Hi
Is it possible to restrict usrs from making exceptions (files / folders) even though they are local admins on a machine and only allow a few users (AD group) to make exceptions?
ie. we dont want general public to be allowed to make exceptions only deskside team
John
This has been bothering me for a little while. When I install a client for SEP, it will show that it found the server, but it will take a while for the icon to get the green circle, and in the meantime, it will say it's malfunctioning. Eventually, it usually will, but it can be anywhere from 5 minutes to an hour (maybe more) before that happens. From the point of view of my supervisor using SEPM, everything appears to be in good working order once this happens. What bothers me is that in the debug.log, there are messages saying "ERROR cve.SignIf Verify signature failed." Running "sav manage -h" triggers more of these messages.
Ideally, I'd like to know a way to get it to a working state faster. I'd also like to know if the error I'm getting (since it seems to be somewhat connected) is due to anything I'm doing wrong or could be doing differently.
Can anyone help?
Does SEP 14 has Anti-Ransomeware Feature?
Hi there,
I need a bit of a hand from the Symantec experts. I have installed the Symantec Endpoint Protection Cloud agent on a server running Windows Server 2016. I need to remove the app, but I'm having trouble.
I have tried:
Being a server, I don't want to leave it in a half-broken state.
I've googled for further instructions, but all the manual-removal KB articles seem to relate to SEP ver 12.x - considerably earlier than the current version. The other articles I've found only reference Windows Server 2008 or 2012, or Windows 7, 8, or 10.
Can anyone give me some advice as to how best to proceed?
Thanks in advance for helping out. I appreciate it.
Cheers,
Matt
Hello,
like some others, I have a problem with messaging via messagelabs.com.
connect to cluster1.eu.messagelabs.com[193.109.254.67]:25: Connection timed out
connect to cluster2a.eu.messagelabs.com[85.158.139.103]:25: Connection timed out
connect to cluster3.eu.messagelabs.com[85.158.137.67]:25: Connection timed out
connect to cluster4a.eu.messagelabs.com[85.158.139.103]:25: Connection timed out
connect to cluster8.eu.messagelabs.com[85.158.140.211]:25: Connection timed out
Our mailserver with IP 138.201.200.181 is not on the blacklist.
What can i do to resolve this problem?
regards Ralf
Hi All,
Has there any way to filter the access log output in realtime . I checked with link https://x.x.x.x:8082/Accesslog/tail-f/main. But no option to do filter.
Thanks in Advance...
Hi ,
I recently have achieved a certification of SEP and i have changed my company and i got a new partner ID for symantec . iwant to associate my certification with newly joined company ? what do i need to do ?
After installation of the december KB4054518 (Monthly Rollup), opening office documents from a encrypted fileshare is broken.
Is there any other way on doing the policy trace.
It would be nice to have a page put in some parameters like the destination IP address / URL then run it against the policy, tool would show you the policies that it hit. Is there such a tool somewhere?
Honestly the policy trace tool is not efficient , going through the policy trace log is not that efficient as well.
Hi,
Is it possible to remotely uninstall SEP from client workstations? I have ~40 machines where I need to remove SEP however cannot find an option in the console. If not, are there any alternate solutions which would work asides from manually logging onto each machine?
Thanks in advance
We are using symantec DLO 2010 (looking into replacement) I'm replacing our nas so I need to move the storage location to the new nas.
This has been setup by my predecesor and from the console you can't configure the storage location on a nas.
I think it should be posible to change this in the sqldb itself but i'm not entirely sure how to go about it.
Is there anyone here that has experience with this and might be able to explain to me how to do this?
Best regards,
Max.
Hello,
I work at a large Dutch hospital where we are looking for an antivirus solution for our file-based storage. Using the white paper below, I installed Redhat and Symantec. The filelist is created and tries to hand it over to the Symantec ICAP. The ICAP does not respond.
https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/General%20Parallel%20File%20System%20(GPFS)/page/Antivirus
I have installed below:
Red Hat Enterprise Linux 7.3
Symantec Protection Egine for NAS 7.9.0.1
The ICAP does not answer a telnet, but with ssecls the files are scanned. Does anyone have any idea what goes wrong?
[root@sn-tst-02-01 bulkantivirus]# telnet 127.0.0.1 1344
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
OPTIONS icap://127.0.0.1:1344/reqmod ICAP/1.0
Connection closed by foreign host.
