I need a solution
Hello ,
I am looking for a script which can alert if a server is missing with SEP client installed .Could you please share your thought and can this be enabled from SEPM console .
Thanks
Sujith
0
↧
How to get an alert if a server is missing with SEP client
↧
End Of Life Support for SEP products and versions
I need a solution
Hello ,
Does any one know about End Of Life Support of following SEP products and versions
SEP 11.X
SEP 12.1.X
SEP 14.0
SEP 14.2 .0
SEP 14.2.X
Thanks
Sujith
0
↧
↧
File reader Warning for Nework prevent for web (ContentExtractorTimeoutException)
I need a solution
Hi,
I am getting this warning when i try to upload big files more than 10 mb, no issue when the size is less than 10 mb.
WARNING: [6756] Failed to get data from the client., Exception thrown from : ServerShmChannelImpl.cpp(202) FilterTextExtractor.cpp 116
13 févr. 2020 12:01:03 com.vontu.cracker.TextExtractionDelegate getTextForFile
WARNING: Error encountered during content extraction for type [doc].
com.vontu.cracker.ContentExtractorTimeoutException: TimeoutException occured
at com.vontu.cracker.jni.NativeTextExtractor.filterText(NativeTextExtractor.java:51)
at com.vontu.cracker.NativeTextExtractorAdapter.filterText(NativeTextExtractorAdapter.java:40)
at com.vontu.cracker.TextExtractionDelegate.getTextForFile(TextExtractionDelegate.java:63)
at com.vontu.messaging.chain.ComponentQueueProcessor.getTextForComponent(ComponentQueueProcessor.java:531)
at com.vontu.messaging.chain.ComponentQueueProcessor.processBinaryComponent(ComponentQueueProcessor.java:397)
at com.vontu.messaging.chain.ComponentQueueProcessor.processMessageComponents(ComponentQueueProcessor.java:125)
at com.vontu.messaging.chain.MessageContentExtractor.processMessage(MessageContentExtractor.java:184)
at com.vontu.messaging.chain.MessageContentExtractor.processMessage(MessageContentExtractor.java:165)
at com.vontu.messaging.chain.MessageChain.processMessage(MessageChain.java:194)
at com.vontu.messaging.chain.MessageChain.run(MessageChain.java:118)
at java.lang.Thread.run(Thread.java:748)
13 févr. 2020 12:01:03 com.vontu.icap.RequestProcessor handleInductorException
WARNING: On ICAP connection ID=1316 unrecoverable error: Error sending approval. Closing this connection.
and also on the web when i upload i am getting "an icap error was encountered while handling the request"
Can somebody help if they encounter this issue?
Regards
Satyajeet Anand
0
↧
SEP 14.2 RU2 - Client unable to take action on infected files
I do not need a solution (just sharing information)
Hi,
I do have a ticket raised on Symantec and i'm looking support on a current issue.
At the moment we have couple of servers with SEP 14.2 RU2, and SEP is unable to clean detected risks while doing schedule scans, however if we do run them manually the infected files are cleaned. This is some of things we already review:
- SEP Policy for schedule scans
- Permissions on the files/volumes
- Run a command line using system account
Can some aditional information being provided regards on how the schedule scans actually work? Which components of the AV are involved, etc
Thank you.
0
↧
Problème d'activation de la licence
I do not need a solution (just sharing information)
Bonjour,
J'ai installé symantec endpoint protection manager version 14, je suis toujours renvoyer vers l'emplacement où il faut introduire le ficher .slf lors de l'activation de sa licence représentéé par le numéro de série.
Je ne possède pas le fichier .slf, c'est seulement le numéro de serie.
votre aide s'il vous plaît.
0
↧
↧
Persistent Server Connections - enable or disable?
