I need a solution
can any one please let me know the difference between ATP console and SEPM console.
and also would like to have configuration of ATP AND troubleshooting for the sep admin.
0
↧
ATP AND SEPM CONSOLE
↧
Cloud Storage and Response rule 14.x.x
I need a solution
Hello,
It seems that Symantec forgot to create a response rule for Cloud Storage detection on 14'version. While creating a response rule, if you want to create a condition for 'protocol monitoring: cloud storage' there is no such option.
Its only possible to use AFA as condition, but if the App (i.e. google sync) is configured to be Cloud Storage it will not work.
However if you use a response rule without protocol conditions (applied to all protocols without exceptions) the Cloud Storage will be also affected.
Any thoughts on this?
BR,
0
↧
↧
Drop-Box Virus Removal
I need a solution
Dear Sir/Madam,
Received a virus from dropbox and need to remove from my e-mail as opened without knowing the implications the content is as follows as have notified dropbox as well, this is also send e-mails without me knowing, please help in removing this.
Best Regards,
Thobs
0
↧
VIP SERVER TIMING OUT?
I need a solution
we have a primary vip server in our NorthAmerica office and the users in NA can connect fine. the users in the singapore office cannot, they get all the prompts etc and it goes though but at one point times out. not exactly sure where it times out.
has anyone had this issue before?
are there any symantec vip servers for auth in asis?
thanks
0
↧
Adding environment variable to exception list
I need a solution
Hi All,
We have Endpoint Protection (AntiVirus) version is 12.1.6(12.1 RU6 MP5) build 70004 (12.1.7004.6500) and have an application that runs on windows 7 clients.
I am trying to figure out a way to add environment variables to the exception list to prevent scanning a folder.
Here is the variable:
%appdata%\myapp\
This is what it prints:
C:\Users\JohnD>echo %appdata%\myapp\
C:\Users\JohnD\AppData\Roaming\myapp\
Since we don’t know which user account is login to Windows we have to use environment variable.
Not sure SEP if support this.
Any thoughts or workaounds?
Thanks!
0
↧
↧
SONAR has generated an error
I need a solution
Platform - Windows 7 PRO 64 bit, SEP 12.1.6 MP5
We just updated an unmanaged client from SEP 12.1.4 to SEP 12.1.6 MP5.
We see the error "SONAR has generated and error: Code 1: description: Heuristic Scan or Load Failure."
We think this may have happened during the installation, perhaps as a byproduct of the SEP 12.1.6 MP5 install.
From the PTP system log:
at 3:56:15 we see the error "SONAR has generated and error: Code 1: description: Heuristic Scan or Load Failure."
From the Client Management system log:
at 3:56:15 we see two entries with the same time stamp.
"User is attempting to terminate Symantec Management Client" and
"Symantec Management Client is stopped".
We've rebooted the machine several times since and don't get the error.
Do we have a good install? Has anyone else had this happen?
Wally
0
↧
decryption process indicates interrupted by user
I need a solution
Hi,
I'm trying to decrypt disk 0 with the pgpwde command (10.3.2, build 15238). I used:
pgpwde --decrypt --disk 0 --passphrase "..." and it came back with the standard message
Request sent to Start decrypt disk was successful
Unfortunately the hard drive activity light doesn't suggest much is happening. So when I check it with:
pgpwde --status
I get:
Disk 0 is instrumented by bootguard.
Encryption removal process interrupted by user request
Current key is valid.
volume C:\ is encrypted
Total sectors: 244187496 highwatermark: 244187496
volume D:\ is encrypted
Total Sectors: 691615744 highwatermark: 691615744
Request sent to Disk status was successful
I need to decrypt both partitions and uninstall bootguard so I can repartition the c: and d: drives. Any suggestions how to proceed?
Thanks!
--Ben
0
↧
Unable to Decrypt to Location
I need a solution
Hello!
I had some tech issues and so I had to transfer some photos to an external HD using my work computer which encrypts form of removable media that gets put into it. The process required plugging in my phone, the external HD and transferring directly from one to the other. My external HD, as a consequence, was encrypted by Symantec Endpoint Encryption and that was expected. The pictures were successfully transferred as well.