[root@sn-tst-02-01 bulkantivirus]# /opt/SYMCScan/ssecls/ssecls -server 127.0.0.1:1344 /gpfs-test/smb/test/test01/test-scan/
Virus scan process began : Thu Dec 14 14:45:05 2017
Virus scan process completed : Thu Dec 14 14:45:10 2017
Defs Version = 20171213.019
Commandline Scanner = 7.9.0.1
Total Bytes = 648891555 (Mbytes 618.8312)
Elapsed = 4.5800
Scan Rate = 135.12 (Mbytes/sec)
Files Excluded = 0
Files Scanned = 101
Directories Scanned = 1
Directories Excluded = 0
Files Skipped = 1
Files Scan Error = 0
Files Infected = 0
Data based metering parameters:
Data Scanned in bytes=-1
Total files scanned=-1
No error was found during the scanWe are having issues sending emails to customers that are using Message Labs.
[{LED=451 4.4.395 Target host responded with error. -> 421 4.4.1 Connection timed out };{FQDN=cluster1a.us.messagelabs.com};{IP=216.82.251.230};{LRT=12/11/2017 1:16:48 PM}]
We are sending emails from 198.49.0.3. We are not marked as blacklisted on any websites too.
Can somebody help with this please? Thank you!
Is there a way to exclude Heur.AdvML.A alerts completely? All files it is finding are false positives, and although we could submit those files to Symantec, or exclude them ourselves, we would be doing this for hundreds of files individually in numerous folders.
We just need to basically stop these alerts from doing anything at all until we can figure out a more permanent solution since we are getting spammed with false positive alerts.
I have an unmanaged client for SEP 14.0 MP2. I do not have the licensing information.
I get the following message repeatedly:
"[APPLICATION] has changed since the last time you used it.
Name: [APPLICATION]
Application: [FILE NAME]
Do you want to allow it access to the network?"
Where [APPLICATION] is an application on the computer and [FILE NAME] is the executable file for that application.
There is an article about this on the Symantec website but the solution is not applicable to my situation since it is an unmanaged client.
https://support.symantec.com/en_US/article.TECH123331.html
When enableing and disabling Network application monitoring, I keep getting notifications every 5-10 minutes that Symantec has blocked svchost.exe until Symantec is reinstalled.
I have seen this issue in Windows 7, 8.1, 10. 32bit and 64bit.
Hi there,
I want to know how do I configure an especific URL to be accessed while the main site or category is still blocked. Is it possible ?
Like, block https://mail.google.com but allow https://mail.google.com/item/something/default.aspx
Does anyone have any tips ?
Thank you
I have Symantec Encryption Desktop, Everytime I boot up it gives me a message saying it can not secure messages (email) and wants to know what 3 options..... DONT SECURE or SECURE and one other one...
Is there a way to TOTALLY DISABLE this even from popping up ? I DO NOT CARE or DO NOT USE PGP to secure my email and this is a BIGTIME NUISANCE....
I only use encryption desktop to encrypt a whole drive. Thats it ! thanks in advance.
Hello everyone.
We're not able to make PGPCommandline version 10.4.2 run on any Redhat or Centos server version 6 and 7.
Any ideas what could be the cause of this behavior? RPM package has installed correctly.
This version of PGPCommandLine on Windows works great.
Thanks
I just updated Firefox to the latest version (57.0.2, 64-bit). Now, whenever I open Firefox, I get a notification message that reads, "Browser Intrustion Prevention is malfunctioning. Check the System logs for details." The message also appears every time I open a new tab. I'm running SEP verison 14. I ran a Live Update and the problem still occurs.
Hi All,
I have seen some older posts stating that this isn't possible to schedule but I figure it may have changed since these were posted and it couldn't hurt to ask.
What I'm trying to accomplish is an automated version of the monitors logs that contains Computer name, IP, OS, etc. Ideally it would have all of this information but minimum I need the Computer name, IP, Virus definitions, and the group name.
I've built out a powershell script that will run NLTest against all machines in the CSV exported through monitors and create a new CSV comparing the site from NLTest to the Group name. I'd like to turn this into a scheduled task to run every night and send out a list to my teams email distribution showing what machines are outdated by 30+ days. In order to do this I need to find a way of automating the process of generating the computer status logs and exporting them as a CSV and so far I haven't seen any method of doing this in the scheduled repots section. I know it would be possible to do something similar by creating a script to pull all of our machines by from our SQl DB and then comparing the dates associated witht he virus definitions but at the moment that is well outside of my skill level. I was wondering if anyone had a method of automating this process or could point me in the right direction. If any other information is needed please let me know. Thanks.