Hi,

i just wanted to know is there a hardening document or procedure for ASG200 with SGOS 6.7 ?, i recieved several requests from my customers but am not sure if its really available.

Hi,

We have problem just on few servers on our site:

Nov 15, 2017 1:37:29 PM Java LiveUpdate launched with the command line = [ -p Avenge MicroDefs25 SavCorp10 Linux -v MicroDefsB.Error -l SymAllLanguages -t HubDefs -z 0 ] [ -p Avenge MicroDefs25 SavCorp10 Linux -v MicroDefsB.Error -l SymAllLanguages -t CurDefs -z 0 ] [ -p Avenge MicroDefs25 SavCorp10 Linux -v MicroDefsB.CurDefs -l SymAllLanguages -t CurDefs -z 0 ] 
Nov 15, 2017 1:37:29 PM   Avenge MicroDefs25 SavCorp10 Linux, MicroDefsB.Error, SymAllLanguages, HubDefs, 0
Nov 15, 2017 1:37:29 PM   Avenge MicroDefs25 SavCorp10 Linux, MicroDefsB.Error, SymAllLanguages, CurDefs, 0
Nov 15, 2017 1:37:29 PM   Avenge MicroDefs25 SavCorp10 Linux, MicroDefsB.CurDefs, SymAllLanguages, CurDefs, 0
Nov 15, 2017 1:37:29 PM Using character set UTF-8
Nov 15, 2017 1:37:29 PM Command-line Product Selections to update:
Nov 15, 2017 1:37:29 PM (ProdName, Version, Lang, ItemSeqName, SeqNum)
Nov 15, 2017 1:37:29 PM Adding JLU to the current command line
Nov 15, 2017 1:37:29 PM   JLU Linux, 3.10.2, English, LiveUpdateSeq, 13
Nov 15, 2017 1:40:22 PM Java Version 1.8.0_152.
Nov 15, 2017 1:40:22 PM Linux 3.10.0-693.5.2.el7.x86_64
Nov 15, 2017 1:40:22 PM Java LiveUpdate version 3.10.2 Build 13.
Nov 15, 2017 1:40:22 PM ProductInventory: parsed default inventory file: /etc/Product.Catalog.JavaLiveUpdate
Nov 15, 2017 1:40:22 PM Inventory File Product Selections to update:
Nov 15, 2017 1:40:22 PM (ProdName, Version, Lang, ItemSeqName, SeqNum)
Nov 15, 2017 1:40:22 PM   Avenge MicroDefs25 SavCorp10 Linux, MicroDefsB.CurDefs, SymAllLanguages, HubDefs, 0
Nov 15, 2017 1:40:22 PM   Avenge MicroDefs25 SavCorp10 Linux, MicroDefsB.CurDefs, SymAllLanguages, CurDefs, 0
Nov 15, 2017 1:40:22 PM The property maxZipFileSize in config file is 614,400
Nov 15, 2017 1:40:22 PM The property maxTriFileSize in config file is 104857604532, not a valid integer
Nov 15, 2017 1:40:22 PM The property maxTriFileSize in config file changed to 10,485,760
Nov 15, 2017 1:40:22 PM The property maxPackageSize in config file is 10737418243423, not a valid integer
Nov 15, 2017 1:40:22 PM The property maxPackageSize in config file changed to 734,003,200
Nov 15, 2017 1:40:22 PM The property maxPackageContentSize in config file is 1342177280324, not a valid integer
Nov 15, 2017 1:40:22 PM The property maxPackageContentSize in config file changed to 734,003,200
Nov 15, 2017 1:40:22 PM The property enableIPv4Preference is not set in config file
Nov 15, 2017 1:40:22 PM Checking to see if JLU can connect to its own listener thread.
Nov 15, 2017 1:40:22 PM Checking to see if a session of JLU is running at port 35785.
Nov 15, 2017 1:40:22 PM An active JLU session has been detected.
Nov 15, 2017 1:40:22 PM JLU was able to successfully connect to its own listener thread.
Nov 15, 2017 1:40:22 PM Downloading minitri.flg to /tmp/1510753222409/minitri.flg ...
Nov 15, 2017 1:40:22 PM Connecting to srva347.btcs.lcl:7070 via HTTP ...
Nov 15, 2017 1:40:22 PM Connected to 10.136.200.53 sending request ...
Nov 15, 2017 1:40:22 PM Waiting for response ...
Nov 15, 2017 1:40:22 PM Receiving file ...
Nov 15, 2017 1:40:22 PM Transfer completed in 9 ms (28,888 bytes/sec)
Nov 15, 2017 1:40:22 PM Downloading avenge$20microdefs25$20savcorp10$20linux_microdefsb.curdefs_symalllanguages_livetri.zip to /tmp/1510753222409/avenge$20microdefs25$20savcorp10$20linux_microdefsb.curdefs_symalllanguages_livetri.zip ...
Nov 15, 2017 1:40:22 PM Connecting to 10.136.200.53 via HTTP ...
Nov 15, 2017 1:40:22 PM Connected to 10.136.200.53 sending request ...
Nov 15, 2017 1:40:22 PM Waiting for response ...
Nov 15, 2017 1:40:22 PM Receiving file ...
Nov 15, 2017 1:40:22 PM Transfer completed in 5 ms (1,002,200 bytes/sec)
Nov 15, 2017 1:40:22 PM Downloading jlu$20linux_3.10.2_english_livetri.zip to /tmp/1510753222409/jlu$20linux_3.10.2_english_livetri.zip ...
Nov 15, 2017 1:40:22 PM Connecting to 10.136.200.53 via HTTP ...
Nov 15, 2017 1:40:22 PM Connected to 10.136.200.53 sending request ...
Nov 15, 2017 1:40:22 PM Waiting for response ...
Nov 15, 2017 1:40:22 PM Downloading avenge$20microdefs25$20savcorp10$20linux_microdefsb.error_symalllanguages_livetri.zip to /tmp/1510753222409/avenge$20microdefs25$20savcorp10$20linux_microdefsb.error_symalllanguages_livetri.zip ...