Now I need to put these pictures onto my personal computer, which was previously unavailable. When I plug in my hard drive tp the personal computer, I can see the pictures in the folder, but when I open the Removable Storage Access Utility and go into the folder, while I can also see, and open the pictures, the 'Decrypt to Location' option is unavailable. Seeing that the application says that these pictures are not encrypted, that makes sense, however, when I use the application to encrypt a photo, it disappears from the Access Utility and I cannot find out how to see it. Additionally, all pictures are still in the folder when I open in explorer.
What do I need to do to see the encrypted photos, and how can I decrypt them to my personal computer?
Thanks in advance!
0
↧
Computer At Risk - You Are Not Protected : Subsciption Cancelled but Licence Available
I do not need a solution (just sharing information)
I encountered this problem without warning and for no obvious reason.
Symantec.cloud Status tells me that the computer is at risk. Same goes for the web based console.
On Windows 10 x64, when I navigate to:
Control Panel\System and Security\Security and Maintenance
I'm shown a message that starts with:
"Your subscription to Norton Internet Security ran out. ..."
that includes a button marked "Renew". Clicking that button brings up a dialogue asking "Do you want to run this app?" and that is:
C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\22.6.4.5\WSCStub.exe
Communication begins with the Norton server and then fails telling me "You Are Not Protected".
Clicking on the "Help me stay protected" option takes me to:
https://support.symantec.com/en_US/article.TECH234472.html
I've applied that advice and also that provided in the linking article associated with:
3. Reinstall the product
To install on Windows
1. Follow the steps in this article:
How to install a client <https://support.symantec.com/en_US/article.TECH215636.html>
I created a distributable package as advised in TECH215636. Install the product again and the cycle repeats.
Running SymDiag reveals that:
1. One or more SEP.cloud definition sets are corrupted - Manually updating definitions according to the advice at https://support.symantec.com/en_US/article.TECH212427.html is ineffective whether it's done remotely, locally or using the Intelligent Updater or Rapid Release options.
2. SEP.cloud drivers and services need attention - Service "eeCtrl" is not configured and operating propelry ... service not installed. Service "EraserUtilRebootDrv" is not configured and operating propelry ... service not installed.
Searching the web or the Symantec forum for advice regarding eeCtrl or EraserUtilRebootDrv yields nothing useful that I can see.
Checking:
https://hostedendpoint.spn.com/Subscriptions.aspx
reveals:
Symantec Endpoint Protection Small Business Edition
Total Available Licenses: 3 licenses
Usage: 1 license
Why have I lost access to licenced functionality all of a sudden and for not otherwise explained reason?
SymDiag Case 11172363
0
↧
↧
Using domain based Black list instead of IP based
I need a solution
HI
I can't use IP based blacklisting lists because of the following from this post of mine.
Symantec recommends that the SMG be installed on the gateway before all other MTAs and people at my work place decided to go aganist that for some reason.
As a result we are always under spam fire.
I am considering using third party RBLs now for further blocking SPAM right at the gateway, and needed an explanation as to whether the SMG deployed after the MTA would still be able to detect the incoming blacklisted IP address.
As of now the message audit logs shows that all our email comes from just 2-3 IPs which are the IPs belonging to our SMTP providers IP.
If I cannot use IP based RBLs then is there anyway on the SMG to use domain based DNSBLs? Which will check the incoming doman name and not the SMTP connection IP.
Because the domain name check is still done after the incoming SMTP connection has been accepted as per my understanding, so will this work?
0
↧
do we need to upgrade Linux SEP client to 12.1.6 MP6 ?
I need a solution
Hi Team,
We are running SEP 12.1.6 MP4 on Linux servers, Does SEP Linux client needs an upgrade to 12.1.6 MP6 ?
Thanks!
0
↧
Tentative release date for SEP 14
I need a solution
Hello everyone, does anyone knows about the tentative release date for SEP 14? Thanks
0
↧
SEPM: No Sonar risk name in console logs?
I need a solution
Hey guys,
How come there's no Sonar logs for the actual Sonar detection on SEPM? All it give is the actual application that was blocked. Yet when I check the client side there is a the Sonar logs have the risk name on the Sonar detection.
This is so weird considering how huge is Sonar as a protection feature in SEP.
