Ja, ich suche eine Lösung
Just a quick query.
1. Does Symantec endpoint DLP monitors/blocks confidential data uploaded to Websites using TLS connection(E.g. outlook.live.com, o365 Mails) using Endpoint HTTPS Channel ?.
0
↧
TLS Protocol support in Endpoint DLP
↧
USB logs
Ja, ich suche eine Lösung
Hello Guys,
Need some help and assistance, i am currenly working on use case with our SIEM to integrate something useful.
Would you be able to provide the list of events that we can found from symantec when..
1. user plugin the usb to their machine?
2. to check all the activities of that usb ex: copying files from machine to usb or usb to machine
3. to check if sep were able to scan the usb itself.
But for now, im gonna need the list of events that i can see from symantec.
appreciate your help.
0
↧
↧
DLP 15 Solutions Pack installation problem
Ja, ich suche eine Lösung
We are now installing the Solutions Pack, However we are getting an error stating that the database is in inconsistent state. We already done the restart and stop the vontu services exept the vontu notifier , but still the error exist .
0
↧
Can use REST API to add ProxySG policy into MC
Ja, ich suche eine Lösung
Hi All,
I would like to know, can I use REST API to add ProxySG policy into MC ?
Thanks.
Benson
0
↧
MAC GUP support
Ja, ich suche eine Lösung
Hi All, Just wondering if anyone from Symantec would like to comment if the GUP update feature is on the road map to support Mac OSX ?
We are currently a MS Windows house and running SEP14 with GUP infrastructure. We are now are starting invest in a MAC OSX plate-form which we need to manage via SEP. These devices are geographically dispersed up-to 4000km apart from our Data Centers. We have been given a directive that these updates for individual devices are not to traverse the WAN links. It appears that the only solution would be to us local LiveUpdate servers.
0
↧
↧
multiple problem detected since last update SEP
Ja, ich suche eine Lösung
Hello,
Im recieving multiple calls about people's laptops not passing the security check for our VPN (checking antivirus status)
When i check their SEP the status is "there are multiple problems detected (proactive thread protection)
It looks like the last update broke something in SEP.
Anyone knows whats going on?
Thanks,
LEVD
0
↧
Logout Old Sessions
Ja, ich suche eine Lösung
Hi All,
I just want to ask if logout old sessions [One Login per user (logout old sessions)] is not supported by the explicit proxy deployment? I have attached MOP below from Symantec. However, as per symantec support, logout old sessions is not supported in an explicit deployment since it requires cookie authentication mode and explicit proxy can only have proxy and proxy-ip auth mode.
We have also tried deny new sessions [One Login per user (deny new sessions)], but after we config it, we cannot start a new session due to background processes that is still running in the old session eventhough we have close the browsers and apps in that old session. Sample of background processes is client4.google.com. We can see it under Statistics > Sessions > Active Sessions > Client Address. This is a bit of a hassle because the proxy still see the old session as an active session because of that background processess and this results to deny the new sessions.
Do you have any recommended workaround?
And as per support again, proxy is not a tool to control this kind of user behavior (multiple sessions), is this true?
I just want to hear a lot of sides/opinions regarding this matter.
Thank you and Best Regards,
Jalyn
0
↧
Symantec DLP can fulfill these points
Ja, ich suche eine Lösung
One of our client raise below point. He want to make sure that Symantec DLP and Encryption can fullfill his requirements.
We discuss Symantic DLP, encryption and end point solution andlooking for a solution to achieve the following conditions for Office 365 SharePoint online & On-premise fileserver encryption and security:
- If a user copies a file from cloud on an external media (USB), as the file will be encrypted and can only be opened on a registered computer/laptop, then risk of unauthorized external sharing of content can be mitigated.
- Content shared with external entities vendors and others should be time limited, having read-only access; and time limit access to downloaded content/files.
- Provision is required to revoke access from any Folder, Document of any user or group of users; using proper approval mechanism.
- Provision is required to centrally manage all access privileges of Folders and documents; a copied document on external media/ to local hard disk/ to email attachment must have a defined shared life; after which it should not be in readable state.
- Documents movement and/or changes to access privileges and/or sharing with other users or with other departments or external parties, should be allowed with proper authorizations by respective heads of departments.
- Movement of documents should be restricted to within its parent Folder hierarchy; e.g. a document under finance root folder, cannot be moved to another root folder's sub folder location.
- Change in any document or set of documents security privileges should require approval from the respective head of department.
- Any document, the moment it is created/ saved in the cloud, must have full access granted to the owner of document and to his/her head of department, as a default policy
- Provision to restrict taking screenshots of opened documents.
- Auditing of all activities performed by all users on any document/ folders must be enabled universally on the file storage;
For each document classification, only a defined list of people should have access; with the provision to give varying degree of accessibility, like read-only, read/write, read/print, cannot use in email attachments etc;
- automatic encryption of emails body and attachments; view-able by the recipients only.
- Restrict un-authorized user from accessing file
- Restrict email from getting copied.