Nov 15, 2017 1:40:22 PM Connecting to 10.136.200.53 via HTTP ...
Nov 15, 2017 1:40:22 PM Connected to 10.136.200.53 sending request ...
Nov 15, 2017 1:40:22 PM Waiting for response ...
Nov 15, 2017 1:40:22 PM Receiving file ...
Nov 15, 2017 1:40:22 PM Transfer completed in 5 ms (752,000 bytes/sec)
Nov 15, 2017 1:40:22 PM The zip entry is liveupdt.tri
Nov 15, 2017 1:40:22 PM The zip entry is liveupdt.grd
Nov 15, 2017 1:40:22 PM The zip entry is liveupdt.sig
Nov 15, 2017 1:40:22 PM Unzipping avenge$20microdefs25$20savcorp10$20linux_microdefsb.curdefs_symalllanguages_livetri.zip into /tmp/1510753222409/avenge$20microdefs25$20savcorp10$20linux_microdefsb.curdefs_symalllanguages_livetri.zip1510753222873 ...
Nov 15, 2017 1:40:22 PM The zip file downloaded is a catalog file
Nov 15, 2017 1:40:22 PM Extracting liveupdt.tri
Nov 15, 2017 1:40:22 PM Total number of bytes read is 6,577
Nov 15, 2017 1:40:22 PM Extracting liveupdt.grd
Nov 15, 2017 1:40:22 PM Total number of bytes read is 2,599
Nov 15, 2017 1:40:22 PM Extracting liveupdt.sig
Nov 15, 2017 1:40:22 PM Total number of bytes read is 3,311
Nov 15, 2017 1:40:22 PM Unzipping completed
Nov 15, 2017 1:40:22 PM Loading root certificate
Nov 15, 2017 1:40:22 PM Setting certificate restrictions
Nov 15, 2017 1:40:22 PM Loading guard file:  /tmp/1510753222409/avenge$20microdefs25$20savcorp10$20linux_microdefsb.curdefs_symalllanguages_livetri.zip1510753222873/liveupdt.grd
Nov 15, 2017 1:40:23 PM The zip entry is liveupdt.tri
Nov 15, 2017 1:40:23 PM The zip entry is liveupdt.grd
Nov 15, 2017 1:40:23 PM The zip entry is liveupdt.sig
Nov 15, 2017 1:40:23 PM Unzipping avenge$20microdefs25$20savcorp10$20linux_microdefsb.error_symalllanguages_livetri.zip into /tmp/1510753222409/avenge$20microdefs25$20savcorp10$20linux_microdefsb.error_symalllanguages_livetri.zip1510753223056 ...
Nov 15, 2017 1:40:23 PM The zip file downloaded is a catalog file
Nov 15, 2017 1:40:23 PM Extracting liveupdt.tri
Nov 15, 2017 1:40:23 PM Total number of bytes read is 968
Nov 15, 2017 1:40:23 PM Extracting liveupdt.grd
Nov 15, 2017 1:40:23 PM Total number of bytes read is 467
Nov 15, 2017 1:40:23 PM Extracting liveupdt.sig
Nov 15, 2017 1:40:23 PM Total number of bytes read is 3,311
Nov 15, 2017 1:40:23 PM Unzipping completed
Nov 15, 2017 1:40:23 PM Loading guard file:  /tmp/1510753222409/avenge$20microdefs25$20savcorp10$20linux_microdefsb.error_symalllanguages_livetri.zip1510753223056/liveupdt.grd
Nov 15, 2017 1:40:23 PM FreeSpace available on /tmp/1510753222409 is 35271936 KB.
Nov 15, 2017 1:40:23 PM FreeSpace available on /tmp/1510753222409 is 35271936 KB.
Nov 15, 2017 1:40:23 PM Precondtion evaluation succeeded for expression .
Nov 15, 2017 1:40:23 PM Downloading 1510673696jtun_sav10enncur25.lin to /tmp/1510753222409/1510673696jtun_sav10enncur25.lin ...
Nov 15, 2017 1:40:23 PM Connecting to 10.136.200.53 via HTTP ...
Nov 15, 2017 1:40:23 PM Connected to 10.136.200.53 sending request ...
Nov 15, 2017 1:40:23 PM Connecting to 10.136.200.53 via HTTP ...
Nov 15, 2017 1:40:23 PM Connected to 10.136.200.53 sending request ...
Nov 15, 2017 1:40:23 PM Waiting for response ...
Nov 15, 2017 1:40:23 PM This same file is already present in cache. Hence, will not be redownloaded: /tmp/1510753222409/1510673696jtun_sav10enncur25.lin.
Nov 15, 2017 1:40:23 PM Checking authenticity of package /tmp/1510753222409/1510673696jtun_sav10enncur25.lin
Nov 15, 2017 1:40:23 PM The zip entry is cur.scr
Nov 15, 2017 1:40:23 PM The zip entry is hf.999
Nov 15, 2017 1:40:24 PM The zip entry is hp.998
Nov 15, 2017 1:40:24 PM The zip entry is tcdefs.997
Nov 15, 2017 1:40:24 PM The zip entry is tcscan7.996
Nov 15, 2017 1:40:24 PM The zip entry is tcscan8.995
Nov 15, 2017 1:40:24 PM The zip entry is tcscan9.994
Nov 15, 2017 1:40:24 PM The zip entry is tinf.993
Nov 15, 2017 1:40:24 PM The zip entry is tinfl.992
Nov 15, 2017 1:40:24 PM The zip entry is tscan1.991
Nov 15, 2017 1:40:24 PM The zip entry is v.989
Nov 15, 2017 1:40:24 PM The zip entry is v.990
Nov 15, 2017 1:40:24 PM The zip entry is v1.988
Nov 15, 2017 1:40:24 PM The zip entry is virscan1.987
Nov 15, 2017 1:40:24 PM The zip entry is virscan2.986
Nov 15, 2017 1:40:24 PM The zip entry is virscan3.985
Nov 15, 2017 1:40:24 PM The zip entry is virscan4.984
