Quantcast
Channel: Symantec Connect - Products - Discussions
Viewing all 18527 articles
Browse latest View live

Unknown Cipher Number using encrypt with public key

June 18, 2018, 7:52 am
$
0
0
I need a solution

Hello!

I'm trying to encrypt using "PGP Command Line 10.4.1 build 54" and it works flawlessly but with some RSA keys, in where I get the following output:

# pgp -e test.txt -r 0xXXXXXXXX --passphrase "" -s --verbose

pgp:encrypt (3157:current local time 2018-06-14T08:50:49+02:00)

pubring.pkr:open keyrings (1006:public keyring)

secring.skr:open keyrings (1007:private keyring)

0xXXXXXXXX:encrypt (1030:key added to recipient list)

0xYYYYYYYY:encrypt (1051:default key added as signer)

test.txt:encrypt (3090:operation failed, unknown cipher number)

Looks like the public key from the other part (with which I want to encrypt) was created with Kleopatra but this shoudn't be an issue as I have other colleagues that use too that software.

How could I check what's wrong?

Thanks.

0
Search

Need SQL Query

June 18, 2018, 8:17 am
$
0
0
I need a solution

Hi, i'm searching for a SQL query which shows me the same result as in Computer Status Report in SEEM.

I've tried to search in table dbo.computers but unfortunaltely i don't know how to select "Display only computers with SEEM Agent"

Can anyone help me?

0

Attack: Ransom.Gen Activity 22

June 18, 2018, 10:06 am
$
0
0
I need a solution

Hi there, I'm receiving this alert al least 40 times in a week (week-ends the most) It seems that is an internal issue as I'm behind a firewall and both, the attacker and the target are part of the network. I really appreciate comments and support. 

 

Luis

 

A high-risk intrusion was detected on PC within group Default Group on 6/18/2018 11:44:59 AM.
IPS Alert Name
Attack: Ransom.Gen Activity 20
Status
Blocked
Attack Signature
N/A
Targeted Application
N/A
Targeted IP
192.168.1.2
Targeted Port Number
445
Targeted Host Name
SERVER
0

Upgrade to 14.2

June 18, 2018, 11:18 am
$
0
0
I need a solution

I am running Windows 10 Pro, 64-bit OS, Version 1803 (OS build 17134.112) with SEP client 14.0.3929.1200. 

The operating system has all current MS patches applied.

Yesterday, I downloaded Sep64_To_758_EN.zip and extracted the correct executable to upgrade my client.

The client was not upgraded.

I checked the installation files and discovered that the assumed language for the upgrade was Korean!

Perhaps the reason for the failure to upgrade was due to the presumed language (Korean) being inconsistent with my system (US English).

Someone should check to assure that the proper language version is associated with the upgrade file names.

0

Does using recover /d modify drive data in any way?

June 18, 2018, 11:46 am
$
0
0
I need a solution

I needed to clone several end user workstations (Windows 7 x64 Pro) running SEE 8.2.1 Full Disk. I used a SEE Recovery USB and recover /d to decrypt the drive first and then cloned the disk via Ghost to another disk.

Does decrypting the drive first change or modify any of the metadata related to the files stored on the drive?

0

Upgrade to SEP Manager 14.2 loses policies

June 18, 2018, 2:51 pm
$
0
0
I need a solution

Hi,

Over the weekend, I upgraded our SEPM from 14.0 RU1 MP2 to SEPM 14.2.  Our server is a Hyper-V VM running W 2008R2. I noticed after the successful upgrade, some policies disappeared from our main group.  This group uses customized non-shared policies. After the upgrade the non-shared policies Firewall, Intrusion Prevention, Application and Device Control, Memory Exploit Mitigation, and Exceptions were gone from the group.  Any groups with shared policies were unaffected.  I also noticed some the locked settings in the remaining policies were now unlocked.  I created a checkpoint of the VM before the upgrade and was able to roll back to 14.0 RU1 MP2.  I tried the upgrade multiple times with same results each time.

I looks like I will have to create new policies to replace the ones that disappeared.  I validated the built-in db after the update and it passed validation.  I have never seen this before after dozens of upgrades over the years.  Can anyone offer an explanation?

Thanks,

CQ

0

What does the value of the X-bluecoat-via header represent

June 18, 2018, 4:08 pm
$
0
0
I need a solution

Hi;

How is that value calcualted and what does it represent.

Kindly

Wasfi

0

Check for SEP 14, macOS Virus Def Status via CLI?

June 18, 2018, 8:28 am
$
0
0
I need a solution

Hello!

We manage our Macs with the JAMF Casper Suite. Currently, we have some systems which are not updating their virus definitions. I was wondering if there is a definitive key, plist value, attribute, log string or some other data I can access, via command line, which would allow me to build smart computer group criteria in the JAMf server. This would allow us to identify all systems whose virus defs are not up to date which in turn would allow us to take remedial action through either self service or by launching Live Update remotely.

Thank you in advance for any assistance anyone may be able to provide.

