I need a solution
how I migrate aur upgrade sepm from privious version to new? can automatically copied all clients after upgradation?
0
↧
Complete process of migration and upgradation of SEPM from 12.1.6 to 14.1
↧
SEP IPS log has incorrect Begin Time
I need a solution
Hello,
Can everybody give an explaination of Time Stamp, Event Type, Begin Time, End Time in SEP Attack log?
I have the issue on client side when IPS log has different timing on some SEP agents running 12.1RU6MP8. The Begin Time does not comply to Event Time in View Logs -> Security Log (NTP Attack logs).
For example, I filtered Begin Time by October then see Time Stamp or Event Time have timings from December. With my ongoing test the timing are different on some SEP agents.
That means SEPM notifies me with alert that was happend 2 months ago even the host was always online with healthy SEP agent.
| Time Stamp | Event Type | Event Time | Begin Time | End Time |
| 01.12.2017 6:27 | Intrusion Prevention | 01.12.2017 6:26 | 12.10.2017 13:21 | 12.10.2017 13:21 |
| 01.12.2017 16:40 | Intrusion Prevention | 01.12.2017 16:39 | 12.10.2017 23:34 | 12.10.2017 23:34 |
| 02.12.2017 17:46 | Intrusion Prevention | 02.12.2017 17:45 | 14.10.2017 0:40 | 14.10.2017 0:40 |
| 02.12.2017 17:46 | Intrusion Prevention | 02.12.2017 17:45 | 14.10.2017 0:40 | 14.10.2017 0:40 |
| 03.12.2017 1:12 | Intrusion Prevention | 03.12.2017 1:11 | 14.10.2017 8:06 | 14.10.2017 8:06 |
| 03.12.2017 8:01 | Intrusion Prevention | 03.12.2017 8:00 | 14.10.2017 14:55 | 14.10.2017 14:55 |
| 03.12.2017 8:01 | Intrusion Prevention | 03.12.2017 8:01 | 14.10.2017 14:56 | 14.10.2017 14:56 |
| 04.12.2017 3:46 | Intrusion Prevention | 04.12.2017 3:45 | 15.10.2017 10:40 | 15.10.2017 10:40 |
| 04.12.2017 15:08 | Intrusion Prevention | 04.12.2017 15:07 | 15.10.2017 22:02 | 15.10.2017 22:02 |
| 04.12.2017 19:58 | Intrusion Prevention | 04.12.2017 19:57 | 16.10.2017 2:52 | 16.10.2017 2:52 |
| 05.12.2017 19:27 | Intrusion Prevention | 05.12.2017 18:43 | 17.10.2017 1:38 | 17.10.2017 1:38 |
| 05.12.2017 19:27 | Intrusion Prevention | 05.12.2017 18:43 | 17.10.2017 1:38 | 17.10.2017 1:38 |
| 06.12.2017 5:19 | Intrusion Prevention | 06.12.2017 5:18 | 17.10.2017 12:13 | 17.10.2017 12:13 |
| 06.12.2017 12:18 | Intrusion Prevention | 06.12.2017 12:17 | 17.10.2017 19:12 | 17.10.2017 19:12 |
| 06.12.2017 12:18 | Intrusion Prevention | 06.12.2017 12:17 | 17.10.2017 19:12 | 17.10.2017 19:12 |
| 07.12.2017 7:18 | Intrusion Prevention | 07.12.2017 7:17 | 18.10.2017 14:12 | 18.10.2017 14:12 |
| 07.12.2017 10:44 | Intrusion Prevention | 07.12.2017 10:44 | 18.10.2017 17:38 | 18.10.2017 17:38 |
| 07.12.2017 10:44 | Intrusion Prevention | 07.12.2017 10:44 | 18.10.2017 17:38 | 18.10.2017 17:38 |
| 08.12.2017 8:47 | Intrusion Prevention | 08.12.2017 8:46 | 19.10.2017 15:41 | 19.10.2017 15:41 |
| 08.12.2017 8:47 | Intrusion Prevention | 08.12.2017 8:46 | 19.10.2017 15:41 | 19.10.2017 15:41 |
| 10.12.2017 5:09 | Intrusion Prevention | 10.12.2017 5:08 | 21.10.2017 12:03 | 21.10.2017 12:03 |
| 10.12.2017 8:02 | Intrusion Prevention | 10.12.2017 8:01 | 21.10.2017 14:55 | 21.10.2017 14:55 |
| 10.12.2017 8:02 | Intrusion Prevention | 10.12.2017 8:01 | 21.10.2017 14:56 | 21.10.2017 14:56 |
| 11.12.2017 7:46 | Intrusion Prevention | 11.12.2017 7:45 | 22.10.2017 14:39 | 22.10.2017 14:39 |
| 11.12.2017 7:46 | Intrusion Prevention | 11.12.2017 7:45 | 22.10.2017 14:40 | 22.10.2017 14:40 |
| 12.12.2017 21:20 | Intrusion Prevention | 12.12.2017 21:19 | 24.10.2017 4:13 | 24.10.2017 4:13 |
| 13.12.2017 18:10 | Intrusion Prevention | 13.12.2017 18:09 | 25.10.2017 1:04 | 25.10.2017 1:04 |
| 14.12.2017 6:13 | Intrusion Prevention | 14.12.2017 6:12 | 25.10.2017 13:06 | 25.10.2017 13:06 |
