Hello guys,
am writing in regards of identifying web prevent incidents, after i turn on the Https protocol i noticed that i have something like
Kerberos://Long domain/ad user name as a sender-email , and in that case DLP will not understand this as a sender's since we don't have lookup to match
this kind of paramet's key
is there any custom script or some tweak to populate the cusom user attributes?
thanks
Good day All,
Recently we have enabled IPS signature policy in SEPM in our environment. After the configuration we are receving many signature related alert.
Most of the signature were blocked by the symantec. If it is not blocked, am having two scenarios
Scenario 1:
if the remote host IP address is public and SEP doesn't blocked means we can block the external IP at perimeter level(Firewall)..
Scenario 2:
If the remote IP address is private and the alert is SMB related signatures or ransom.wannacry means we can apply the patch MS17-010. Apart from SMB related signatures. I saw many signatures configured on SEPM console.
Can someone help me to find out the patches available for the list of signatures given below.
https://www.symantec.com/security_response/attacks...
Thank in Advance
On Windows clients, is it possible to monitor and track usage of non-EXE's? I'm not finding much help in Symantec's docs.
In my case, I'm thinking particularly for a vendor-specific MMC snap-in. The snap-ins relies on the MMC.exe to run, but I want to know if <vendor>.msc is used.
thanks!
Scott
Hi all, has anyone started applying the Endpoint Protection Deception that shipped with SEPM 14? I was able to extract the 3 policies and import two into SEPM Policies --> Host Integrity --> Import a Host Integrity Policy, but when I try to import "Deception ADC Monitoring - Process Termination.dat" SEPM tells me: Failed to import the policy. Error: Invalid import file. I cant find any advice on this error. Has anybody dealt with this before?
Good afternoon,
I have a problem right now, I'll describe it to see if anyone can help because I don't want to lose the user's data.
Everything started with the PGP gray screen not showing and going to a black screen saying Initilation Loader and stays there forever, I asked the user for the password and she gave it to me but this didn't work, I don't know any other password (such as admin passphrase). I load the computer using a PGP Bootable disk and I'm working with the command prompt. But every single command that I try to use, ask for the user passphrase. All I have is the Local Self Recovery questions and answers, I can do a --recovery-verify and they work fine, but I don't know how to change the user's password using the LSR by command prompt.
Please help, I'm getting fustrated because at every try I find an error and I don't want to lose the user's data.
hi, i am setting up a brand new single tier system, we have the endpoint detection product. i can go in and create an install package but when i run the bat file it just blinks. the user is an admin running window 10 pro
i cannot find any docs to help. any ideas?
FYI
SEP 14 RU1 MP2 has been released. This version has a few bug fixes and supports Windows 10 Spring Creators Update
https://support.symantec.com/en_US/article.INFO495...
hi, i am setting up a brand new single tier system, we have the endpoint detection product. i can go in and create an install package but when i run the bat file it just blinks. the user is an admin running window 10 pro . i tried installing the agent all the way throguh manually pulling the data from the install files but it fails. ive attached a screen shot
i cannot find any docs to help. any ideas?
thanks
Having trouble creating a "Personality" package with the task. Trying to use the Template.exe to create the templete for use with the task. How do you specify that you want all domain users that have logged into the machine in the past 15 days? This is from the templete that doesn't work. Error message: The specified users cannot be found (Exit code 16)
[Users]
Users=DomainName$DomainName;
Date=1
Date Criteria=All user accounts accessed
Date Options=0;15;days
Include Disconnected User=0
I'm trying to add multiple MIME types using CPL but not sure how to write allow or deny Action. Can anybody tell me proper syntax?
Hi,
I have emails on my quarantine, for which the domain has changed. For example email was sent to jdevi@xxx.com, but domain has changed to jdevi@yyy.com. The emails are stuck in the quarantine. Is there a way within SMG to change the email address?
Also how can I export Domains list (Protocols>SMTP>Domains)?
Thanks to let me know.
I need to know if it is possible to use multiple GUPs (defined by IP and assigned by subnet) and the SEPM for definition downloads in one LiveUpdate policy.
I want all the clients in HQ download definitions from SEPM and all the branches downloading definitions from a GUP. In one LU policy.
So far, I have a test policy assigned to a test group where my workstation (in HQ) is part of. Unfortunately, I did not receive defnitions ever since I moved the client to this group.
Checked the "Use management server" in the LU policy and subsequently defined the GUPs and assigned them via subnet. Of course, the HQ subnets are not defined, as I want them to use SEPM.
Obviously, this is not how it works.
What am I missing?
Customer is considering to rellocate all clients from location A to location B. The SEPM server at location B should have new hostname and IP i believe.
Any hint or idea how this should be done?
I'm thinking to setup new SEPM at location B, and use clients communication update for all clients that coming from location A.
This should work fine right?
Hello,
a new public IP network class has been recently (Mar 2018) assigned to our company but now we are experiencing problems due to messagelabs.com filtering policy.
Our network is: 62.173.161.0/28
16 ips from 62.173.161.0 to 62.173.161.15
The error trace:
host cluster5.eu.messagelabs.com[85.158.136.83] refused to talk to me: 501 Connection rejected by policy [7.7] 3604, please visit www.messagelabs.com/support for more details about this error message.
I know that those IP could have been used in the past (not from us) for sending spam, but now they are clean.
Could you remove us from you black list or make a new evaluation to this IP group?
Please soon. Our customers start complaining about the undeliverability of their messages.
Thanks for your time and help, please let me know if you need something else.
Gabriele
Symantec™ Ghost Solution Suite 3.2 Release Update6 (RU6) is now available.
| Feature | Description |
| Added support for Operating Systems | From this release onwards, following Operating systems are supported:
Updated Linux pre-OS FRM
For more information, refer to the following article: |
| Improved performance | From this release onwards, Ghost performance is improved with removal of the default CRC check during deployment of an image. If you want to run a CRC check when you deploy an image, use the new switch –crccheck in the Distribute image task. |
Symantec™ ServiceDesk 8.1 Release Update6 (RU6) is now available.
Symantec™ ServiceDesk 8.1 RU6 Release Notes are available at the following URL:
https://support.symantec.com/en_US/article.DOC10952.html
Dear All
I would like try to access https website from Proxy by cmd "test http get (website)
but when test with http website it ok i have received respond http code 200 proxy can get website
when i have test get https website i have received respond 302 redirect it not sure this respond proxy can get https website
please recommend how can i test get https website from proxy appliance.
Thank you so much for your help.
Best Regards,
Chakuttha R.
http://www.symantec.com/docs/DOC10946
is there a way without using a gpo policy to push out the agent to my whole network, or have the dlp software do it? we have 300 clients and this would be helpful to say the least
thanks
we have several users that are not on our network at remote locations and they do not connect via any vpn to it. is there a way to have them hooked to the dlp for scans and monitoring?
thanks