Hi,
we having SEP solution in our infra, I am getting below events from sep even after scanning and updating our workstations.
"Attack: SMB Double Pulsar Ping,
OS Attack: Microsoft SMB MS17-010 Disclosure Attempt"
please suggest me a solution to fix it.
Thanks,
Prem
I have just completed the exercise to migrate sepm to Windows Server 2008 R2 and upgraded from version 12 to 14. After upgrading the sepm and deployed the client package 14.0.3752.1000, most of the clients virus definition not updated since then and some of the clients virus definition shows "Not available". I have no idea what has gone wrong. Please advise some fixes that I can resolve this problem, thank you.
Dears I'm trying to use a singed certificate for CAS management interface.
I'm able to create the certificate and sign it from our CA. when I upload the certificate I get failure Alert and certificate doesn't upload.
I don't know what type of failure is it.
does anybody knows the reason of failure?
CAS 2.2.1.1
Thanks in advance.
Hi,
Having a valid URL in the email containing encoding of special characters in the parameter of the URL e.g. %2F, will result in below Click-time URL.
https://clicktime.symantec.com/a/1/C0wv3lbDolkuNfSupOJp3P8xaadEbLTclU6XnduaqBo=?d=4z70XHCj7cpIYpa1umVY5H7J5rqp32gUhGyVLniLOtpNFX3p7Q2Knxo63ke1kuerU8JGG-bwExZg2KkCy2uw3ENu08D91Z2Y_qsG5USEyWMyG9DgSXJJzaKwoSJ-c--iCo0iAzLh1YTAHwlNTsWmlUFpE_VTOrRo6zS6glZCYVJvJXFwquV62D74WnC7AmFZxcvFyRpltcZo9QwD-872FYCIyYvTOvNd5bZB4f4fl9_P7EPI_5uEcK6B5pxMPwadER1sUzXVa9TH_nGnV8rxNHiJiPy7Y9CXSFIjrkd6yYMnuLkXdcrhnv2lLr9synpS0yZIMOeaMyFSqxFGOK9WgynzP81-uWWJpCPYOPVCycms9jdLapZpcb5LJeagijq0-nk0oq-GjT2E63rsKOm-6pOuLdkZ6RGQNZTCt7IYbCIgHp6vzuzKtaGqzcCs71S4qIRQu_87u5rSVbCK01gD7NzVxwdvzUeldWuLq3tKGzq4aBdshEueRKdd_B5p&u=https%3A%2F%2Fxxxxxxxxxxxxxxxxxxxxxx.com%2TRACK%2Fexternal%2Fdownload%3Fq%3D163334d25b97aa7596a919cac654db2171f7f7c32uaWAjdhh11toDgMfv3R6dxNIxHlCu%2FB8mOMm6ZhNtXs18tC6kIjZXxlVgRhpt0%2BxGFNoaPmqBKMIJqjf8gTCjgiXqkinnC%2Bw%2B66NLt8tFVwT5NIC%2Fim0mBgqeSeeIKWjVlEAcnXxsUEUZqBHg8toDIGL6eR3CF0B9MWLgFvx4W9Tp1JXdbgP1J4pRwwoDYyQL7ou46sLfL%2FF9u3j4O%2FK98sggPpUX09wlq2neUqchFGbYtxq3Jp6JpYFV%2B5RiiwEew5oSt5Bb7DFaT8NpgPP7LnP6nAV4c7kPGemo8%2B5ojCRsjwbVcrfKJQA1RvOaf
Click-time maintains the encoding correctly up to this stage.
However, after calling this URL the Symantic redirect reverts the encoding of the entire Click-time u parameter including the parameter q in the origingal URL. This results in an invalid URL containing e.g. / in the parameter.
/TRACK/external/download?q=163334d25b97aa7596a919cac654db2171f7f7c32uaWAjdhh11toDgMfv3R6dxNIxHlCu/B8mOMm6ZhNtXs18tC6kIjZXxlVgRhpt0+xGFNoaPmqBKMIJqjf8gTCjgiXqkinnC+w+66NLt8tFVwT5NIC/im0mBgqeSeeIKWjVlEAcnXxsUEUZqBHg8toDIGL6eR3CF0B9MWLgFvx4W9Tp1JXdbgP1J4pRwwoDYyQL7ou46sLfL/F9u3j4O/K98sggPpUX09wlq2neUqchFGbYtxq3Jp6JpYFV+5RiiwEew5oSt5Bb7DFaT8NpgPP7LnP6nAV4c7kPGemo8+5ojCRsjwbVcrfKJQA1RvOaf
From my view, this should be technically avoidable from Symantec side by maintaining the encoding of the original URL parameter.