Nov 15, 2017 1:40:24 PM The zip entry is virscan5.983
Nov 15, 2017 1:40:24 PM The zip entry is virscan6.982
Nov 15, 2017 1:40:24 PM The zip entry is virscan7.981
Nov 15, 2017 1:40:24 PM The zip entry is virscan8.980
Nov 15, 2017 1:40:24 PM The zip entry is virscan9.979
Nov 15, 2017 1:40:24 PM The zip entry is virscant.978
Nov 15, 2017 1:40:24 PM The zip entry is whatsnew.977
Nov 15, 2017 1:40:24 PM The zip entry is navuphub.dis
Nov 15, 2017 1:40:24 PM Unzipping 1510673696jtun_sav10enncur25.lin into /tmp/1510753222409/1510753224281 ...
Nov 15, 2017 1:40:24 PM Extracting cur.scr
Nov 15, 2017 1:40:24 PM Total number of bytes read is 1,019
Nov 15, 2017 1:40:24 PM Extracting hf.999
Nov 15, 2017 1:40:24 PM Total number of bytes read is 34,653,027
Nov 15, 2017 1:40:24 PM Extracting hp.998
Nov 15, 2017 1:40:24 PM Total number of bytes read is 10,496,764
Nov 15, 2017 1:40:24 PM Extracting tcdefs.997
Nov 15, 2017 1:40:24 PM Total number of bytes read is 6,233,648
Nov 15, 2017 1:40:24 PM Extracting tcscan7.996
Nov 15, 2017 1:40:24 PM Total number of bytes read is 1,462,096
Nov 15, 2017 1:40:24 PM Extracting tcscan8.995
Nov 15, 2017 1:40:24 PM Total number of bytes read is 598
Nov 15, 2017 1:40:24 PM Extracting tcscan9.994
Nov 15, 2017 1:40:24 PM Total number of bytes read is 61,649
Nov 15, 2017 1:40:24 PM Extracting tinf.993
Nov 15, 2017 1:40:24 PM Total number of bytes read is 94
Nov 15, 2017 1:40:24 PM Extracting tinfl.992
Nov 15, 2017 1:40:24 PM Total number of bytes read is 89
Nov 15, 2017 1:40:24 PM Extracting tscan1.991
Nov 15, 2017 1:40:24 PM Total number of bytes read is 1,632
Nov 15, 2017 1:40:24 PM Extracting v.989
Nov 15, 2017 1:40:24 PM Total number of bytes read is 1,045
Nov 15, 2017 1:40:24 PM Extracting v.990
Nov 15, 2017 1:40:24 PM Total number of bytes read is 2,705
Nov 15, 2017 1:40:24 PM Extracting v1.988
Nov 15, 2017 1:40:24 PM Total number of bytes read is 1,046
Nov 15, 2017 1:40:24 PM Extracting virscan1.987
Nov 15, 2017 1:40:24 PM Total number of bytes read is 2,804
Nov 15, 2017 1:40:24 PM Extracting virscan2.986
Nov 15, 2017 1:40:24 PM Total number of bytes read is 2,242
Nov 15, 2017 1:40:24 PM Extracting virscan3.985
Nov 15, 2017 1:40:24 PM Total number of bytes read is 274
Nov 15, 2017 1:40:24 PM Extracting virscan4.984
Nov 15, 2017 1:40:24 PM Total number of bytes read is 12,141
Nov 15, 2017 1:40:24 PM Extracting virscan5.983
Nov 15, 2017 1:40:24 PM Total number of bytes read is 125,738
Nov 15, 2017 1:40:24 PM Extracting virscan6.982
Nov 15, 2017 1:40:24 PM Total number of bytes read is 25,292
Nov 15, 2017 1:40:24 PM Extracting virscan7.981
Nov 15, 2017 1:40:24 PM Total number of bytes read is 35,222
Nov 15, 2017 1:40:24 PM Extracting virscan8.980
Nov 15, 2017 1:40:24 PM Total number of bytes read is 7,627
Nov 15, 2017 1:40:24 PM Extracting virscan9.979
Nov 15, 2017 1:40:24 PM Total number of bytes read is 1,006,906
Nov 15, 2017 1:40:24 PM Extracting virscant.978
Nov 15, 2017 1:40:24 PM Total number of bytes read is 87
Nov 15, 2017 1:40:24 PM Extracting whatsnew.977
Nov 15, 2017 1:40:24 PM Total number of bytes read is 5,449
Nov 15, 2017 1:40:24 PM Extracting navuphub.dis
Nov 15, 2017 1:40:24 PM Total number of bytes read is 229
Nov 15, 2017 1:40:24 PM Unzipping completed
Nov 15, 2017 1:40:24 PM Making /tmp/1510753222409/1510753224281/navuphub.dis executable ...
Nov 15, 2017 1:40:24 PM Running /tmp/1510753222409/1510753224281/navuphub.dis ...
Nov 15, 2017 1:40:25 PM FreeSpace available on /tmp/1510753222409 is 35217320 KB.
Nov 15, 2017 1:40:25 PM FreeSpace available on /tmp/1510753222409 is 35217320 KB.
Nov 15, 2017 1:40:25 PM Precondtion evaluation succeeded for expression .
Nov 15, 2017 1:40:25 PM Downloading 1508251709jtun_sav10ennful25.lin to /tmp/1510753222409/1508251709jtun_sav10ennful25.lin ...
Nov 15, 2017 1:40:25 PM Connecting to 10.136.200.53 via HTTP ...
Nov 15, 2017 1:40:25 PM Connected to 10.136.200.53 sending request ...
Nov 15, 2017 1:40:25 PM Connecting to 10.136.200.53 via HTTP ...
Nov 15, 2017 1:40:25 PM Connected to 10.136.200.53 sending request ...
Nov 15, 2017 1:40:25 PM Waiting for response ...
Nov 15, 2017 1:40:25 PM Waiting for response ...
Nov 15, 2017 1:40:25 PM 
Nov 15, 2017 1:40:25 PM The Java LiveUpdate session did not complete successfully.
Nov 15, 2017 1:40:25 PM Return code = -1
Nov 15, 2017 1:40:25 PM 

