SEPM DBA password change

May 30, 2019, 4:02 am

≫ Next: Scheduling Clients for definitions

≪ Previous: how to disable cancellation notice- SBE 2013

Ja, ich suche eine Lösung

(Symantec Endpoint Protection Manager 14.2)

I was trying to change the DBA password for the symantec SEPM according to link below using the "Management Server Configuration Wizard" but only to fail with following exibit. I need to know why this is hapenning. Please do reply if you have any thoughts about this.

https://support.symantec.com/en_US/article.HOWTO81184.html

(SEPM database is configured to use Sybase & this particular instance is the AWS marketplace image.)

↧

Scheduling Clients for definitions

May 30, 2019, 6:02 am

≫ Next: Default Group / log from OU Syncronized - SEPM

≪ Previous: SEPM DBA password change

Ja, ich suche eine Lösung

Is it possible to schedule the clients to contact the GUP for definitions only once per day? If Yes or No, need a supportive document for the same.

I am unable to find a document that, SEP Client cannot be scheduled to fetch definitions from GUP. Request your expertise on the same.

↧

Default Group / log from OU Syncronized - SEPM

May 30, 2019, 11:30 am

≫ Next: Windows RDP Authentication Error 0x609

≪ Previous: Scheduling Clients for definitions

Ja, ich suche eine Lösung

Dear,

You can help me with this two questions:

1_In the SEPM console, the computers in the Default Group can by move manually to another OU? the option "Sync Now" in the default group appears but its not possible to do, its correct? By default all the new computer store in this group?

2_Its possible to know how are the OU syncronized from my Active directory an how is the OU created in SEPM console? there is any log file to check?

Regards

Miguel Angel

↧

Windows RDP Authentication Error 0x609

May 30, 2019, 12:54 pm

≫ Next: Uninstall SEP Manager from Win 10

≪ Previous: Default Group / log from OU Syncronized - SEPM

Ja, ich suche eine Lösung

I was trying to RDP into a server from my Windows 7 laptop and got an authentication error has occurred. 0x609. I disabled Symantec Endpoint Protection on the laptop and was ablet to remote into the server. I dont have a firewall on the laptop or server nor do I have Symantec firewall enabled. What could be the issue?

↧

Uninstall SEP Manager from Win 10

May 30, 2019, 1:11 pm

≫ Next: How to Upgrade Build 3332 to Build 3335?

≪ Previous: Windows RDP Authentication Error 0x609

Ja, ich suche eine Lösung

Perhaps the most basic of questions, but on my Win 10 Pro machine which about 15 months ago I put SEP Manager 14.2 on there, and SEP itself, I'd like to remove both. In Apps & Features in Win 10 I have an option to Uninstall the SEP client. But the SEP Manager Uninstall link is greyed out. Also FWIW, SEP has not talked to SEPM in months. I'm upgrading to sep 15 via integrated defense so am fine with total removal of SEP 14.x related stuff. Am I missing a simple step, like first disable SEPM services or something? Thank you.

1559249683

↧

How to Upgrade Build 3332 to Build 3335?

May 31, 2019, 3:27 pm

≫ Next: Stolen Laptop with SEP Still Reporting Back - Options?

≪ Previous: Uninstall SEP Manager from Win 10

Ja, ich suche eine Lösung

Hello:

I have several unmanaged 14.x (Build 3332) clients that are experiencing issues that are supposed to be fixed with build 3335; they started experiencing these issues, immediately following the installation of build 3332. So, I was happy to see the new build (build 3335) that appears to fix the issues my clients are experiencing. Here's the problem: the build 3335 upgrade does not offer an .exe installer file for build 3332, only build 3333 (to upgrade) to build 3335 is offered. Is this a typo, because I can't even find a tech article, siginifying that a build 3333 existed? I certainly do NOT wish to attempt to install this .exe and find that it will NOT work and/or that it messes up my installs. I hope someone can clarify my next step. Anyone's (especially Symantec's) help is greatly appreciated!

Thank you!

↧

Stolen Laptop with SEP Still Reporting Back - Options?

May 31, 2019, 12:43 pm

≫ Next: "Time out reached while waiting for .... SepMasterService" error, causing virtual machine freezes?

≪ Previous: How to Upgrade Build 3332 to Build 3335?

Ja, ich suche eine Lösung

Options?

We had several business laptops stolen a few months back from a storage locker by unknown guest or staff. One laptop is periodically being turned on and is reporting back.

