Hi,
one of our customers is trying to add a new SEPM (14 MP2) to his environment but during the DB sync the progress freezes at 5% and aborts after 30 minutes. All the necessarry ports are open.
Is there any logfile that could help to analyze this issue?
Thanks!
Hello,
We had many problem to received mail from your gateway *.messagelabs.com.
The mail arrived corretly but with many delay (sometime 2-3 hours or 2 days).
It's not possible to talk with our clients with this delay.
We had few example with many clients.
I had already created a ticket on the mail investigation@review.symantec.com but he does not response since 7 days.
For example, i can send you few headers (in private)
Thanks for your help
Hi,
have installed one Symantec primary management site and named it as global and created additional management sites in Hyderabad and Delhi. I have integrated AD to primary management site and then imported banking accounts OU. In banking accounts OU, there is another OU named Icici NDC Users and there are 9(1-hyderabad and 8-Delhi) users in it which are showing up in global site as clients.Now I have created the locations Delhi(Delhi Management server) and Hyderabad(Hyderabad management server) in ICICI NDC Users and banking accounts OU in SEPM.When i am expoted the sylink file and update in the client machine the client machine server is fluctuating.Please suggest. wheare should i create the locations.
I want ICICI NDC(Delhi) Users reporting Delhi management server,ICICI NDC(Hyderabad) Users reporting Hyderabad management server and group should be Mycompany\Banking account\ICICI NDC Users.
Same location in Banking account OU and ICICI NDC Users OU.
Please suggest
Je vois sur mon PC etd 'autres que l'antivirus et le firewall de Symantec ne sont pas actifs.
Quand je le lance depuis l'icone, j'ai un message : "Symantect Endpoint Protection cannot open because some Symantec Services are stopped. Restart the Symantec services, and then open Symantec Endpoint Protection".
Quand je lance le service Symantec Endpoint Protection, j'ai l'erreur "Product error requires attention".
Reboot du PC sans effet.
Je suis sous Windows 10 avec la version 12.1.7004.6500.105 de Symentec Endpoint protection.
J'ai pris note sur un autre fil de discussion que le KB4056892 pouvait poser pas mal de problème mais il n'est pas installé sur mon PC
J'ai lancé un scan de mon PC depuis la console d'administration mais cela n'a pas l'air de fonctionner.
---
I see on my PC and others that the antivirus and the firewall of Symantec are not active.
When I run it from the icon, I get a message: "Symantect Endpoint Protection, Symantec Endpoint Protection, and then open Symantec Endpoint Protection."
When I start the Symantec Endpoint Protection service, I get the error "Product error requires attention".
Reboot the PC without effect.
I am on Windows 10 with version 12.1.7004.6500.105 of Symentec Endpoint protection.
I took note on another thread that the KB4056892 could pose a lot of problem but it is not installed on my PC
I launched a scan of my PC from the admin console but it does not seem to work.
Hi,
how to start web interface to configute symantec gateway?
Linux is installed, but no web interface is running on that machine.
Windows Server 2008 R2 Enterprise - 64Bit OS - two 2.60GHz processors
Memory 8GB
SEPM 14.0 RU1 Console
External SQL Database
I use RDP instead of the Web Console
Last evening the server team got a server health alert "Memory usage >= 98% outside of baselines for 15 minutes.
The process comsuming the memory was JAVAWS. When I left work yesterday, I was remoted to the server (logged on the locked my session) - the SEPM Console was up but logged off.
I ran Performance Monitor on two counters "%Committed Bytes In Use" and "Pages Output/Sec" both were pegged out when the Console was open and I was logged on and when I logged off "%Committed Bytes In Use" was 25% and "Pages Output/Sec" was flatlined. I don't know if this is useful information or not.
Has anyone else seen this? Do I need to add more memory?
Thanks everyone!