Already done: Disable savtray (errors in debug.log).

Some server can freely update from local LUA server, and few can't update with return code -1. Version of SEP and Java the same.

Hi Guys,

We have an issue with one of our users not being able to access an application as it it crashes everytime he tries to open it. I've added exceptions for this applications, verified that his machine is receiving the same policies as on SEPM, checked logs as well but there's no indication that Symantec can be causing this issue. How possible is it that Symantec might be the problem since he's the only user with the problem. Any solutions to this?

Thanks. Looking forward to your replies.

I'm working on building a deployment of Windows 10 version 1703 using an SCCM upgrade task sequence while another SCCM admin is working on deploying an upgrade to SEP 14 to our SEP 12 clients. Is it possible to add the SEP 14 upgrade to the task sequence to have it upgrade the SEP client before it installs the Win10 upgrade?

I've done a test where SCCM runs the task sequence, upgrades the SEP 14 client, and restarts. It requires logging back into the computer manually and them SCCM finished the Windows 10 upgrade about 15 minutes later. That's not a very seamless process. I'd like to see if I can fully automate it without the manual logon.

Any better solutions out there?

My last resort will be to write a PowerShell script that checks for the SEP client version and stops the task sequence, asking the user to call the service desk to finish the upgrade.

Hello,

I create a new IDM profile for one pdf file and create a new rule to my endpoint server detect a incidents when the pdf file is copy to a removable storage, Its possible use IDM with endpoint agent? because no incidents are create or is bad configuration of the rule , can helpme?

I read this KB https://support.symantec.com/en_US/article.TECH233905.html and all the , in the endpoint server and the advance configuration are correct.

Attach some image from the config

I needed to remove PGP from a Windows 7 laptop.  I unencrypted the 480GB drive without issue and then uninstalled PGP and rebooted – the laptop then blue-screened and has never successfully booted since.

I ran Windows Repair Disk to no effect - told me the partition existed but with 0 MB.  Hoping to salvage the data, I pulled the drive and tried to mount it to another Windows laptop via a SATA-to-USB adapter - Windows replied that the drive needed to be formatted before it could be used.  I tried the same on an Ubuntu laptop -  the error message stated the 120GB drive couldn’t be mounted.

Catch that?  The drive I had was 480GBs but it was now reading as only 120GBs.  About 3 months ago, I cloned my old 120GB to a new 480GB and then used DISKPART to expand it out – worked perfectly, no issues at all since then either.

So, my working theory is: PGP was installed on a 120GB drive and essentially “seized up” due to some sort of programmatical error when it was uninstalled from the same drive, which was now somehow much larger.  This in turn corrupted the partition or MBR somehow.

The data on the drive is of significant importance and (of course) my back-up failed as well, so I would welcome any suggestions.  Thank you in advance.

Hello all,

I would need your kind suggestions on below two Category for Executing the Script:

1. SCRIPT CONTENT (As per my understanding, we need to paste the Script here)

2. EXECUTE THE COMMAND (Use %F% to specify the script file name)

And what should be given here in the Execute command Category.. 

As we had tried multiple times with file name and location of the shared drive for the file to execute.

Still the Script seems to be not downloading through policy or executing when applied through Policy from SEPM.

But the same script works fine when just executed directly from the shared location. 

Some one who had already worked on HI Script configuration, please advise.... 

I had migrated the DLP enforce to another server. The INCIDENT_SNAPSHOT variable in email notification response rule is showing old server name insteading of new server name in the URL. How can I fix that?

Hello everyone,

Can anyone please provide me with the steps that needs to be done to integrate CAS 2.2 with Reporter 2.2 for reporting purposes?

Your support is appreciated in this regard. Thanks

Hi, not sure if this is the correct place for my query but here goes:

My team needs to regularly check URLs highlighted as potential IOCs in security advisories. The list can run to hundreds at one shot ...

Currently we're doing a manual check on website categorisation here  https://sitereview.bluecoat.com/sitereview.jsp

This only facilitates checking one URL at a time and would appreciate if anyone can share a method/way to check a group/multiple URLs - many thanks

Hi,

We have problem just on few servers on our site:

Nov 15, 2017 1:37:29 PM Java LiveUpdate launched with the command line = [ -p Avenge MicroDefs25 SavCorp10 Linux -v MicroDefsB.Error -l SymAllLanguages -t HubDefs -z 0 ] [ -p Avenge MicroDefs25 SavCorp10 Linux -v MicroDefsB.Error -l SymAllLanguages -t CurDefs -z 0 ] [ -p Avenge MicroDefs25 SavCorp10 Linux -v MicroDefsB.CurDefs -l SymAllLanguages -t CurDefs -z 0 ] 
Nov 15, 2017 1:37:29 PM   Avenge MicroDefs25 SavCorp10 Linux, MicroDefsB.Error, SymAllLanguages, HubDefs, 0
Nov 15, 2017 1:37:29 PM   Avenge MicroDefs25 SavCorp10 Linux, MicroDefsB.Error, SymAllLanguages, CurDefs, 0
Nov 15, 2017 1:37:29 PM   Avenge MicroDefs25 SavCorp10 Linux, MicroDefsB.CurDefs, SymAllLanguages, CurDefs, 0
Nov 15, 2017 1:37:29 PM Using character set UTF-8
Nov 15, 2017 1:37:29 PM Command-line Product Selections to update:
Nov 15, 2017 1:37:29 PM (ProdName, Version, Lang, ItemSeqName, SeqNum)
Nov 15, 2017 1:37:29 PM Adding JLU to the current command line
Nov 15, 2017 1:37:29 PM   JLU Linux, 3.10.2, English, LiveUpdateSeq, 13
Nov 15, 2017 1:40:22 PM Java Version 1.8.0_152.
Nov 15, 2017 1:40:22 PM Linux 3.10.0-693.5.2.el7.x86_64
Nov 15, 2017 1:40:22 PM Java LiveUpdate version 3.10.2 Build 13.
Nov 15, 2017 1:40:22 PM ProductInventory: parsed default inventory file: /etc/Product.Catalog.JavaLiveUpdate
Nov 15, 2017 1:40:22 PM Inventory File Product Selections to update:
Nov 15, 2017 1:40:22 PM (ProdName, Version, Lang, ItemSeqName, SeqNum)
Nov 15, 2017 1:40:22 PM   Avenge MicroDefs25 SavCorp10 Linux, MicroDefsB.CurDefs, SymAllLanguages, HubDefs, 0
Nov 15, 2017 1:40:22 PM   Avenge MicroDefs25 SavCorp10 Linux, MicroDefsB.CurDefs, SymAllLanguages, CurDefs, 0
Nov 15, 2017 1:40:22 PM The property maxZipFileSize in config file is 614,400
Nov 15, 2017 1:40:22 PM The property maxTriFileSize in config file is 104857604532, not a valid integer
Nov 15, 2017 1:40:22 PM The property maxTriFileSize in config file changed to 10,485,760
Nov 15, 2017 1:40:22 PM The property maxPackageSize in config file is 10737418243423, not a valid integer
Nov 15, 2017 1:40:22 PM The property maxPackageSize in config file changed to 734,003,200
Nov 15, 2017 1:40:22 PM The property maxPackageContentSize in config file is 1342177280324, not a valid integer
Nov 15, 2017 1:40:22 PM The property maxPackageContentSize in config file changed to 734,003,200
Nov 15, 2017 1:40:22 PM The property enableIPv4Preference is not set in config file
Nov 15, 2017 1:40:22 PM Checking to see if JLU can connect to its own listener thread.
Nov 15, 2017 1:40:22 PM Checking to see if a session of JLU is running at port 35785.
Nov 15, 2017 1:40:22 PM An active JLU session has been detected.
Nov 15, 2017 1:40:22 PM JLU was able to successfully connect to its own listener thread.
Nov 15, 2017 1:40:22 PM Downloading minitri.flg to /tmp/1510753222409/minitri.flg ...
Nov 15, 2017 1:40:22 PM Connecting to srva347.btcs.lcl:7070 via HTTP ...
Nov 15, 2017 1:40:22 PM Connected to 10.136.200.53 sending request ...
Nov 15, 2017 1:40:22 PM Waiting for response ...
Nov 15, 2017 1:40:22 PM Receiving file ...
Nov 15, 2017 1:40:22 PM Transfer completed in 9 ms (28,888 bytes/sec)
Nov 15, 2017 1:40:22 PM Downloading avenge$20microdefs25$20savcorp10$20linux_microdefsb.curdefs_symalllanguages_livetri.zip to /tmp/1510753222409/avenge$20microdefs25$20savcorp10$20linux_microdefsb.curdefs_symalllanguages_livetri.zip ...
Nov 15, 2017 1:40:22 PM Connecting to 10.136.200.53 via HTTP ...
Nov 15, 2017 1:40:22 PM Connected to 10.136.200.53 sending request ...
Nov 15, 2017 1:40:22 PM Waiting for response ...
Nov 15, 2017 1:40:22 PM Receiving file ...
Nov 15, 2017 1:40:22 PM Transfer completed in 5 ms (1,002,200 bytes/sec)
Nov 15, 2017 1:40:22 PM Downloading jlu$20linux_3.10.2_english_livetri.zip to /tmp/1510753222409/jlu$20linux_3.10.2_english_livetri.zip ...
Nov 15, 2017 1:40:22 PM Connecting to 10.136.200.53 via HTTP ...
Nov 15, 2017 1:40:22 PM Connected to 10.136.200.53 sending request ...
Nov 15, 2017 1:40:22 PM Waiting for response ...
Nov 15, 2017 1:40:22 PM Downloading avenge$20microdefs25$20savcorp10$20linux_microdefsb.error_symalllanguages_livetri.zip to /tmp/1510753222409/avenge$20microdefs25$20savcorp10$20linux_microdefsb.error_symalllanguages_livetri.zip ...
Nov 15, 2017 1:40:22 PM Connecting to 10.136.200.53 via HTTP ...
