A "Symantec Endpoint Protection Product Versions" report shows we have a total of 1207 computers. But, in the SEPM dashboard under "Endpoint Status" the "Total Endpoints" shows 1539. Our license is for 1500 computers and we're getting pinged that we're "overdeployed". Why the discrepancy?
We are looking to move our PGP command line from a physical server onto a VM that is hosted on VMMare Metro Clustering. Are there still licence implications if the host was to move from one ESX Host to another ? We don't want to go down route of setting affinity rules to tie to one particular ESX host.
Hello everyone,
I am facing an issue with my SEP setup that I was using since 2018 to install new clients. It was working fine since last friday, and starting saturday the same setup.exe is failing to install SEP clients.
Here is what I found in %programdata%\Symantec\setup :
3rd Party Application Removal Begin
Initializing 3-PAR verification
Initializing 3-PAR object
Initialization completed successfully
Detection process beginning
Detection process failed
3rd Party Application Removal End
Also, funny thing is that if I manually change the date on my computer and set it in january, the installation runs smoothly.
I've tried reaching out to the support with no help. Symdiag is all green except for Remote Registry Service but it is not related.
Informations on our infrastructure :
2 SEPM v14.2.1031.0100
Clients installed in same version
Does anyone have already faced this issue ?
Thanks in advance for any response,
Regards,
Axel
Hello,
I have the follow scenario (Active Inline Multi-ProxySG Capable Fail to Appliance):
LAN -> SSLv (sslv appliance inteface 5) -> ProxySG (sslv appliance interface 6) with a copy port (sslv appliance interface 7) to a Security analytics.
With this topology all mu Security Analitycs rules triggers the IP from ProxySG as Client.
Is that away to make the SSLv deliver the real IP client in this copy interface? Or use a different field on Security Analitycs to show client IP.
Thanks a lot
Here is our scenario: We have many Windows 10 laptops that very rarely see our internal company network nor do they see the internet. We have groups of these laptops that are taken to various locations throughout our region and setup on their own closed network using a router that is not connected to a WAN (no internet connectivity). This is done for the day then taken down at the end of the day. The one consistency that they have is that they all can connect to a single server that is set up on the closed network. When not in the field the servers do come back and get connected to our internal network and so they are able to keep Windows and SEP up-to-date. Though the laptops roam between which of the physical servers they are connected to, the servers will always have the same IP address on the closed network (lets use 10.1.1.2 for example). So tablets/laptops can always connect to 10.1.1.2 while on the closed network. I thought that making the servers GUPs and pointing the clients to look for a GUP at 10.1.1.2 might be a solution to how to keep their definitions up-to-date but upon further reading about GUP best practices I read this:
"If the SEP clients you need to update using a GUP are not able to connect to the HTTP port used by the SEPM for client management, consider another method of updating clients."
Unfortunately it can be many months that pass before the laptops see our internal network and this is usually a manual process when we put hands on each device and update them. Obviously with the laptops being on a closed network there isn't much of an attack vector and it would be difficult for anything to spread from them as well but ideally we would be able to keep their SEP definitions up-to-date anyway in case staff deviate from our documented policies and processes and connect them another network or plug mass storage devices into them (we do have Windows Group Policy in place but there are some known ways around and we like to try to cover all of our bases).
Does anyone have any suggestions on how we might best keep the SEP clients up-to-date in this scenario?
we have problem about failed to upload image file to Proxy. we tried to download Upgrade of the ProxySG Trust Package.
but still have error Security signature verification failed, The requested system software image may have been tampered with
after i have check from CCL we found CA Cert of Image validation Expired already
please recommend how to resolve this issue.
Thank you so much for your help.
CR
Hi everyone
I hope someone can help me with a rather puzzling issue.
We have a website, collaborative.eversheds-sutherland.com 213.212.88.203 which users can connect but experience very slow performance when navigating around the site. This only occurs when they are on the network. Performance when accessed from home or another non-network source is absolutely fine.
