.agentRegister(AgentRegisterHandler.java:349) at com.sygate.scm.server.agentmanager.actions.AgentRegisterHandler.handleRegistrationRequest(AgentRegisterHandler.java:300) at com.sygate.scm.server.agentmanager.actions.AgentRegisterHandler.handleAction(AgentRegisterHandler.java:204) at com.sygate.scm.server.agentmanager.AgentRequestHandler.handleRequest(AgentRequestHandler.java:90) at com.sygate.scm.server.agentmanager.AgentRequestHandler.handleAction(AgentRequestHandler.java:130) at com.sygate.scm.server.agentmanager.AgentRequestHandler.handleRequest(AgentRequestHandler.java:90) at com.sygate.scm.server.servlet.AgentServlet.doPost(AgentServlet.java:62) at javax.servlet.http.HttpServlet.service(HttpServlet.java:646) at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at com.sygate.scm.pool.HttpResponseFilters.doFilter(HttpResponseFilters.java:82) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) at org.apache.catalina.valves.ErrorReportValve.in |
0
↧
CVE-2019-0708
Ja, ich suche eine Lösung
We are currently running a hybrid environment as we are moving from SEP12 to SEP14, so this question pertains to both versions.
Has Symantec released any signatures or behavioral/heuristic detection rules for CVE-2019-0708? Thanks.
0
↧
Folders exclusion does not seem to work
Ja, ich suche eine Lösung
Hi everyone, I need an hint about folder exclusion.
I'm a software developer, and a customer of my company uses an ERP we provide. It is a standalone app installed on about 100 clients. Every client also has a Symantec Endpoint Protection client installed. Every time we install or update our ERP, SEP deletes (or quarantine) some DLLs, but it is a false positive.
We asked our customer to add an exception in the server configuration to exclude our folders from being scanned, but it seems that is doesn't work. The customer said that, despite the exception, SEP always scans the DLLs everytime they change, and therefore they are quarantined with every update.
Is there a way to solve this problem? We can't submit a false positive for our DLLs due to the very rapid update of our software (we release a new version every 3/4 days), and we don't know how to deal with the problem.
Thanks for the support!
0
↧
↧
[SEP]Install Rollbank, SEP_INST.LOG Display "RunSymEFAQuery: exitCode converted from HRESULT: 13"
Ja, ich suche eine Lösung
Hello Everyone
1# Have any one have the same issue. SEP_INST.LOG Display Return Value 3 is ...
MSI (s) (44:D8) [15:57:43:743]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIC795.tmp, Entrypoint: RunSymEFAQuery
動作開始 15:57:43: RunSymEFAQuery。
RunSymEFAQuery: cmdline: "C:\TEMP\NTPCSEPMSI64\Program Files\Symantec\Name\Version\Bin\EFAInst.exe""Symantec Endpoint Protection 14.2.3332.1000" /query
RunSymEFAQuery: exitCode converted from HRESULT: 13
RunSymEFAQuery: The SymEFA installer query had an unexpected exit code. The current installation will fail and rollback!
CustomAction RunSymEFAQuery returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
MSI (s) (44:94) [15:57:44:292]: Machine policy value 'DisableRollback' is 0
MSI (s) (44:94) [15:57:44:292]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
動作結束 15:57:44: RunSymEFAQuery。傳回值 3。
I have create CASE, but chine support tell me don't know this error code detail....
Thanks
0
↧
Info:Content download to the server failed. Symantec Endpoint Protection Manager could not update Symantec Endpoint Protection Manager Content Catalog 14.0 RU1.
Ja, ich suche eine Lösung
Im having problem with liveupdate it says below
Info:Content download to the server failed.
Symantec Endpoint Protection Manager could not update Symantec Endpoint Protection Manager Content Catalog 14.0 RU1.
Product:Symantec Endpoint Protection Manager Content Catalog 14.0 RU1
Version:
Language:
Monikers:,{FEFE68E7-0A93-1A98-2647-DB8261242A06}
Sequence:
PublishDate:
Revision:0
Source:Public LiveUpdate Server (Symantec LiveUpdate Server)
Size(in bytes):-1
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
-<System>
<Provider Name="SEPM" />
<EventID Qualifiers="0">7201</EventID>
<Level>3</Level>
<Task>2</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2019-05-28T06:33:47.000000000Z" />
<EventRecordID>59620</EventRecordID>
<Channel>Symantec Endpoint Protection Manager</Channel>
<Computer>SMARTSEPSVR01.smart.LOCAL</Computer>
<Security />
</System>
-<EventData>
<Data>Info:Content download to the server failed. Symantec Endpoint Protection Manager could not update Symantec Endpoint Protection Manager Content Catalog 14.0 RU1. Product:Symantec Endpoint Protection Manager Content Catalog 14.0 RU1 Version: Language: Monikers:,{FEFE68E7-0A93-1A98-2647-DB8261242A06} Sequence: PublishDate: Revision:0 Source:Public LiveUpdate Server (Symantec LiveUpdate Server) Size(in bytes):-1</Data>
</EventData>
</Event>
Below screenshot shows the Symantec Endpoint Protection Manager Content Catalog 11.0
Here's what i already do but still the content catalog 11 is still there. We are running in version 14 now
Deleted files in here C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager and run liveupdate.
reinstall liveupdate . Update Lucatalog
0
↧
Roaming Clients and SEPM/Cloud
Ja, ich suche eine Lösung
Hello Mates,
A question on the cloud option in SEP14.2 where we can have an extension of SEP in the cloud for the romaing endpoints that do not have access to the SEPM.