Nov 15, 2017 1:40:22 PM Connected to 10.136.200.53 sending request ...
Nov 15, 2017 1:40:22 PM Waiting for response ...
Nov 15, 2017 1:40:22 PM Receiving file ...
Nov 15, 2017 1:40:22 PM Transfer completed in 5 ms (752,000 bytes/sec)
Nov 15, 2017 1:40:22 PM The zip entry is liveupdt.tri
Nov 15, 2017 1:40:22 PM The zip entry is liveupdt.grd
Nov 15, 2017 1:40:22 PM The zip entry is liveupdt.sig
Nov 15, 2017 1:40:22 PM Unzipping avenge$20microdefs25$20savcorp10$20linux_microdefsb.curdefs_symalllanguages_livetri.zip into /tmp/1510753222409/avenge$20microdefs25$20savcorp10$20linux_microdefsb.curdefs_symalllanguages_livetri.zip1510753222873 ...
Nov 15, 2017 1:40:22 PM The zip file downloaded is a catalog file
Nov 15, 2017 1:40:22 PM Extracting liveupdt.tri
Nov 15, 2017 1:40:22 PM Total number of bytes read is 6,577
Nov 15, 2017 1:40:22 PM Extracting liveupdt.grd
Nov 15, 2017 1:40:22 PM Total number of bytes read is 2,599
Nov 15, 2017 1:40:22 PM Extracting liveupdt.sig
Nov 15, 2017 1:40:22 PM Total number of bytes read is 3,311
Nov 15, 2017 1:40:22 PM Unzipping completed
Nov 15, 2017 1:40:22 PM Loading root certificate
Nov 15, 2017 1:40:22 PM Setting certificate restrictions
Nov 15, 2017 1:40:22 PM Loading guard file:  /tmp/1510753222409/avenge$20microdefs25$20savcorp10$20linux_microdefsb.curdefs_symalllanguages_livetri.zip1510753222873/liveupdt.grd
Nov 15, 2017 1:40:23 PM The zip entry is liveupdt.tri
Nov 15, 2017 1:40:23 PM The zip entry is liveupdt.grd
Nov 15, 2017 1:40:23 PM The zip entry is liveupdt.sig
Nov 15, 2017 1:40:23 PM Unzipping avenge$20microdefs25$20savcorp10$20linux_microdefsb.error_symalllanguages_livetri.zip into /tmp/1510753222409/avenge$20microdefs25$20savcorp10$20linux_microdefsb.error_symalllanguages_livetri.zip1510753223056 ...
Nov 15, 2017 1:40:23 PM The zip file downloaded is a catalog file
Nov 15, 2017 1:40:23 PM Extracting liveupdt.tri
Nov 15, 2017 1:40:23 PM Total number of bytes read is 968
Nov 15, 2017 1:40:23 PM Extracting liveupdt.grd
Nov 15, 2017 1:40:23 PM Total number of bytes read is 467
Nov 15, 2017 1:40:23 PM Extracting liveupdt.sig
Nov 15, 2017 1:40:23 PM Total number of bytes read is 3,311
Nov 15, 2017 1:40:23 PM Unzipping completed
Nov 15, 2017 1:40:23 PM Loading guard file:  /tmp/1510753222409/avenge$20microdefs25$20savcorp10$20linux_microdefsb.error_symalllanguages_livetri.zip1510753223056/liveupdt.grd
Nov 15, 2017 1:40:23 PM FreeSpace available on /tmp/1510753222409 is 35271936 KB.
Nov 15, 2017 1:40:23 PM FreeSpace available on /tmp/1510753222409 is 35271936 KB.
Nov 15, 2017 1:40:23 PM Precondtion evaluation succeeded for expression .
Nov 15, 2017 1:40:23 PM Downloading 1510673696jtun_sav10enncur25.lin to /tmp/1510753222409/1510673696jtun_sav10enncur25.lin ...
Nov 15, 2017 1:40:23 PM Connecting to 10.136.200.53 via HTTP ...
Nov 15, 2017 1:40:23 PM Connected to 10.136.200.53 sending request ...
Nov 15, 2017 1:40:23 PM Connecting to 10.136.200.53 via HTTP ...
Nov 15, 2017 1:40:23 PM Connected to 10.136.200.53 sending request ...
Nov 15, 2017 1:40:23 PM Waiting for response ...
Nov 15, 2017 1:40:23 PM This same file is already present in cache. Hence, will not be redownloaded: /tmp/1510753222409/1510673696jtun_sav10enncur25.lin.
Nov 15, 2017 1:40:23 PM Checking authenticity of package /tmp/1510753222409/1510673696jtun_sav10enncur25.lin
Nov 15, 2017 1:40:23 PM The zip entry is cur.scr
Nov 15, 2017 1:40:23 PM The zip entry is hf.999
Nov 15, 2017 1:40:24 PM The zip entry is hp.998
Nov 15, 2017 1:40:24 PM The zip entry is tcdefs.997
Nov 15, 2017 1:40:24 PM The zip entry is tcscan7.996
Nov 15, 2017 1:40:24 PM The zip entry is tcscan8.995
Nov 15, 2017 1:40:24 PM The zip entry is tcscan9.994
Nov 15, 2017 1:40:24 PM The zip entry is tinf.993
Nov 15, 2017 1:40:24 PM The zip entry is tinfl.992
Nov 15, 2017 1:40:24 PM The zip entry is tscan1.991
Nov 15, 2017 1:40:24 PM The zip entry is v.989
Nov 15, 2017 1:40:24 PM The zip entry is v.990
Nov 15, 2017 1:40:24 PM The zip entry is v1.988
Nov 15, 2017 1:40:24 PM The zip entry is virscan1.987
Nov 15, 2017 1:40:24 PM The zip entry is virscan2.986
Nov 15, 2017 1:40:24 PM The zip entry is virscan3.985
Nov 15, 2017 1:40:24 PM The zip entry is virscan4.984
Nov 15, 2017 1:40:24 PM The zip entry is virscan5.983