From what I can tell, traffic leaves our network via the firewall (bypassing the proxy). This proxy override has also been enabled on Group Policy for this website. However, the puzzling thing is that I'm still seeing active sessions for this website on the Bluecoat Proxy Gateway. I believe the traffic is coming back through the Proxy but I can't see why.
Gateway details:
ProxySG 810-10 SGOS 6.5.3.6 Proxy Edition
Is there anything I can check on the Bluecoat? Like I say connectivity is there but the website performance is very slow. When users use the developer tools in the browser to inspect the site, they commonly see the following errors:
ERR_TUNNEL_CONNECTION_FAILED
CORS Policy Error
I've looked up both of these errors and they both point to a proxy issue but I cannot work out what it could be. I've attached a screenshot which shows the active sessions currently on the BC Gateway. The Gateway IP is 10.20.48.100 but each different office has it's own BC Proxy server that does it's own web filtering. The one on screenshot is from the London office.
I'd appreciate any assistance as this is proving to be a huge issue for me.
Many thanks
B
Hi All,
Hoping someone can shed some light on what is going on with WSS .pac file and Google Chrome.
Scenario;
Pac file URL is rolled out via GPO to all corporate PC's
Created an explicit block rule on abc.net.au
Using Chrome, if you directly type abc.net.au it gets blocked, but if you google ABC or Triple J the site is displayed and does not filter through the proxy. Found that if a manual HTTP proxy to proxy.threatpulse.com:8080 is used it correctly blocks.
Testing in Firefox the website is blocked fine in all instances.
So my question, is there a setting in chrome that is preventing the correct blocking of websites when using a symantec .pac file?
Thanks all,
Dylan
Hello,
I've created a security account to try it, without any subscriptions. Now, I receive many e-mails each days.
How can I close the account so I no more receive them?
Thanks in advance for the answer
Hi,
I have an on going problem recieving emails from a client, this has really been an issue for at least 6months
Sometime they dont get there at all or sometime 1 week later.
I've done a search for my clients MX record and they are using messagelabs.com
Who can I contact for help, I tried sending an email with the ip address and bounce back details but the support email doesnt work anymore.
I can't open a ticket because I'm not a symantec client.
Thanks in advance.
This is a general question. I am trying to find information to determine TimeOfLastScan, PatternFileRevision and PatternFileDate etc settings directly in the registry for Norton AntiVirus on Windows 10.
I believe most Norton AntiVirus values should be located under HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\..., but the latest Norton AntiVirus 22.19.8.65 trial version does not appear to have the same location in the Registry?
I can only see HKEY_LOCAL_MACHINE\SOFTWARE\Norton\... and HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\.... But I cannot find these values I want to check programmatically (Time of last scan and pattern file date etc).
Have Symantec changed the design and Registry location for Norton AntiVirus at some point in the past? Or is the usual location missing because I am using the trial version?
Can someone please clarify why HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\... is no longer visible in the latest version of Norton (Symantec) AntiVirus?
Thank you.
Trevor
Hello!
We I trying integrate our ADFS farm and Symantec VIP Manager for push authenication via JavaScript integration. I am using this guide (I have done all steps from chapter 4), but when I try to put correct login and password I get the following error in log file:
06.02.2020 10:41:59 : Log File Path : C:\Program Files\Symantec\ADFS\
06.02.2020 10:41:59 : VipService Authentication URL: https://userservices-auth.vip.symantec.com/vipuserservices/AuthenticationService_1_4
06.02.2020 10:41:59 : Vip Services Timeout: 10000
06.02.2020 10:41:59 : Vip Certificate Path: C:\Program Files\Symantec\ADFS\vip_cert_12-26-2019_12-16AM.p12
06.02.2020 10:41:59 : Automatic Business Continuity: False
06.02.2020 10:41:59 : Javascript Integration : True
06.02.2020 10:41:59 : IpAddress Fetched:192.168.20.71
06.02.2020 10:41:59 : Fetched VIP service settings successfully
06.02.2020 10:42:33 : Exception while signing the username : System.ArgumentOutOfRangeException: Length cannot be less than zero.