As currently all URLs are breaking, fast help would be very much appreciated.
Many thanks,
Matt
Hi,
I had Symantec Encryption Desktop on my personal laptop (windows 10), but it appears it is not sold anymore. I need to find a product for my new PC.
Specifically, I need:
Which one of your products should I buy?
Thank you
Duccio Gasparri
PS: on a side note... I've been a long term customer of PGP and later of Symantec, could you PLEASE stop changing products' names? It's not that Adobe changes the names of its producs everytime it adds a feature or changes the interface's color. Photoshop has been Photoshop since its creation. Seriously, everytime you need to buy/renew something, it's a pain.
Hello,
Reaching out for some advice on the high availability options mainly for DLP Enforce server and the database.
Has anyone got a good solution working? I've found a couple of forum posts, but nothing concrete.
Looked at VCS, although that Tech article seems to have vanished.
Dataguard doesn't appear to be supported, and we couldn't get the database to talk to the app when setup.
SRM is another option, but again there is no official support, although that's only for our Enforce server.
If anyone's got some good ideas, I'd be most appreciative.
Thanks,
Colin
Hi,
I recently installed SEP 14.0.2 on Ubuntu 16.04(4.10.0-28-generic), but when i do sudo ./sav info -a im getting malfunction in return.I did the manual compilation but the problem still persists
you find attached the errors of the manual compliation:
guest@guest-VirtualBox:~/src/ap-kernelmodule-14.0.2415-0200$ sudo ./build.sh --kernel-dir /usr/src/linux-headers-$(uname -r)
[sudo] Mot de passe de guest :
mercredi 15 novembre 2017, 13:58:54 (UTC+0000): starting to build kernel modules of SEP for Linux
Kernel release not specified. Build kernel modules for current kernel version 4.10.0-38-generic
~/src/ap-kernelmodule-14.0.2415-0200/symev ~/src/ap-kernelmodule-14.0.2415-0200
rm -f *.o *.ko *.mod.c .*.cmd modules.order Module.symvers* Module.markers Modules.symvers *.ko.unsigned Makefile.xen
rm -rf .tmp_versions* .build-*
~/src/ap-kernelmodule-14.0.2415-0200
~/src/ap-kernelmodule-14.0.2415-0200/symap ~/src/ap-kernelmodule-14.0.2415-0200
rm -f *.o *.ko *.mod.c .*.cmd modules.order Module.symvers* Module.markers Modules.symvers *.ko.unsigned Makefile.xen symap_test
rm -rf ../symev/.tmp_versions* .build-*
~/src/ap-kernelmodule-14.0.2415-0200
~/src/ap-kernelmodule-14.0.2415-0200/symev ~/src/ap-kernelmodule-14.0.2415-0200
make -C /usr/src/linux-headers-4.10.0-38-generic M=/home/guest/src/ap-kernelmodule-14.0.2415-0200/symev MODVERDIR=/home/guest/src/ap-kernelmodule-14.0.2415-0200/symev/.tmp_versions-custom-4.10.0-38-generic-x86_64 modules
make[1] : on entre dans le répertoire « /usr/src/linux-headers-4.10.0-38-generic »
CC [M] /home/guest/src/ap-kernelmodule-14.0.2415-0200/symev/symev.o
CC [M] /home/guest/src/ap-kernelmodule-14.0.2415-0200/symev/syscalls.o
/home/guest/src/ap-kernelmodule-14.0.2415-0200/symev/syscalls.c: In function ‘get_ia32_from_interrupt_table’:
/home/guest/src/ap-kernelmodule-14.0.2415-0200/symev/syscalls.c:124:20: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
ia32_sct = (void **)*(unsigned *)(p+3);
^
CC [M] /home/guest/src/ap-kernelmodule-14.0.2415-0200/symev/fileops.o
CC [M] /home/guest/src/ap-kernelmodule-14.0.2415-0200/symev/hnfs.o
CC [M] /home/guest/src/ap-kernelmodule-14.0.2415-0200/symev/utils.o
CC [M] /home/guest/src/ap-kernelmodule-14.0.2415-0200/symev/sym_procfs.o
/home/guest/src/ap-kernelmodule-14.0.2415-0200/symev/sym_procfs.c: In function ‘sym_procfs_fopread’:
/home/guest/src/ap-kernelmodule-14.0.2415-0200/symev/sym_procfs.c:112:1: warning: the frame size of 4112 bytes is larger than 1024 bytes [-Wframe-larger-than=]
}
^
AS [M] /home/guest/src/ap-kernelmodule-14.0.2415-0200/symev/sym_stub_execve.o
LD [M] /home/guest/src/ap-kernelmodule-14.0.2415-0200/symev/symev_custom_4_10_0_38_generic_x86_64.o
CC [M] /home/guest/src/ap-kernelmodule-14.0.2415-0200/symev/symevrm.o