Nov 15, 2017 1:40:24 PM The zip entry is virscan6.982
Nov 15, 2017 1:40:24 PM The zip entry is virscan7.981
Nov 15, 2017 1:40:24 PM The zip entry is virscan8.980
Nov 15, 2017 1:40:24 PM The zip entry is virscan9.979
Nov 15, 2017 1:40:24 PM The zip entry is virscant.978
Nov 15, 2017 1:40:24 PM The zip entry is whatsnew.977
Nov 15, 2017 1:40:24 PM The zip entry is navuphub.dis
Nov 15, 2017 1:40:24 PM Unzipping 1510673696jtun_sav10enncur25.lin into /tmp/1510753222409/1510753224281 ...
Nov 15, 2017 1:40:24 PM Extracting cur.scr
Nov 15, 2017 1:40:24 PM Total number of bytes read is 1,019
Nov 15, 2017 1:40:24 PM Extracting hf.999
Nov 15, 2017 1:40:24 PM Total number of bytes read is 34,653,027
Nov 15, 2017 1:40:24 PM Extracting hp.998
Nov 15, 2017 1:40:24 PM Total number of bytes read is 10,496,764
Nov 15, 2017 1:40:24 PM Extracting tcdefs.997
Nov 15, 2017 1:40:24 PM Total number of bytes read is 6,233,648
Nov 15, 2017 1:40:24 PM Extracting tcscan7.996
Nov 15, 2017 1:40:24 PM Total number of bytes read is 1,462,096
Nov 15, 2017 1:40:24 PM Extracting tcscan8.995
Nov 15, 2017 1:40:24 PM Total number of bytes read is 598
Nov 15, 2017 1:40:24 PM Extracting tcscan9.994
Nov 15, 2017 1:40:24 PM Total number of bytes read is 61,649
Nov 15, 2017 1:40:24 PM Extracting tinf.993
Nov 15, 2017 1:40:24 PM Total number of bytes read is 94
Nov 15, 2017 1:40:24 PM Extracting tinfl.992
Nov 15, 2017 1:40:24 PM Total number of bytes read is 89
Nov 15, 2017 1:40:24 PM Extracting tscan1.991
Nov 15, 2017 1:40:24 PM Total number of bytes read is 1,632
Nov 15, 2017 1:40:24 PM Extracting v.989
Nov 15, 2017 1:40:24 PM Total number of bytes read is 1,045
Nov 15, 2017 1:40:24 PM Extracting v.990
Nov 15, 2017 1:40:24 PM Total number of bytes read is 2,705
Nov 15, 2017 1:40:24 PM Extracting v1.988
Nov 15, 2017 1:40:24 PM Total number of bytes read is 1,046
Nov 15, 2017 1:40:24 PM Extracting virscan1.987
Nov 15, 2017 1:40:24 PM Total number of bytes read is 2,804
Nov 15, 2017 1:40:24 PM Extracting virscan2.986
Nov 15, 2017 1:40:24 PM Total number of bytes read is 2,242
Nov 15, 2017 1:40:24 PM Extracting virscan3.985
Nov 15, 2017 1:40:24 PM Total number of bytes read is 274
Nov 15, 2017 1:40:24 PM Extracting virscan4.984
Nov 15, 2017 1:40:24 PM Total number of bytes read is 12,141
Nov 15, 2017 1:40:24 PM Extracting virscan5.983
Nov 15, 2017 1:40:24 PM Total number of bytes read is 125,738
Nov 15, 2017 1:40:24 PM Extracting virscan6.982
Nov 15, 2017 1:40:24 PM Total number of bytes read is 25,292
Nov 15, 2017 1:40:24 PM Extracting virscan7.981
Nov 15, 2017 1:40:24 PM Total number of bytes read is 35,222
Nov 15, 2017 1:40:24 PM Extracting virscan8.980
Nov 15, 2017 1:40:24 PM Total number of bytes read is 7,627
Nov 15, 2017 1:40:24 PM Extracting virscan9.979
Nov 15, 2017 1:40:24 PM Total number of bytes read is 1,006,906
Nov 15, 2017 1:40:24 PM Extracting virscant.978
Nov 15, 2017 1:40:24 PM Total number of bytes read is 87
Nov 15, 2017 1:40:24 PM Extracting whatsnew.977
Nov 15, 2017 1:40:24 PM Total number of bytes read is 5,449
Nov 15, 2017 1:40:24 PM Extracting navuphub.dis
Nov 15, 2017 1:40:24 PM Total number of bytes read is 229
Nov 15, 2017 1:40:24 PM Unzipping completed
Nov 15, 2017 1:40:24 PM Making /tmp/1510753222409/1510753224281/navuphub.dis executable ...
Nov 15, 2017 1:40:24 PM Running /tmp/1510753222409/1510753224281/navuphub.dis ...
Nov 15, 2017 1:40:25 PM FreeSpace available on /tmp/1510753222409 is 35217320 KB.
Nov 15, 2017 1:40:25 PM FreeSpace available on /tmp/1510753222409 is 35217320 KB.
Nov 15, 2017 1:40:25 PM Precondtion evaluation succeeded for expression .
Nov 15, 2017 1:40:25 PM Downloading 1508251709jtun_sav10ennful25.lin to /tmp/1510753222409/1508251709jtun_sav10ennful25.lin ...
Nov 15, 2017 1:40:25 PM Connecting to 10.136.200.53 via HTTP ...
Nov 15, 2017 1:40:25 PM Connected to 10.136.200.53 sending request ...
Nov 15, 2017 1:40:25 PM Connecting to 10.136.200.53 via HTTP ...
Nov 15, 2017 1:40:25 PM Connected to 10.136.200.53 sending request ...
Nov 15, 2017 1:40:25 PM Waiting for response ...
Nov 15, 2017 1:40:25 PM Waiting for response ...
Nov 15, 2017 1:40:25 PM 
Nov 15, 2017 1:40:25 PM The Java LiveUpdate session did not complete successfully.
Nov 15, 2017 1:40:25 PM Return code = -1
Nov 15, 2017 1:40:25 PM 