0
↧
JDB file for SEPM 12.X is not updated
Ja, ich suche eine Lösung
Hi,
The last .jdb file update for SEPM 12.x was released on 12/21/2017.
Symantec Endpoint Protection Manager Installations on Windows Platforms
How to update definitions for Symantec Endpoint Protection Manager using the .jdb file
| File Name | Creation Date | Release Date | File Size | MD5 | all |
| vd4f2814.jdb | FTP | 12/21/2017 | 12/21/2017 | 233.13 MB | 9412208149FD3FB0EB52E3DA0F8486E2 |
I am on a internet disconnected environment. Can someone at Syamtec let us know why there is no update? when will you release the definition udpate.
Thanks,
0
↧
↧
Update Eraser Engine
Ja, ich suche eine Lösung
Some of our machines are running an older version of the Eraser Engine and we need to update it. Is the only way to update it to push a full SEP install, or is there another way?
0
↧
DLP movement and upgrade enforce and detection server running on the server
Ja, ich suche eine Lösung
Hi all,
We need to move and upgrade our old Enforce and Detection Server (running on the same server, Oracle is on the different one) version 12.0.0 to version 14.0. I assume that it must be done in two steps - move the version 12.0 from one server to another one and than upgrade it to 14.0. During the movement first I backup some config files from old version (as well as database), install version 12.0 on new hardware, connect it to old database and use former config files to complete installation. Than I will upgrade this environment to higher version. I assume that I cannot install new version on new hardware without previous movement of old environment because of database scheme changes (I would connect the another version of server to database with old schema) or different interpretation of old config files. As well I assume that I can install Enforce server and Detection server at the same time (why not when I can install it together during single tier installation).
The problem is that these are only my assumptions and I appreciate any recomendation how to do it as efficiently as it can be done. Thanks.
Regards,
Peter
0
↧
Windows 10 Issue After Recent Microsoft Patch
Ja, ich suche eine Lösung
We are seeing on Windows 10, that after the patch is installed, Symantec Endpoint is not working. If you try to launch manually, it gives an error. Rebooting does not fix the issue, neither does restarting the service. Windows 7 does not have this issue.
The error is:
"Symantec Endpoint Protection cannot open because some Symantec services are stopped. Restart the Symantec services, and then open Symante Endpoint Protection."
0
↧
SEP clients definitions stuck at Dec 15th 2017 and not updating.
Ja, ich suche eine Lösung
Hello All,
Out of 30.000 SEP clients in our network, many of our SEP clients are stuck at Dec 15th 2017. Is anyone elase facing the same issue and SEP services keeps stopping as well as its conflicting with our Cisco VPN application.
SEP clients definitions stuck at Dec 15th 2017 and not updating.
0
↧
↧
How to fix CIS Microsoft Windows Server 2012 R2 v2.2.0/v2.2.1
Predefined CCS Technical standards "CIS Microsoft Windows Server 2012 R2 v2.2.0" and "CIS Microsoft Windows Server 2012 R2 v2.2.1" have issue with following checks:
- 1.2.3 Is the 'Reset account lockout counter after' parameter set to '15 or more minute(s)'?
- Expression should use “Greater or equal to” instead of “Equal to”
- 18.4.13.1 (18.4.14.1) Is the 'Hardened UNC Paths' parameter set to 'Enabled, with "Require Mutual Authentication" and "Require Integrity" set for all NETLOGON and SYSVOL shares'?
- check logic has trouble reading unusual registry value name like "\\*\SYSVOL".
- 18.9.22.3 (18.9.24.3) Is the 'Default Protections for Internet Explorer' parameter set to 'Enabled'?
- Check logic has trouble reading unusual registry value name like " *\Internet Explorer\iexplore.exe". On top of that, original checks does not verify if registry value data matches.
- 18.9.22.4 (18.9.24.4) Is the 'Default Protections for Popular Software' parameter set to 'Enabled'?
- Check logic has trouble reading unusual registry value name like " *\7-Zip\7z.exe". On top of that, original checks does not verify if registry value data matches.
- 18.9.22.5 (18.9.24.5) Is the 'Default Protections for Recommended Software' parameter set to 'Enabled'?
- Check logic has trouble reading unusual registry value name like " *\Adobe\*\Reader\AcroRd32.exe". On top of that, original checks does not verify if registry value data matches.
- 18.9.24.4.2 (18.9.26.4.2) Is the 'System: Specify the maximum log file size (KB)' parameter set to 'Enabled: 32,768 or greater'?
- Some bug in WMI registry check that caused it not to recognize values properly.
I have provided more details about the issues and few ways to fix them in the attached Word document. Due to considerable amount of screen shots and table data from evidence, it was easier for me to put that into Word document than creating all that content here.
You will also find attached standard with fixed checks in the download section https://www.symantec.com/connect/downloads/fixed-checks-cis-microsoft-windows-server-2012-r2-v220v221
The issue were confirmed by the Symantec CCS support personnel and they are working on fixes that will probably be included in next SCU.