In file included from /home/guest/src/ap-kernelmodule-14.0.2415-0200/symev/symevrm.c:19:0:
/home/guest/src/ap-kernelmodule-14.0.2415-0200/symev/symevrm.c: In function ‘symevrm_unload_module’:
./arch/x86/include/asm/uaccess.h:33:26: error: dereferencing pointer to incomplete type ‘struct task_struct’
#define get_fs() (current->thread.addr_limit)
^
/home/guest/src/ap-kernelmodule-14.0.2415-0200/symev/symevrm.c:357:8: note: in expansion of macro ‘get_fs’
fs = get_fs();
^
scripts/Makefile.build:294 : la recette pour la cible « /home/guest/src/ap-kernelmodule-14.0.2415-0200/symev/symevrm.o » a échouée
make[2]: *** [/home/guest/src/ap-kernelmodule-14.0.2415-0200/symev/symevrm.o] Erreur 1
Makefile:1524 : la recette pour la cible « _module_/home/guest/src/ap-kernelmodule-14.0.2415-0200/symev » a échouée
make[1]: *** [_module_/home/guest/src/ap-kernelmodule-14.0.2415-0200/symev] Erreur 2
make[1] : on quitte le répertoire « /usr/src/linux-headers-4.10.0-38-generic »
Makefile:312 : la recette pour la cible « custom » a échouée
make: *** [custom] Erreur 2
~/src/ap-kernelmodule-14.0.2415-0200
mercredi 15 novembre 2017, 13:59:10 (UTC+0000): Build failed
guest@guest-VirtualBox:~/src/ap-kernelmodule-14.0.2415-0200$
guest@guest-VirtualBox:~/src/ap-kernelmodule-14.0.2415-0200$
guest@guest-VirtualBox:~/src/ap-kernelmodule-14.0.2415-0200$
Please Help,
Hi,
one of our customers asked if it's possible to use SEP on a thin client running Windows embedded in the memory (without a hard disk). Is that possible?
Thanks in advance!
Hello,
Is there any configurations has to be done on the Live Update Server after upgrading all the clients to 14 ? Like add a new product or anything like that ?
Hi All
Hoping someone can help and confirm if the following is even possible using AD Groups.
What I am trying to achieve is I want to block all USB devices but then allow certain users (Not devices) to access the device but not others.
For example, my current setting in device control is.
Block all USB devices.
Allow USB Memory stick device. (Added by Device ID)
This means all users that can use this memory stick as in the allowed device list.
What I would like to do is create a policy so only User 1 can access the USB stick and no other users can unless authorised.
This is for around 50 USB sticks.
Is this possible in Symantec?
I'm an MSP and I've encountered a disturbing trend over the last couple of weeks among 4 different workstations at 4 different client sites.
Each client is running the on-premises version of Microsoft Office 2016 Home and Business with the latest patches (automatically patched by MS). When using Microsoft Outlook 2016 with the SEP add-In enabled, Outlook will abruptly crash with a generic dialog "Outlook has encountered a problem and is restarting". After some testing, it appears that this happens when entering a folder that contains a large number ( > 600) of messages, although I'm not certain that is the trigger. Two of these clients have encountered this issue while entering their Deleted Items folders, while the other two encountered this issue with their Inboxes. In all cases, we can start Outlook in Safe Mode and disable the SEP add-in, then we can access the folders that caused the crash.
All 4 workstations are running fully-patched versions of Windows 10 - 3 of the workstations are running the Anniversary Update (1609), 1 is running the Creators Update (1703).
Of the 4 workstations, 2 are running SEP 12.1.6 MP7, 1 is running SEP 12.1.6 MP8, 1 is running SEP 12.1.6 MP9. Apparently, this is an ongoing problem that the latest update has not solved.
As much as I hate to leave ANY protection disabled, it seems that disabling the SEP add-in is the ONLY way to allow these users to continue to work without issue.
I'd appreciate any feedback or suggestions.
I have encountered the following error Symantec Endpoint Protection.cloud has encountered an error: 3039,1. The screen also indicates that Norton/Symantec was not able to find an automated fox for the issue. How do I fix it so that I no longer receive this error message?