Already done: Disable savtray (errors in debug.log).

Some server can freely update from local LUA server, and few can't update with return code -1. Version of SEP and Java the same.

Hi Guys,

We have an issue with one of our users not being able to access an application as it it crashes everytime he tries to open it. I've added exceptions for this applications, verified that his machine is receiving the same policies as on SEPM, checked logs as well but there's no indication that Symantec can be causing this issue. How possible is it that Symantec might be the problem since he's the only user with the problem. Any solutions to this?

Thanks. Looking forward to your replies.

Bonjour,

Sur notre serveur SEPM nous avons mis en place des notifications par alertes mails.

Le problème que nous rencontrons est que les variables dans le titre du mail ne fonctionnent pas.

Exemple : nous recevons des mails avec pour titre : Evénement de risque unique : la machine [nom de l’ordinateur] est infectée par [nom du virus], action [action de virus]

Les champs "[nom de l'ordinateur], [nom du virus], [action du virus]" s'affichent tel quel dans le mail.

Avez-vous une idée pour résoudre ce problème ?

Merci,

Cordialement,

I'm working on building a deployment of Windows 10 version 1703 using an SCCM upgrade task sequence while another SCCM admin is working on deploying an upgrade to SEP 14 to our SEP 12 clients. Is it possible to add the SEP 14 upgrade to the task sequence to have it upgrade the SEP client before it installs the Win10 upgrade?

I've done a test where SCCM runs the task sequence, upgrades the SEP 14 client, and restarts. It requires logging back into the computer manually and them SCCM finished the Windows 10 upgrade about 15 minutes later. That's not a very seamless process. I'd like to see if I can fully automate it without the manual logon.

Any better solutions out there?

My last resort will be to write a PowerShell script that checks for the SEP client version and stops the task sequence, asking the user to call the service desk to finish the upgrade.

Hello,

I create a new IDM profile for one pdf file and create a new rule to my endpoint server detect a incidents when the pdf file is copy to a removable storage, Its possible use IDM with endpoint agent? because no incidents are create or is bad configuration of the rule , can helpme?

I read this KB https://support.symantec.com/en_US/article.TECH233905.html and all the , in the endpoint server and the advance configuration are correct.

Attach some image from the config

Trying to run a live update command but the /tmp/ directory is only 1gb in size, this is causing the liveupdate to error out, is there anyway to set this to a different directory?

Command:

[root@Host symantec_antivirus]# ./sav liveupdate -u
Command failed: Problem with LiveUpdate.
Check that java directory is in PATH
Unable to perform update

#cat liveupdt.log
Nov 15, 2017 2:59:38 PM Unzipping 1510757147jtun_sav10enncur25.lin into /tmp/1510775977435/1510775978191 ...
Nov 15, 2017 2:59:38 PM Extracting cur.scr
Nov 15, 2017 2:59:38 PM Total number of bytes read is 1,004
[REDACTED]
Nov 15, 2017 2:59:38 PM Unzipping completed
Nov 15, 2017 2:59:38 PM Making /tmp/1510775977435/1510775978191/navuphub.dis executable ...
Nov 15, 2017 2:59:38 PM Running /tmp/1510775977435/1510775978191/navuphub.dis ...
Nov 15, 2017 2:59:38 PM FreeSpace available on /tmp/1510775977435 is 639648 KB.
Nov 15, 2017 2:59:38 PM FreeSpace available on /tmp/1510775977435 is 639648 KB.
Nov 15, 2017 2:59:38 PM FreeSpace available on /tmp/1510775977435 is 639648 KB.
Nov 15, 2017 2:59:38 PM FreeSpace available on /tmp/1510775977435 is 639648 KB.
Nov 15, 2017 2:59:38 PM Disk space check for 1510757147jtun_sav10ennful25.lin failed. Requested free space was 906.137 (in MB).
Nov 15, 2017 2:59:38 PM
Nov 15, 2017 2:59:38 PM The Java LiveUpdate session did not complete successfully.
Nov 15, 2017 2:59:38 PM Return code = 246
Nov 15, 2017 2:59:38 PM

[root@Host symantec_antivirus]# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/mpathjp3  5.0G  3.0G  1.8G  63% /
tmpfs                 5.9G  3.9G  2.0G  68% /dev/shm
/dev/mapper/mpathjp1  248M   79M  158M  34% /boot
/dev/mapper/mpathjp7  9.9G  602M  8.8G   7% /home
/dev/mapper/mpathjp9 1008M  332M  625M  35% /tmp
/dev/mapper/mpathjp5   79G   41G   39G  52% /u01
/dev/mapper/mpathjp6   20G  7.9G   11G  43% /u02
/dev/mapper/mpathjp8  9.9G  1.7G  7.8G  18% /usr
/dev/mapper/mpathjp10
                      139G  100G   32G  76% /var

Does anyone know if it´s possible to start an on-demand or power eraser scan through the SEP API?

I´ve been looking at the API documentation, but can´t find any API to start commands just move clients between groups etc. 

(Please don´t just post links to the API documention unless you have found an API command that can perform a scan)
 

Norton Security blocks me from browsing (Chrome) of my websites which it says is infected with “JS.Coinminer Download 6” and “JS.Coinminer Download 8” (images of alerts below FYI).

I have used Sourcetree (Bitbucket) to clone the Word Press folder of this website and run a scan of Norton Security on this folder. The Norton Security scan initially took over 12 hours and was still running in the morning. After contcating Norton Support they restarted DNS and finally ran another scan of the GIT folder which said it was clean…which was a little weird considering it should have showed some sort of infection…

Now im suspecting Norton Security is giving a “false” positive based on its signature of the JSCoinminer threat (which I think includes redirects). I have yet to confirm this but have lodged a second level issue with Norton as  first level was unable to give me any more details (after 2 hours and three support remote sessions…).

Does anyone know why this JSCoinminer Download 6 and 8 might be flagging my website? Any help appreciated.

can we use the PSG to time out (stop) persistent connections such as a User leaving their browser on news.com.au for a weekend?

Last week upgraded our two SEPMs on Windows Server 2016 to 14 RU1, but now the option to enable Generic Exploit Mitigation is missing from Intrusion Prevent policy. Did it move? I’m asking because I’m seeing some SEP clients report into SEPM that the Generic Exploit Mitigation is disabled and I went to check the policy to ensure it was enable and locked. However it appears to have been either removed or moved in 14 RU1.

According to https://support.symantec.com/en_US/article.HOWTO125837.html, the option to enable and lock Generic Exploit Mitigation is under Policies > Intrusion Prevention and right-click an Intrusion Prevent policy and select Edit. When I go there Generic Exploit Migration on the left is missing. I even created a new policy, but it is still missing. Where can I find the options for Generic Exploit Migration in 14 RU1?