SEP + Office 365 are both reporting back through respective cloud server admin centers. The user has only been logging in using a Guest account that was setup with no password and limited rights. Other accounts with passwords and higher level exist but never reported as being used.

In the SEP logs I have an IP address it’s coming from which has been static (consistent and not changing) and is owned by AT&T. Thus, does not seem to be roaming. No IP searches have given me further clues other than its local IP address to our town.

I've already made a Police report. I have not disabled either technology because I did not want to lose information that may lead to whom stole the laptops. I've been hoping another know IP address would pop-up but not yet. Biggest concern is finding out if it was a staff person that's still employed. Retrieving the laptop is not the concern, it has little value and no sensitive data.

HOW can I use SEP on this managed device to gather more info, such as browsed sites, apps being used or other ideas (clues to who is using it), or reverse hack to gather more info? Can I eventually remote wipe or use SEP to basically make the device unusable. If I can't find the perpetrator, I don't want them to be able to freely benefit from their thievery, but my goal is finding out if it's a staff person so we can deal with it.

Any ideas or advice welcomed about the laws to adhere to or hacks available, even if on the fence when it comes to laws. I do realize it could have been sold to unsuspecting persons, but our company name is branded on the laptops, so probably not so naive.

Thank you

↧

"Time out reached while waiting for .... SepMasterService" error, causing virtual machine freezes?

May 31, 2019, 1:07 pm

≫ Next: Uninstall Existing Endpoint Protection

≪ Previous: Stolen Laptop with SEP Still Reporting Back - Options?

Ja, ich suche eine Lösung

i have a Windows Server 2012 virtual machine that will freeze up and require a full system restart every few days. Before the freeze up occurred, errors in Event Viewer show "A time out (30000 milliseconds) was reached while waiting for a transaction response from the SepMasterService service."

what is causing this error, and could it be resulting in a system freeze?

Could it also interfere with the operation of other programs on my machine? Because at other times, a web server program will cease working properly and will need to be restarted. The web server's TCP port is seen as open, but any attempt to access the web page it services results in a blank screen.

This series of errors appears to be the only troubleshooting clue in Event Viewer.

i saw a closed topic similar to this one posted last year here:

https://www.symantec.com/connect/forums/timeout-60000-milliseconds-waiting-transaction-response-sepmasterservice-service-0

although a tech support person from Symantec comments in the thread, the solution is not mentioned. Anyone else seen this issue and have a fix for it?

↧

Uninstall Existing Endpoint Protection

June 2, 2019, 2:01 am

≫ Next: SEPM半个月没有更新病毒库

≪ Previous: "Time out reached while waiting for .... SepMasterService" error, causing virtual machine freezes?

Ja, ich suche eine Lösung

Hello Folks,

Is there some way the install package of SEP14 can over-ride the tamper protection on existing security solution if we are provided with the uninstall password of the existing security solution thats install on the endpoint?

And moreover, if there are more than one existing security solution on the endpoint like McAfee and malwarebytes, can have a custom install package that will uninstall McAfee only, byt keep malwarebytes?

Regards

Fawaz M

↧

SEPM半个月没有更新病毒库

June 2, 2019, 6:36 pm

≫ Next: Several customers having issues with Java (crash), all are using Symantec Endpoint Protection

≪ Previous: Uninstall Existing Endpoint Protection

Ja, ich suche eine Lösung

SEPM没有更新病毒库，服务器与外网的连接时通的

**Translation**

SEPM does not update the virus database, the server is connected to the external network.

↧

Several customers having issues with Java (crash), all are using Symantec Endpoint Protection

June 3, 2019, 5:46 am

≫ Next: Clients Now Showing in SEPM Console

≪ Previous: SEPM半个月没有更新病毒库

Ja, ich suche eine Lösung

Hello,

We have had 6 customer so far which are unable to use Java JRE suddenly on their production systems.
Some of them installed our product years ago, and all of a sudden it stopped working.
The common thing they share is that they all use Symantec Endpoint Protection 14.2.
Within 10 days time, 6 customers reported issues.

It looks like that the JRE is not working properly anymore, it gives a crash when some native code is used, which is using Java again.
In the attachment you can find some hs_err_pid files of the crashes we see.

For most customer we could fix it by switching to use the JDK instead of JRE.
For one customer another product we deliver had to be reinstalled, and they were only able to do so after disabling Symantec Endpoint Protection.

So it looks like SEP is influencing Java in the wrong way lately. Are there specific updates done recently?
Is this a known issue?