Good day,
I have a simular problem as this thread https://www.symantec.com/connect/forums/system-volume-informationefadatasymefadb-seems-block-safely-remove?ts=1510846310
My server is running on windows server 2016 and the version of the endpoint protection is 12.1.7266.6800. When I look in Process Explorer, I come across multiple things that are occupying the USB harddrive.
Now most of them are numbered but all start like this. \System Volume Information\EfaSIData\SYMEFA.DB. I've read in the link I mentioned before that there was a patch for a previous version of endpoint protection that seemed to fix his problem. Is there also a patch or steps I could take, that will fix my problem?
Kind regards
could you please have a look at our ip adress
83.64.162.51
many of our customers are not able to send mails
thanks in advance
The IP address you submitted, 83.64.162.51, does not have a negative reputation and therefore cannot be submitted for investigation ????
Is it possible to get a report showing a list of users who are allowed USB access based on device control policy in Symantec Endpoint Manager console?
Hi,
We are sending email to domains using message.labs for their email filters, and our emails are being delayed when sending to these addresses:
Our IP Address: 64.34.159.20
Error message from logs:
Nov 16 15:00:13 web02 postfix/smtp[32198]: E597E35460D0: to=<focwty@ford.com>, relay=none, delay=150, delays=0.12/0/150/0, dsn=4.4.1, status=deferred (connect to cluster4a.us.messagelabs.com[216.82.251.230]:25: Connection timed out)
Nov 16 15:08:25 web02 postfix/smtp[2366]: E597E35460D0: to=<focwty@ford.com>, relay=none, delay=642, delays=492/0.01/150/0, dsn=4.4.1, status=deferred (connect to cluster4a.us.messagelabs.com[216.82.251.230]:25: Connection timed out)
Can we be removed frrom your blocklist, as we are sending out legitamite emails to these clients, and are not on any RBLs
Thank You
Hi people
I was wondering if I could ask you guys for a small favor. Could you please check and post here how long it takes your SEP Managers to download and prepare definitions for distributions to clients.
Why? I’ve noticed that it takes my SEPM more then 70 minutes to complete the process and while doing this it becomes quite slow, with some of the operations completely blocking SEPM’s GUI (for example anything to do with policies). My SEPM is downloading content for both v12.1/v14 clients, all client types, Windows 32/64 bit platforms, all content types.
Looking more closely at the LiveUpdate Status log, the culprit seem to be “Virus and Spyware definitions SDS 14.0 RU1“, Win32/Win64. They alone take more then 60 minutes to download and prepare. I would like to mention here that this is not about the download speed, because the same is happening when I download JDB definitions and manually install them. All other definitions take couple of minutes each, max.
I’ve noticed this roughly a year ago, while still running v12.1 SEPM, but didn’t contact Symantec support about it at the time. As my SEPM’s download schedule is set to “Continuously“ I’m finding myself more and more often waiting for mentioned “freeze“ period to pass in order to do anything. So I’ve submitted support case a few days ago, but their answer (in the nutshell) was – it is normal.
So I’m asking you if you are seeing the same. How long it takes your SEPMs to process regular definition updates (providing you DL all the mentioned content/platforms)?
Thank you all in advance
Regards
Hello guys, we i have 14.0.1 SEP and SEPM.
how can i remove SEP clients via list of computers
If i have 4500 clients and i want to remove 500 above. How can i do this via SEPM
Also how can i add several computers to SEPM group via csv or txt
thank you
Hello,
I use address masquerading as a tool while I'm migrating from one email domain to an other.
This way, email send to the old domein is masqueraded to the users on the new email domain. This works like a charm but....
I want to see what email is still send to the old email addressess so I can adjust the systems that send thoose emails.
Is there a report or log that tells me from or to what addressess email is send before masquerading takes place? Or a log about the masquerading in total.
Hope that anyone can help me.
Albert
This is a long-standing issue.
I work for a Global IT company (Accenture) and have seen this issue from a couple of years now.
When I start debugging a website with Visual Studio, edpa.exe will take 100% of 1 or 2 CPU cores.
It also begins consuming memory (memory leak) and, unless I stop debugging, it will go to more than 2 GB of RAM.
It is very annoying because my laptop gets slow and blow off a lot of heat, wasting energy.
It happens with diferent versions of Windows (7, 10) and Visual Studio (2010, 2015 , etc).
Will Symantec take care of this Visual Studio incompatibilty?
FYI, I can't exclude the files/directories from security risk scanning, as recommended here, because of my company's security bureaucracy.
Thanks in advance!