| 15.12.2017 6:52 | Intrusion Prevention | 15.12.2017 6:51 | 26.10.2017 13:45 | 26.10.2017 13:45 |
| 17.12.2017 8:01 | Intrusion Prevention | 17.12.2017 8:00 | 28.10.2017 14:55 | 28.10.2017 14:55 |
| 17.12.2017 8:02 | Intrusion Prevention | 17.12.2017 8:01 | 28.10.2017 14:55 | 28.10.2017 14:55 |
| 18.12.2017 7:49 | Intrusion Prevention | 18.12.2017 7:48 | 29.10.2017 14:43 | 29.10.2017 14:43 |
| 18.12.2017 10:47 | Intrusion Prevention | 18.12.2017 10:46 | 29.10.2017 17:40 | 29.10.2017 17:40 |
| 18.12.2017 10:47 | Intrusion Prevention | 18.12.2017 10:46 | 29.10.2017 17:40 | 29.10.2017 17:40 |
| 18.12.2017 17:29 | Intrusion Prevention | 18.12.2017 17:28 | 30.10.2017 0:22 | 30.10.2017 0:22 |
| 19.12.2017 0:34 | Intrusion Prevention | 19.12.2017 0:33 | 30.10.2017 7:28 | 30.10.2017 7:28 |
| 19.12.2017 9:20 | Intrusion Prevention | 19.12.2017 9:18 | 30.10.2017 16:13 | 30.10.2017 16:13 |
| 19.12.2017 13:35 | Intrusion Prevention | 19.12.2017 13:34 | 30.10.2017 20:28 | 30.10.2017 20:28 |
| 19.12.2017 23:11 | Intrusion Prevention | 19.12.2017 23:11 | 31.10.2017 6:05 | 31.10.2017 6:05 |
| 20.12.2017 10:48 | Intrusion Prevention | 20.12.2017 10:47 | 31.10.2017 17:41 | 31.10.2017 17:41 |
| 20.12.2017 13:07 | Intrusion Prevention | 20.12.2017 13:06 | 31.10.2017 20:00 | 31.10.2017 20:00 |
| 20.12.2017 15:23 | Intrusion Prevention | 20.12.2017 15:22 | 31.10.2017 22:16 | 31.10.2017 22:16 |
0
↧
↧
live update administrator ccs 11.5,12 product
I need a solution
hello
i have two ccs 11.5 application server in a close network
i wnat to confiugre my live update administrator server to download protuct to my version but they don't listded
i only have 11.0 and 11.1
what do u need to do in order to download via live update server the lateset ccs updates ?
shahar
0
↧
ProxySG | Please recommend to implement about access logging
I need a solution
Dear All,
My customer want to implement about access logging. they want to keep access logging only action "allow"
this requirement can do or not ?
if can please recommend to me about way to implement for this requirement from customer.
Thank you so much for kindly to help.
0
↧
Grant rights to forward a blocked email?
I need a solution
I’m hoping someone can help me. I am working with a client and a policy they have works correctly 95% of the time, but 5% of the time it generates a false positive and blocks the file from being sent. I was wondering if there is a way to grant a user the rights to inspect and forward an email?
Scenario :
- A message is sent from a user via email.
- The message is blocked by DLP.
- The user’s manager is notified of the blocked message.
- The manager inspects the message, determines it is a false positive.
- Info Sec/DLP engineers inspects the message and determines the message is a false positive.
- The manager then forwards the message to the initial mail recipient.
Is it possible to give the manager rights to forward the email? If so, how?
I’ve read about Forward Mode, but I’m not sure about it’s real world application.
0
↧
↧
Symantec ATP can prevent https traffic
I need a solution
Hi all,
I read ATP solution of Symantec and has the question:
- If I use Symantec SEP and now I will buy ATP appliance with license for Network and Endpoint. With all traffic https, how can ATP appliance see and block? I am going to deploy ATP appliance for Inline mode.
Thanks,
Peter
0
↧
DLP Licensing
I need a solution
Hello,
I am not sure how the Symatect DLP license work. So, where can I get documentation that talks about Symantec DLP?
Thanks,
Ken
0
↧
Unable to launch MS Word
I do not need a solution (just sharing information)
Suddenly SEP has decided the my Microsoft Word is a virus or something.