Meltdown and Spectre Situation Update
Two newly discovered processor chip vulnerabilities, dubbed Meltdown and Spectre, could permit attackers to gain unauthorized access to a computer’s memory. Spectre affects all modern processors, including those designed by Intel, AMD and ARM, but Meltdown is currently thought to affect only Intel chips manufactured since 1995, with the exception of Itanium and Atom chips made before 2013. The vulnerabilities can only be mitigated through operating system patches. Please see https://www.symantec.com/blogs/threat-intelligence/meltdown-spectre-cpu-bugs for the latest in depth information on the vulnerabilities.
Does Symantec Data Center Security provide protection for the Meltdown and Spectre vulnerabilities?
Meltdown and Spectre are local privilege escalation vulnerabilities which means that malicious software must first be installed on a target system to exploit the vulnerabilities. Symantec Data Center Security: Server Advanced (DCS:SA) protects vulnerable systems by ensuring that only authorized software is allowed to run. All three levels of DCS:SA policies; Windows 6.0 Basic, Hardening and Whitelisting, and all 5.2.9 policies (Limited Execution, Strict, and Core) prevent an attacker from dropping malicious executables onto the system.
Can I apply the OS vendor patches which provide mitigation for Meltdown and Spectre
For Linux platforms we are testing patches as they are released. To date all platforms have been successfully tested. Only Amazon Linux requires a driver update. See: https://support.symantec.com/en_US/article.TECH248572.html
Guys,
Im running a eval of SEP Cloud, and my laptop is being whacked out of it with alerts. I can turn the alerts off, but that defeats the purposes.
I have checked my device and all is good. Doesnt matter what network I'm on, and the attack source is not even close to my MAC addy. Help would be good
Here is what I get:
Detected: high-risk intrusion attempt
Does anyone know how to interpret this error log message I keep getting? Each time I try to install SEPM 14 using an SQL database, it fails. My connection information is correct. I've tried this 5 times now and each time it's failed. I've attached a screen cap of the failure message.
By the way, I'm installing on Server 2016, there is no option in the Operating System in the pull-down above to select that.
Thanks,
Dan
Jan 9, 2018 10:29:39 AM STDERR: SQL Exception:
Jan 9, 2018 10:29:39 AM STDERR: SQL Command: CREATE TABLE PROCESS_STATE( ID char(32) NOT NULL CONSTRAINT PK_PROCESS_STATE PRIMARY KEY NONCLUSTERED ON FG_INDEX, TYPE varchar(256) NOT NULL, STATUS int NOT NULL, TIME_STAMP bigint NOT NULL, UPDATE_OWNER varchar(255) NULL )ON [PRIMARY]
Meltdown & Spectre Vulnerability: Symantec Critical System Protection
A series of new vulnerabilities has been discovered which affect the processor chips and potentially permits attackers to gain unauthorized access to a computer’s memory. Dubbed as “Meltdown” and “Spectre”, the vulnerabilities affect nearly all the modern processors. Affected devices can be mitigated through operating system patches, and the corresponding OS patches should be applied as soon as possible
For the latest and in-depth information about these vulnerabilities, see https://www.symantec.com/blogs/threat-intelligence/meltdown-spectre-cpu-bugs
Does Symantec Critical System Protection (SCSP) provide protection against the Meltdown and Spectre?
Spectre and Meltdown are primarily information leakage vulnerabilities. These vulnerabilities are fundamental and at the hardware level. There are no known working exploits for the vulnerabilities at the time of the writing, only the POC code.
In order to successfully exploit the vulnerabilities malicious code needs to execute locally. SCSP can mitigate exploits when proper policies are configured and applied to restrict and harden the device. SCSP comes with out of box security policies, Basic, Hardened and Whitelisting, which can ensure that untrusted code trying to exploit these vulnerabilities will not execute on the protected assets. (1) Whitelisting strategy reduces the attack surface drastically. (2) Even within the whitelisted applications the exploit controls – Buffer Overflow, Heap overflow, Null page dereference etc. ensures additional layers of protection. (3) SCSP hardening capabilities like Software Installation Restrictions, blocking installing malicious application to authorized execution path, blocking modification of executable files and blocking execution of non-executable extensions. (4) SCSP in-bound / out-bound network rules can further protect data to be exfiltrated out even if some scripts get to locally exploit it. All these greatly reduce the attack surface and protect the local device from being exploited.