Thanks,
0
↧
↧
Users Denied after Filer Disconnect.
I need a solution
We have recently had SPE in a POC connectec to one NAS in 7 mode. The SPE server is running server 2012 R2 standard and SPE is version 7.5.3.5. We were about to set up a second engine for our cluster mode NAS when I came in this morning to find that our storage team had to disable the vscan as users were getting denied access to all files. Turns out that after the SPE server was rebooted yesterday morning during maintenance it never reconnected. The tech responsible for NAS says he has seen this before, to quote ""From past experience if a vscan server that was once connected to a filer losses connection to a filer it causes an access denied error that's why when it was disabled completely on Netapp side users could access the files once again, I don't know why this happens or if there is a way to prevent this from happening in the future..."
What I'm looking to discover is two fold: 1) Is this resloved by simply by re-establishing connection to the filer in which case I would need to know how and 2) Is there a way to ensure that the Protection Engine reconnects to the filer following a reboot?
0
↧
Endpoint
I need a solution
I have an urgent client who needs 650 user licenses to achieve the following;
- endpoint encryption for full disk encryption and removable media encryption.,
- file and folder encryption for devices such as desktops, laptops, shared network drives and cloud storage
- desktop email encryption,
- SSL encryption for data sent online
The system should offer centrally managed encryption and also multiple key recovery options for local self-recovery option for users, whole disk recovery option for administrators.
I believe the following solutions would work each having 650 licences:
- Endpoint encryption powered by PGP
- Desktop Email powered by PGP
- Gateway Email Powered by PGP
- File share encryption
However I am not sure if the Endpoint Suit comes with all the above and we can just get 650 endpoint licences or we will need the above add-ons. I can’t seem to find information about the central manager for all the above add-ons.
0
↧
Clients agent unable to Update
I need a solution
I'm having issues updating the agent on 50 of our client machines. We've notice that a lot of the machines have this current status:
Operating System: | Windows 7 (x86) |
| Platform Version: | 3.00.00.2701 |
| Status: | Offline |
Is there any way of fixing this ?
0
↧
RemovableMediaAccessUtility
I need a solution
We are writing instruction for end users on how to use the RemovableMediaAccessUtility, we've discovered that although a "non-encrypted" PC/Laptop can use the RemovableMediaAccessUtility.exe file to "encrypt" files added to the Utility, the "Password" entered is not retained after the exe is closed.
For example, we added three "DOCX" files to the utility and they were encrypted. However, when we closed the "EXE" and reopened it and tried to add new "DOCX" files to it, we are prompted to set a new password. The only way to ensure the prior password is used is to open one of the previously encrypted files using the password previously set. Once this is done, any new documents are encrypted using the previously set password.
What we want to know, is there a way to get the RemovableMediaAccessUtility to Automatically use the previously entered password for new files without first opening a previously encrypted file?
0
↧
↧
DLP matching on file count?
I need a solution
What I am trying to achieve is to create an incident if X number of files are moved to removable media with in X period of time.
As far as I can tell there is no way to create a policy so that DLP will create an incident based on how many files are being transferred instead of the file contents.
I say this because the policies are built on rules around file content, file properties, and the protocol. The policy appears to be only applied to a single file at a time.
I.e. When I drag 5 files with policy matching data there will be 5 incidents, not 1 incident with 5 files.
Does anyone know of a way around this?
0
↧
SMSMSE on Edge transport Exchange 2016 ?
I need a solution
Hi,i found a article
If you are installing SMSMSE on an Exchange 2007 server or an Exchange 2010 server,install the product on all of the following server roles in your organization:
- Edge Transport servers, if available
- Hub Transport servers
- Mailbox servers
But there is nothing for Exchange 2016; how to install or configure it on a transport edge
or is it not required any more?
best regards
Markus
0
↧
Is there specific installation on SEP with ADC enabled?
I need a solution
Hey guys,
Is there any files or registry that is unique to SEP clients that have Application and Device Control? Since there's no native logs on SEPM to tell who doesn't or does have ADC enabled, we though that maybe by checking the installation folder or registry. we can determine those that doesn't have ADC. I hope someone can tell us about this since this is our last resort.
Thank you,
0
↧