0
Search

Using HIDS

June 18, 2018, 4:27 pm
$
0
0
I need a solution

Hey guys,

In the middle of managing a fairly big rollut and upgrade of DCSSA where there are a number of administrators and people who prefer to use the commands to put DCS in to a buikltin mode instead of tuning or using the override.exe tool.

Is there a way to create a detection event to track who runs sisipsconfig -r ? Looking to create an event which can report the usr name that has run the command.

0

Can the CAS be integrated with Fortinet sandboxing

June 18, 2018, 6:54 pm
$
0
0
I need a solution

Hi;

It is Fort sandbox 2000E one of the sandboxing appliances that can be integrated with a CAS for sandboxing like Fireeye for instance?

Kindly

Wasfi

0

Port requirement for AD

June 19, 2018, 12:17 am
$
0
0
I need a solution

Hi,

I have One Management Port, One Ingress port and One Egress Port and One ICAP port.

If i want to do AD intergation which port i need to use.

0

Redirection of url in Proxy SG

June 19, 2018, 2:35 am

Whitelisting Preventing OS Boot

June 18, 2018, 7:43 pm
$
0
0
I do not need a solution (just sharing information)

Hi There,

Please excuse me if this is posted in the wrong area, I found it difficult navigating these forums.

I am looking to get some assistance with SEP whitelisting.  Our SEP administrator is on leave for 2 weeks unexpectantly and issues are now coming to me.  I have basic knowledge of SEP so please excuse me if the terms I am using are not technically correct.

We have whitelisting enforced across our organistation on Windows 10.  We have a user who has come back from 2 months annual leave with her machine being offline during that period.  She has logged in this morning and SEP was blocking application execution on many Office products.  She restarted her machine and now Windows will not boot.  I have seen this before, SEP appears to block Windows from loading as the logs are full of entries relating to the OS.

I have placed the machine in "Audit Mode" and connected the machine to the LAN.  However, the machine will still not boot and it's still blocking Windows from booting (checked SEP application logs).  It appears that the client policy is not updating.  Usually we would right click on the system tray icon and "Update Policy", however I obviously cannot get into Windows.

Is there anyway to force the client to update it's policy remotely?  The machine is showing online in SEP and has been in Audit mode for more than 1 hour.

Thanks for your help,

0

how to configure redirection of a url

June 18, 2018, 11:53 pm
$
0
0
I need a solution

Hi,

how do i configure a redirection from one url to another on the proxysg

eg. abc.com redirects to xyz.com

thanks

0

SPF failures when host name starts mail2.*.messagelabs.com

June 19, 2018, 1:54 am
$
0
0
I need a solution

Hi,

I have implemented SPF as per the symantec guidance but get failures when the host is mail2.bemta26.messagelabs.com or any others that start with mail2 (mail2.*.messagelabs.com). When the host starts with mail1 I have no issues.

SPF record

v=spf1 a:cluster1.uk.messagelabs.com include:spf.messagelabs.com a:cluster1a.uk.messagelabs.com  ~all

0
Search

Ubuntu 4.13.0.45 Autoprotect malfunction

June 19, 2018, 2:34 am
$
0
0
I need a solution

Dear all,

I am trying to install SEP 14.2 on Linux Mint 18.3.

During installation process I do get the following error:

"symevrm: unable to load kernel support module (UNSUPPORTED-OS--UNK-UNK-4.13.0-45-generic-)"

Any idea in which release this kernel will be supported? Or any workaround?

I am using latest release of SEP 14.2.758.0000

Thanks,

Thorsten

0

SSL Interception for One Domain and Allow the url

June 19, 2018, 4:19 am
$
0
0
I need a solution

Hi,

It is possible to enable SSL for one domain. Also we need to ALLOW the whole url path for that domain.

Will it work.

0
1529408176

reporter display wrongly for the URL Mtalk.google.com as allowed when user blocked the website

June 19, 2018, 4:24 am
$
0
0
I need a solution

Hi,

When client trying to pull the reports for the website "Mtalk.google.com" from bluecoat reporter 9.x,  we could see verdict  both as allowed and denied. Where user are already blocked Mtalk.google.com, reporter show few requests are allowed. 

<Proxy>

                url.domain="mtalk.google.com" force_exception(user-defined.DenyContent)  

                url.domain="hangouts.google.co.uk" force_exception(user-defined.DenyContent)        

                url.domain="hangouts.google.com" force_exception(user-defined.DenyContent)         

                url.domain="mtalk.google.co.uk" force_exception(user-defined.DenyContent)            

The website is "not categorized" as none (or) no sub URL known issue which matching the current issues.

When we check on proxy SG access logs for one user as example all request are been blocked, but from reporter for the same user it showing allowed request.

Is ther any bug or known issue while pulling reports for the single website?

And also let me know any another way to pull the single website report for allowed/blcoked report?

0

Internet cannot access intermediately

June 19, 2018, 5:19 am
$
0
0
I need a solution

Hi Guys ,

                        We have some of our proxy clients can't access internet intermediately after upgrade from Windows 7 to Windows 10. Any compatibility issues among Bluecoat IWA with Windows 10 PCs.