DISCLAIMER: Information here is provided AS IS without warranty of any kind, do not use them in production environment without proper testing.
↧
Fixed checks for CIS Microsoft Windows Server 2012 R2 v2.2.0/v2.2.1
Attached is CCS standard containing fixed checks from CIS Microsoft Windows Server 2012 R2 v2.2.0/v2.2.1:
- 1.2.3 Is the 'Reset account lockout counter after' parameter set to '15 or more minute(s)'?
- 18.4.13.1 (18.4.14.1) Is the 'Hardened UNC Paths' parameter set to 'Enabled, with "Require Mutual Authentication" and "Require Integrity" set for all NETLOGON and SYSVOL shares'?
- 18.9.22.3 (18.9.24.3) Is the 'Default Protections for Internet Explorer' parameter set to 'Enabled'?
- 18.9.22.4 (18.9.24.4) Is the 'Default Protections for Popular Software' parameter set to 'Enabled'?
- 18.9.22.5 (18.9.24.5) Is the 'Default Protections for Recommended Software' parameter set to 'Enabled'?
- 18.9.24.4.2 (18.9.26.4.2) Is the 'System: Specify the maximum log file size (KB)' parameter set to 'Enabled: 32,768 or greater'?
Download the zip file, extract the xml and import into CCS and view/use the updated checks.
DISCLAIMER: Attached checks are provided AS IS without warranty of any kind, do not use them in production environment without proper testing.
↧
SCSP_Plugin account missing after a new Install of v 6.7 MP2
Ja, ich suche eine Lösung
Hi Team
I would like to use the scsp_plugin account in order to integrate a SIEM solution but seems that is not available with 6.7 MP2, do you know if it was removed from the installers?
Best Regards
0
↧
SEP 12 Reported Issues after update KB4056891
Ja, ich suche eine Lösung
Post Microsoft update KB4056891 is triggering reported errors on Windows 10.1703 systems. The errors are appearing in the system tray, reported as problems found with SEP, however the client appears to be operating normal, or not receiving definition updates for Proactive and Network Threat Protection components. Attached are screen shots of errors.
Microsoft discussion at https://support.microsoft.com/en-us/help/4056891/windows-10-update-kb4056891 does reference a reg key that should be set to (below) that I have confirmed is correct, so the problems is deeping as this is not addressing the issues.
Key="HKEY_LOCAL_MACHINE"Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat"
Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc"
Type="REG_DWORD”
Data="0x00000000”
Did attempt to uninstall KB4056891, it will not uninstall.
Also see a similar community chat started for SEP 14, but wanted to document finding for for SEP 12.
0
↧
↧
User can decrypt but cannot send encrypted emails
Ja, ich suche eine Lösung
Symantec Encryption Desktop powere by PGP version 10.3.2
The user can read encrypted emails but when she tries to sign and send (or reply to) an encrypted email, she gets a failed message and the following log:
16:00:53 Email Error MAPI Proxy: OutMessage.cpp : Line 2491 : Echo::oc::mapi::OMessage::Encode
16:00:53 Email Error PGPEncode failed
16:00:53 Email Error OutMessage.cpp : Line 2897 : Echo::oc::mapi::OMessage::CypherMessageBody
16:00:53 Email Error Received PGPSDK Specific error code -11496 (key has expired)
Her PGP key was created with no expiration date. She does have an expired Comodo S/MIME key in her keyring, but I am assuming that shouldn't matter since she is encrypting with her PGP key
We have three other installation of this product and they are not having the same issue.
I've tried re-installing with a backup of her keys (I was given re-installation instructions when we migrated to new laptops) and this didn't work.
Does anyone have any ideas?
Thank you!
Patrick
0
↧
IT Analytics Server
Ja, ich suche eine Lösung
Hi All
With the EOA of DLP Cubes in SMP 8.1 is there an updated version of the IT Analytics Server? The only version I can find is 2.1 which supports SQL Server 2012, I am looking for support for a later version of SQL.
https://support.symantec.com/en_US/article.DOC9718.html
https://www.symantec.com/connect/videos/it-analyti...
I also tried the link to BayDynamics however, this just redirects to Risk Fabric
Any information greatly appreciated.
Kind Regards,
Daryll
0
↧
Endpoint protection and VMWare
We have an issue on a couple of brand new machines (all other machines work as expected) where trying to connect to the network using bridged mode in the VM.
We have been told that this does not work (which i totally disagree with as it certainly works on my machine (which is much older) and various other machines.
We have been provided a 'workaround' which in our situation is a non starter of running the VM in NAT mode as we need to often connect from the host machine to the VM which cannot be done using NAT mode. We were also asked to give the specific vm machines static IP addresses and then add these addresses add as a policy - again this is not possible due to the amount of IP addresses that would be required.
This has been going on for a couple of weeks back and forth before we were told this is not possible and that we have been provided a workaround and the case has been closed.
Have always been very happy with the support we have received when needed in the past but certainly not this time.
↧