If I try to open a word doc or launch word directly I get a Windows 10 notification from SEP saying:
Attack: Return Oriented Programming API Invocation Detected
SEP will terminate c:\program Files....
(screenshot attched)
I tried removing SEP, cleanwipe and reinstall hoping it was just a setting.
No other users are affected. Just my workstation. Any idea what is going on?
(Word works fine with SEP uninstalled)
0
↧
14.0.1 MP1 available in file connect
I do not need a solution (just sharing information)
Release notes: https://support.symantec.com/en_US/article.DOC10734.html
Anyone have installation feedback?
0
↧
↧
Symantec Endpoint Desktop Encryption 10.3.2- Black screen with blinking cursor
I need a solution
I have Symantec Endpoint Desktop Encryption 10.3.2 on a Dell Latitude E6440 laptop running Windows 7. When the computer boots up and asks for the password to unlock the hard drive, it goes straight to a black screen with a blinking cursor and stays like that so Windows doesn't boot up for me.
Also, when I try using the recovery key to unlock I get the same screen.
And, the bypass option isn't working for me either.
The user of the laptop needs to be able to use the computer.
Some help would be extremely appreciated!!!
0
↧
DLP chnaging of Solutions Pack
I need a solution
Is it possible to Change the Solutions pack after installation? I'hv installer the General.vsp solutions pack and we want to try to change it to Retail.vsp solutions pack. Also we are using DLP 15.0.
0
↧
CAS error logs
I need a solution
Hello Gents,
I found two errors in CAS logs.
kaspersky[27241]: ERROR : Kaspersky ThreadHandler: failed to check url 2147942487(0x80070057)
kaspersky[27241]: ERROR : Kaspersky ThreadHandler: failed: 0x80070057(-2147024809)
avservice[8837]: SyslogEndpoint::Log: No thread to service messages
does anyone knows about these errors and the reason why do I receive them.
thanks in advance.
0
↧
Need help with MD5 Hash Values
I need a solution
Dear Team,
Client is providing me Hash Values to blacklist in Symantec ATP. These values are usually SHA-256 or SHA-1. I use VirusTotal to convert these values to MD5.
There are many hash values which are not showing in VirusTotal Database. Kindly suggest me a reliable online file has value converter other than VirusTotal that can be used.
Thanks in advance.
0
↧
↧
MessageLabs' Email Attachment Size Limit
I need a solution
Can someone tell me MessageLabs' email attachment size limit or the default size limit? Thanks
0
↧
Linux clients cannot get new definitions
I need a solution
Hi all,
We are using Symantec LiveUpdate Administrator as a server from which linux clients automatically get their antivirus definitions. But last few weeks they stop getting update. I've started manual update for test and i get error message: "sep::lux::Cseplux: Failed to run session, error code: 0x80010830 Live update session failed. Please enable debug logging for more information Unable to perform update".
In lux.log file i get:
[Server Selection - START]
Result Code: 0x80010830
Result Message: FAIL - failed to select server
[Server - START]
Host ID: {00E6655A-A58F-475E-9A42-B90985F04C0D}
Status Code: 1
Status Message: Server was not selected
Transport Return Code: 0x80010737
Transport Return Message: FAIL - failed to connect to server or proxy
Protocol: HTTP
Hostname: liveupdate.symantecliveupdate.com
Port: 80
Path:
Proxy ID: {00000000-0000-0000-0000-000000000000}
Proxy Bypass: false
[Server - END]
It looks like that clients are trying to update definitions from internet instead of the LUA server. How can i configure them to use LUA server?
Thanks in advance!
0
↧
Security Attention not reporting correctly on a Mac
I need a solution
Symantec Endpoint Protection Cloud on Macintosh OSX 10.12.6 reporting at risk because definitions are out of date.
I have run the fix and all definitions are up to date but I cannot get program to report it is sucure.
Dashbosrd on web says that the client is secure.
How do I fix this?
0
↧
DLP Uninstall batch script
I need a solution
Any tips how can I uninstall multiple computers to remove DLP agent installed on them? thanks.
0
↧
↧
Notification Condition - Script
I need a solution
I have an alert the will list all computers that have virus definition older than 3 days.
I notice that I can run a batch or any executable file when triggered by the notification.
Question: What do you recommend to run when it triggers? any script to update those outdated dat?
0
↧
API for DLP Servers
I need a solution
I was wondering if there is an API available where I can grab the status of servers and detectors in Symantec DLP? I'd like grab that information for a live health status dashboard that I'm developing.
0
↧
symantec encryption server storing too much mail
I do not need a solution (just sharing information)
We're recibing this alert from Symantec Encryption Server:
"We're sorry. Your message cannot be delivered to the following recipient(s) because Symantec Encryption Server is already storing too much mail for them."
0
↧