Parameter name: length
at System.String.Substring(Int32 startIndex, Int32 length)
at SymcVIP.AuthenticationAdapterWindowsAccountName.SignUserName(String vipUser)
06.02.2020 10:42:52 : Certificate chain count: 3
06.02.2020 10:42:53 : User a.ivonin Authentication failed, Request ID: ADFS_9_9_0_192_168_20_71_34501. Invalid Security Code
06.02.2020 10:42:53 : Exception while signing the username : System.ArgumentOutOfRangeException: Length cannot be less than zero.
Parameter name: length
at System.String.Substring(Int32 startIndex, Int32 length)
at SymcVIP.AuthenticationAdapterWindowsAccountName.SignUserName(String vipUser)
But if uncheck the tick Enable VIP Java Script Integration in VIP Integration Settings - Security Code works properly.
Could anybody help me?
Please help me i cannot find any problem this is a fresh server
IP 51.38.53.28
no spam , spf + dkim , PTR
i also hire specialist IT it tolds me my server is ok
no other blacklist block me only symantec
i go again and again in this blacklist
please help
i wrote a mail to investagation no1 reply me
i am frustrated
Hi All,
We are currently running DLP 14.6 & want to upgrade to 15.0.
CURRENT SERVER CONFIGURATION:
| DLP SERVER & NAME | Drives | CPU/Cores | Memory |
| Enforce Server | C: 50GB;D:100GB | 2 | 12 |
| Network Prevent for Email-1 | C: 50GB;D:100GB | 2 | 8 |
| Network Prevent for Email-2 | C: 50GB;D:100GB | 2 | 8 |
| Network Prevent for Email-3 | C: 50GB;D:100GB | 2 | 8 |
| Network Prevent for Email | C: 100GB;E:180GB | 2 | 16 |
| Network Monitor | C: 100GB;E:180GB | 1 | 16 |
| Network Monitor | C: 100GB;E:180GB | 1 | 16 |
| Network Discover | C: 50GB;E:90GB | 2 | 8 |
| Endpoint Prevent/ Discover | C: 50GB;E:90GB | 2 | 8 |
| Network Prevent for Web | C: 50GB;D:100GB | 2 | 8 |
| Network Prevent for Email Cloud | Host |
As per best practices what can be the recommended configuration as we are running 22000 users.
Regard's
Muhammad Bilal Raza
we have problem about failed to upload image file to Proxy. we tried to download Upgrade of the ProxySG Trust Package.
but still have error Security signature verification failed, The requested system software image may have been tampered with
after i have check from CCL we found CA Cert of Image validation Expired already
please recommend how to resolve this issue.
Thank you so much for your help.
CR
Hi there
We're running SMP 8.1 RU4 and I've just had to setup a new site server for one of our sites as the old site server was on Server 2008 R2 and needed to be retired.
The new site server is on 2012 R2. Having battled at length to get get the IIS pre-reqs setup and the right .NET version installed (server kept auto updating via Windows update to 4.8), I finally got the SMP console to allow me to install the Task Service. It also has the Package Server role.
However... Although now the Task Servic is apparently installed, it's showing in the console as "Installed, inactive". I've no idea why.
Any ideas please?
This is being investigated currently. Please subscribe to this KB for updates:
https://support.symantec.com/us/en/article.TECH257...?
Friends,
Few users are complainaing about delay in validating the Tokens, through the VIP validation Server. Wanted to know how can we extarct a report to get the response time for each client the RADIUS Server is serving too.
Hello,
Looking for detailed information on how to perform a silent uninstall for Symantec VIP Access application
I've found details and command-line switches to perform a silent Install, however during a silent uninstall, I come across a yes/no message. See attached screenshot.
Any one know how to bypass this message?
Thank you.
Hi all,
I have looked but not been able to find an answer - can anyone help (pleeeeeaaase).
I need to upgrade the OS on our Service Desk server - does anyone know if I can perform an in-place upgrade from Windows Server 2008 to 2016 or will i need to build a new server?
Thanks in advance of all your help :)