Error is showing   Bluecoat return Access Denied (policy_denied)

 Around 40 PCs upgrade from Windows 7 to Windows 10 start from End May 2018. The access denied error happen intermittently in the morning when users come back office and turn on PC to start internet browsing.
 

This is the logs

2018-06-19 08:54:25+08:00CST  "Authentication failed from 192.168.47.135: user 'lcsfntdomain1\dyau' (realm BlueCoat_IWA)"  0 250017:96  authutility.cpp:113
2018-06-19 08:54:29+08:00CST  "Authentication failed from 192.168.121.114: user 'WTID058\' (realm BlueCoat_IWA)"  0 250017:96  authutility.cpp:113
2018-06-19 08:54:36+08:00CST  "Authentication failed from 192.168.121.146: user 'WTID069\' (realm BlueCoat_IWA)"  0 250017:96  authutility.cpp:113
2018-06-19 08:54:54+08:00CST  "Authentication failed from 192.168.126.184: user 'WAHR001\' (realm BlueCoat_IWA)"  0 250017:96  authutility.cpp:113
2018-06-19 08:55:31+08:00CST  "Authentication failed from 192.168.2.115: user 'WCPD010\' (realm BlueCoat_IWA)"  0 250017:96  authutility.cpp:113
2018-06-19 08:55:42+08:00CST  "Authentication failed from 192.168.6.121: user 'WADM012\' (realm BlueCoat_IWA)"  0 250017:96  authutility.cpp:113
2018-06-19 08:55:45+08:00CST  "Authentication failed from 192.168.120.108: user 'WTID096\' (realm BlueCoat_IWA)"  0 250017:96  authutility.cpp:113
2018-06-19 08:55:53+08:00CST  "Authentication failed from 192.168.10.112: user 'WLSD025\' (realm BlueCoat_IWA)"  0 250017:96  authutility.cpp:113
2018-06-19 08:55:58+08:00CST  "Authentication failed from 192.168.24.102: user 'WASU001\' (realm BlueCoat_IWA)"  0 250017:96  authutility.cpp:113
2018-06-19 08:56:13+08:00CST  "Authentication failed from 192.168.10.127: user 'WCB1037\' (realm BlueCoat_IWA)"  0 250017:96  authutility.cpp:113
2018-06-19 08:56:22+08:00CST  "Authentication failed from 192.168.8.156: user 'WCB1024\' (realm BlueCoat_IWA)"  0 250017:96  authutility.cpp:113
2018-06-19 08:56:26+08:00CST  "Authentication failed from 192.168.47.188: user 'WMEM033\' (realm BlueCoat_IWA)"  0 250017:96  authutility.cpp:113
2018-06-19 08:56:34+08:00CST  "Authentication failed from 192.168.6.125: user 'WCB3A31\' (realm BlueCoat_IWA)"  0 250017:96  authutility.cpp:113
2018-06-19 08:56:36+08:00CST  "Authentication failed from 192.168.121.80: user 'WRSD015\' (realm BlueCoat_IWA)"  0 250017:96  authutility.cpp:113
2018-06-19 08:57:05+08:00CST  "Authentication failed from 192.168.6.165: user 'WADM015\' (realm BlueCoat_IWA)"  0 250017:96  authutility.cpp:113
2018-06-19 08:57:06+08:00CST  "Authentication failed from 192.168.50.126: user 'WPID026\' (realm BlueCoat_IWA)"  0 250017:96  authutility.cpp:113
2018-06-19 08:57:32+08:00CST  "Authentication failed from 192.168.12.120: user 'WAIT009\' (realm BlueCoat_IWA)"  0 250017:96  authutility.cpp:113

I have attached sysinfo and eventlogs

Model:                       BlueCoat ProxySG S200-40

Software version:         SGOS 6.6.4.2 Proxy Edition

0

Boot Disk Ghost64.exe question

June 19, 2018, 6:10 am
$
0
0
I need a solution

I've been manually creating fresh WinPE boot disks for years, copying the full "\ghost" directory from boot disks originally made with Ghost Solutions Suite and just dropping a small batch file to run the application as WinPE loads.  It works flawlessly and allows us to import dozens of Dell WinPE drivers from their .cab files in a single DISM command; we used to do this with GSS, but adding individual network and storage drivers to the boot disks via the Bootwiz application was always too tedious.

My question is this: within the \ghost directory there are many executables, .dll files, and scripts (like gdisk, ghconfig, etc. etc.), but are they necessary for Ghost64.exe to function, or is that single executable the only one I need to incorporate into my boot disk?   NOTE: These disks are NOT for booting to automation, or any other complex task; they are SOLELY used to manually image machines 1:1 from external hard drives or to manually boot and join them to a GhostCast Server session running a local technician's console, typically with a private network switch for small multicast jobs.  I've built a WinPE 10 boot disk using only the Ghost64.exe application and it appears to be working just fine - I just want to make sure there isn't some hidden catch I'm not aware of.

Many thanks!

0
Viewing all 18527 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>