In particular, applications that allow external code to execute via Macros or JavaScript’s should be cautiously whitelisted and appropriately sandboxed. Java script execution should be blocked if not required. SCSP’s Application specific firewalls rules should be used to further enhance security. Symantec recommends that SCSP customers apply the OS patches on all systems where external script executions / macros cannot be disabled.
Can I apply the OS vendor patches which provide mitigation for Meltdown and Spectre?
With Windows patches, no change to SCSP Agent is required. As an extra precaution for this kernel level change, we have analyzed the patch information for Microsoft and are testing the patches as they are released & no issues have been found. For detailed information on the OS patch compatibility certification with SCSP visit: https://support.symantec.com/en_US/article.TECH248579.html
I have 14 RU1 and am trying to install the RU1 MP1 patch from the website. A box comes up for a second with progress bars and then closes on its own. Symantec version doesn't change. Reboot and still the old version.
What am I missing?
Hello
I am creating a simple base policy which detects database files based on FileType/ Keyword Matching. I am not using the preferred EDM and IDM detection method. However I want to make the policies detection stronger. Can we check the file signature as well? Please help.
For some reason many of our agents are showing 'offline' since the reg key began deploying. We do not have an enterprise contract for SEP anymore, so cannot get full tech support. My question is: without getting the agent updates is the SEP agent still having problems? On a machine I am seeing that the Symantec services are turned off, but after starting the services there is no change. I have tried doing a repair through install/uninstall and twice the repair has failed. Any ideas?
I'm trying to open an online ticket and when I come to the Add Asset Details Page for my account, it asks me to specify the Entitlement, and I can't get past that because it says "None" and there are no further pull-down entitlement options.
Would someone kindly tell me how I can get a value in this field other than "None"? We've been Symantec customers for a number of years.
Thanks
Hi all,
I want to use AC to prevent execution of files from removable drives (easy) - but at the same time allow 1 specific application (clickshare) to be executed from USB.
Possible? Any suggestions as to how to do this?
Thanks!
Definistions are out of date & i cannot update them as the service stops are four seconds. Cannot uninstall as it keeps asking to restart PC, cannot repair in config settings for the same reason.
When I try to open the GUI I get the message "symantec endpoint protection cannot open because some symantec services are stopped. restart the symantec services and then open the symantec endpoint protection".
I ran the Symantec repair tool & got lots of errors, attached the diagnostic file.
Hi,
I am intenting to upgrade SEPM 12.1.6 to 14.0.1 by performing a fresh installation on a new windows 2016 server.
The clients are then slowly upgraded to 14.0.1 by small groups and then point to the new server.
There will be a period of time where there is two SEPM in the same domain. Thus, is there any licensing concern?
Hi,
Are there any signatures or method of identifying vulnerability exploits for the spectre/CPU issue? Need to know particularly for our content inspection facility.
Cheers,
Sam
Agent configuration is new in DLP 15 need exception / whitelist for this feature.
Basically we need to block or read-only control for USB mass storage and MPT/ Windows portable Devices (like Mobile Devices)
Hello experts,
while upgrading the SAP Solution Manager 71 to the latest version 7.2, the upgrade process was stopped. After contacting SAP support, it was requested to completely uninstall the Symantec End point (Version: 14.0.2349.100) from the Server. Disabling the services and process was not sufficient. A full uninstall was necessary.
Indeed, after the uninstall, the upgrade process was able to finish.
Questions:
why is a full uninstall of Symantec needed?
Which process is conflicting with the upgrade?
Are ther no better option but to uninstall Symantec?
Thanks for your support.
Youssef