I need a solution
I am noticing in our Symantec Management Agent installation logs the following:
<event date='02/11/2020 11:59:52.0270000 -05:00' severity='4' hostName='jima' source='Agent' module='AeXNSAgent.exe' process='AeXNSAgent.exe' pid='20612' thread='22000' tickCount='8830984'>
<![CDATA[Failed to establish main persistent server connection, error: Persistent connection is disabled (0x8FA50007)]]>
</event>
<event date='02/11/2020 11:59:52.0270000 -05:00' severity='4' hostName='jima' source='Agent' module='AeXNSAgent.exe' process='AeXNSAgent.exe' pid='20612' thread='22000' tickCount='8830984'>
<![CDATA[Failed to establish persistent server connection to 'HTTP://<severname>:80/Altiris/WebSockets' using 'Matching' connection profile, error: Persistent connection is disabled (0x8FA50007)]]>
</event>
So evidently we have persistent connections disabled. Should we enable this feature? What are the pros/cons? What are the questions we should ask before turning it on? What is the downstream impact of turning it on? What might break? :)
Thanks
Jim
0
↧
Disk image create and restore issue
I need a solution
Hello, I have a Windows Server 2012 R2 server with GSS 3.3 installed. Client computer OS is Windows 10, Disk Management looks like attached image "disk_management.png". In diskpart concole the disk and partition information looks like attached image "diskpart.png"
In GSS console:
Create image job command: -CLONE,MODE=CREATE,SRC=2,DST=%IMAGE_FILENAME% -SURE -SPLIT=0 -Z3
Image location: 1:2\Images\Image.gho
Restore image command: -CLONE,MODE=RESTORE,SRC=%IMAGE_FILENAME%,DST=2 -sure
Image location: 1:2\Images\Image.gho
Questions:
1. To create image, if image location set to D:\Images\image.gho, the job seems never complete, status is keeping "Uploading disk image..." unless I delete the job manually. If image location set to 1:2\xx\xx.gho, the job completed successfully. Why this happens?
2. Restore image not work with above ghost command, the warning message is "The Drive number selected for deploying an image connot be same as the Drive number on which the image is stored." Anything wrong in the restore command? Please advise.
0
↧
UPgrading GSS 3.2RU7 to 3.3
I need a solution
I have GSS 3.2.RU7 installed as a custom setup. When i run the GSS 3.3 installer it keeps asking for my license file, as if my existing license file for 3.2RU7 is not valid,even though the console clearly shows it is. The upgrade documentation states that its possible to upgrade form 3.2RU7 to 3.3. Doesnt appear to be the case. How to i upgrade so i can support newer OS"s without a new lic file? Created a ticaket and even had a call and i have to say the 1800 number is more than lacking.
0
↧
How to resolve file reputation alerts
I need a solution
Hello ,
We get file reputation alert from couple of servers with the following information "Reputation check for unproven files failed because of network errors for the last 3 days" .Please note that those servers are hosted on Amazon Cloud and we didn't get any such alert from the servers hosted in office network .Could you please share your thoughts .
Thanks
Sujith
0
↧
↧
Autoupgrade to newest version - unprotected until restart?
I need a solution
Hi everyone,
i need an answer to an important question. I want to rollout the new version with autoupgrade but without forcing a restart.
Is the client unprotected until the restart? If so i have to force it and communicate about it.
Most employees are on the road with customers and cannot have a popup within a presentation or workshop.
I could not find the information here: https://support.symantec.com/us/en/article.howto80780.html
Best regards
Stephan
0
↧
How to get an alert if a server is missing with SEP client
I need a solution
Hello ,
I am looking for a script which can alert if a server is missing with SEP client installed .Could you please share your thought and can this be enabled from SEPM console .
Thanks
Sujith
0
↧
End Of Life Support for SEP products and versions
I need a solution
Hello ,
Does any one know about End Of Life Support of following SEP products and versions
SEP 11.X
SEP 12.1.X
SEP 14.0
SEP 14.2 .0
SEP 14.2.X
Thanks
Sujith
0
↧
Symantec IP Reputation
I do not need a solution (just sharing information)
Dear All,
Our server (5.39.76.224) has suddenly been tagged with bad reputation preventing us from connecting with several customers and therefore directly impacting our business.