Is it mandatory for the endpoint after the client install, to at least connect to the SEPM once?
The point I am asking here is, can we export the client install package from the SEPM for a specific Group in SEPM and then deploy it on a roaming computer which can never connect to the SEPM and then manage the endpoint from the cloud console permanently ?
Regards
Fawaz M
0
↧
What does "Clean Security risk" status mean in the 'view log' menu?
Ja, ich suche eine Lösung
Hello!
Found out that one of my PCs was infected, what does the status in the title mean?
Thanks!
0
↧
↧
Moving to new SEPM server, new IP, new name and new domain...
Ja, ich suche eine Lösung
Our MS 2008 server SEPM 14 RU1 MP2 server is coming to its end, we will be moving to a new 2016 server with a new IP, new name and new domain. We are in a large Gov't enterprise, hence being dictated to move to the new domain for the new server. Obviously there will be much pain in the firewall rules, trusts, etc. I have been down that road before, it's ugly but can and will be done. My question is this, which method would be best to migrate over, setting up the new server as a Replication Partner, or new Site Partner? The database is already on a newer server, so that will remain as it is. We will also have to migrate our DMZ server, but that will be a separate nightmare of firewall rules and etc. to deal with. Any advise or thoughts on the best method for the SEPM move is appreciated.
0
↧
Need suggestion, Want to Install SEPM 14.2 alongside WSUS
Ja, ich suche eine Lösung
I have WSUS Server in Windows Server 2012. Can I install SEPM 14.2 alongside WSUS Server? Will it be problem with them? Can their client's still receive updates perfectly?
0
↧
Symantec email proxy - temp directory
Ja, ich suche eine Lösung
hi
I use SEP 14.1 on Win 7.
When i try to send many email i have error (cannot access the temporary folder) (screen in attach).
How i can fix this blocking?
0
↧
JAVA JRE not usable after upgrade to SEP 14.x
Ja, ich suche eine Lösung
Hello,
We have several servers with application that are using JAVA JRE 1.8.0.31 - 1.8.0.151.
After upgrade to SEP 14.x the application could not use the installed JRE environment anymore.
After poiting the environment variable for this application to <JDK install dir>\jre they worked again.
Is there someone having similar experiences after upgrade to 14.x
Thanks
Jim Bon
0
↧
↧
Single 2008R2 SEP v14 upgrade to 2016 SEP 14.2
Ja, ich suche eine Lösung
Hi,
We have a single Endpoint Protection Server version 14.0.1904 running on Windows 2008R2 Server. I am looking to upgrade the version of SEP to 14.2 and install on to a new Windows 2016 Server.
The SEP database is on the SEP Server.
There is documentation around performing an in place upgrade on the same server but I've not seen anything about upgrading and migrating to a new server.
Is there documentation that discusses this approach or is there a recommended approach to take for this?
There is the option to Export Server Properties. Would this enable a full server export and then import to a version 14.2 server or would it only work on a server running the same version? There is also the Server Private Key Backup. What would the approach be around this?
Many thanks
Ben
0
↧
Symantec Endpoint Protection keeps stopping
Ja, ich suche eine Lösung
When I try to open the GUI I get the message "symantec endpoint protection cannot open because some symantec services are stopped. restart the symantec services and then open the symantec endpoint protection".
I ran the SymDiag, attached the diagnostic file.
Sep Build 14.2 MP1
Windows Build 1809
Can you help me? Thanks.
0
↧
how to disable cancellation notice- SBE 2013
Ja, ich suche eine Lösung
I transitioned to SEP C from SBE. My endusers recieved the notification below, how do I disable?
Dear-
X reseller no longer manages your account. As a result, your Symantec Endpoint Protection Small Business Edition subscriptions provided by your managed service provider have been cancelled. This means that your account is in a suspended state:
• Your ELS keys are expired
• Your deployed Endpoint Protection agents no longer receive updates
Your action is required to restore Endpoint Protection services to your organization. For 60 days, your Endpoint Protection agents function without updates. You can:
• Renew your services through the Symantec e-store
• Renew your services through another managed service provider
If you feel you have received this email in error, either:
1. Contact your reseller or managed service provider for more information.
2. Contact Customer Support.
0
↧