With kind regards,
Cees

hs_errjava dump.zip

↧

Clients Now Showing in SEPM Console

June 2, 2019, 2:32 am

≫ Next: Trying to install Symantec Endpoint Protection on my new Laptop. Get error message 0x80070002

≪ Previous: Several customers having issues with Java (crash), all are using Symantec Endpoint Protection

Ja, ich suche eine Lösung

Hi,

Need help onchecking some clients that are not reporting to the SEPM Console. I checked the clients and they are online and everything is up to date but when I go to the container in the SEPM Console I dont see that client. Even when extracting a client report they do not show.

Thanks

↧

Trying to install Symantec Endpoint Protection on my new Laptop. Get error message 0x80070002

June 3, 2019, 4:55 pm

≫ Next: SEPM Syslog event format

≪ Previous: Clients Now Showing in SEPM Console

Ja, ich suche eine Lösung

Hi I just got a new laptop. It's running Windows 10 Home Version 1809, 64-bit operating system, x64-based processor. When I try to install Symantec Endpoint Protection I get the follow message:

"The installer integrity check failed with error code 0x80070002. Common causes for this failure inslude an incomplete download, damaged media, or problems with the trusted Root certificate store."

Can any one help me? I have deleted and redownloaded the installation files multiple times, and I always get the same mesage.

↧

SEPM Syslog event format

June 3, 2019, 9:39 pm

≫ Next: SEP smcd : tons of 8KB reads of logs (performance issue)

≪ Previous: Trying to install Symantec Endpoint Protection on my new Laptop. Get error message 0x80070002

Ja, ich suche eine Lösung

Hi Everyone,

Can someone help me getting syslog event reference guide or any other document that explains about event format for each type of SEP event(incident) forwarded to external syslog server. I need to check each unique event(System/Audit/Any Security incident) that we receives from SEPM via syslog forwarding.

Any lead would be great help.

Thanks in advance!!!

Note: Please don't post steps on "how to enable syslog forwarding" on SEPM.

↧

SEP smcd : tons of 8KB reads of logs (performance issue)

June 4, 2019, 1:29 pm

≫ Next: Locked Live Update Policy warning

≪ Previous: SEPM Syslog event format

Ja, ich suche eine Lösung

With SEP for Linux 14.2.1031.0100 on RHEL 7 we are seeing smcd nearly constantly reading/re-reading the multi-hundred-MB dated log data in /var/symantec/sep/Logs/MMDDYYYY.log in mere 8KB read() operations. We have seen this before on older versions of SEP 14 as well.

This happens even with smcd started with '-l warning' instead of the default of '-l info' What is the purpose of this and how do we stop it? It saturates a full CPU core on our VMs unless we stop smcd, deleted all of those logs, and start smcd again. That buys us some time until those logs get big again.

% sudo strace -f -p 28822

...

[pid 28822] read(14, "31050400343A,6,2,0,ourhost-linux"..., 8191) = 8191
[pid 28822] _llseek(14, -7976, [295662760], SEEK_CUR) = 0

<nearly constant stream of those system calls and 100% CPU usage>

...

↧

Locked Live Update Policy warning

June 5, 2019, 5:47 am

≫ Next: Client Installation for Linux

≪ Previous: SEP smcd : tons of 8KB reads of logs (performance issue)

Ja, ich suche eine Lösung

When looking at the dashboard and the system details I see a warning/alert that the Live Update policies are locked (see image). What does this mean and how do you fix it?

PolicyLocked.JPG

↧

Client Installation for Linux

June 5, 2019, 8:11 am

≫ Next: Client Manager

≪ Previous: Locked Live Update Policy warning

Ja, ich suche eine Lösung

I have downloaded the SEP 14.2 trialware to install on our integration and test system, however I am unable to find the Linux client installation package, most of the clients are CentOS. Is it possible that I can be provided with the software? Both auto-compile and manual compile (if they are different) thanks.

I tried the online chat for support, they sent me here. :-)

↧

Client Manager

June 5, 2019, 11:52 am

≫ Next: Block Windows Media Player Streaming

≪ Previous: Client Installation for Linux

Ja, ich suche eine Lösung

Hi, I am new in this forum. My friend bought a 2019 Symantec Endpoint Protection 14 for home use. Since my Norton Lifelock is about to expire, he told me that he can install his SEP 14 for me and be his client for just a small amount. I am wondering since he is the client manager or server manager (correct me if I am wrong), can he spy on my laptop using the SEP 14 antivirus? Thank you. Mon

1559793349

↧