After trying several times to use the Symantec IP Reputation Investigation page (https://ipremoval.sms.symantec.com/ipr/remove) without any outcome, feedback or results (is such page really doing something?) I finally decided to register and create this post and see if it is more successful.
As already reported by many other one´s in this forum, Symantec is the only entity assigning a bad reputation to our server by indicating that this host as been observed sending spam but without providing any evidences of such statement. We don´t even use mailing lists.
It is also rather confusing that we cannot even reply back to customers willing to send us their messages; in most systems this would automatically lead into a "white listing" situation.
A simple search on this subject in the Symantec forum return over 800 entries, is this not an indication that perhaps the methodology should be revisited?
I´m looking forward for your feedback and solutions.
Regards:
Eric
0
↧
↧
File reader Warning for Nework prevent for web (ContentExtractorTimeoutException)
I need a solution
Hi,
I am getting this warning when i try to upload big files more than 10 mb, no issue when the size is less than 10 mb.
WARNING: [6756] Failed to get data from the client., Exception thrown from : ServerShmChannelImpl.cpp(202) FilterTextExtractor.cpp 116
13 févr. 2020 12:01:03 com.vontu.cracker.TextExtractionDelegate getTextForFile
WARNING: Error encountered during content extraction for type [doc].
com.vontu.cracker.ContentExtractorTimeoutException: TimeoutException occured
at com.vontu.cracker.jni.NativeTextExtractor.filterText(NativeTextExtractor.java:51)
at com.vontu.cracker.NativeTextExtractorAdapter.filterText(NativeTextExtractorAdapter.java:40)
at com.vontu.cracker.TextExtractionDelegate.getTextForFile(TextExtractionDelegate.java:63)
at com.vontu.messaging.chain.ComponentQueueProcessor.getTextForComponent(ComponentQueueProcessor.java:531)
at com.vontu.messaging.chain.ComponentQueueProcessor.processBinaryComponent(ComponentQueueProcessor.java:397)
at com.vontu.messaging.chain.ComponentQueueProcessor.processMessageComponents(ComponentQueueProcessor.java:125)
at com.vontu.messaging.chain.MessageContentExtractor.processMessage(MessageContentExtractor.java:184)
at com.vontu.messaging.chain.MessageContentExtractor.processMessage(MessageContentExtractor.java:165)
at com.vontu.messaging.chain.MessageChain.processMessage(MessageChain.java:194)
at com.vontu.messaging.chain.MessageChain.run(MessageChain.java:118)
at java.lang.Thread.run(Thread.java:748)
13 févr. 2020 12:01:03 com.vontu.icap.RequestProcessor handleInductorException
WARNING: On ICAP connection ID=1316 unrecoverable error: Error sending approval. Closing this connection.
and also on the web when i upload i am getting "an icap error was encountered while handling the request"
Can somebody help if they encounter this issue?
Regards
Satyajeet Anand
0
↧
How to upgrade hardware diag ?
I need a solution
i have tried to upgrade version of hardware diag but don't have cli cmd following from guide please recommend
on my appliance don't have CLI same below when i access to conf t don't have diag upgrade path cmd
Blue Coat ASG-S400>enable
Enable Password:
Blue Coat ASG-S400#conf t
Enter configuration commands, one per line. End with CTRL-Z.
Blue Coat ASG-S400#(config)diag-upgrade-path https://internalwebserver/s400-3_1_2_1-diag.bcsi
ok
Blue Coat ASG-S400#(config)exit
Blue Coat ASG-S400#load diag-upgrade
Downloading from "https://internalwebserver/s400-3_1_2_1-diag.bcsi"
.
Installing...100%
The new diagnostic software has been successfully downloaded.
From enable mode use "restart upgrade" to install the new diagnostic software.
Blue Coat ASG-S400#restart upgrade
0
↧
EDR and blocking rules
I do not need a solution (just sharing information)
Good Morning,
Gartner in last report about EPP solution wrote about SEP:
Symantec EDR is missing advanced functions for large enterprise customers, such as case management workflow, remote shell response function (due 1Q20) and rapid pivot capabilities from one query to another. EDR does not provide blocking rules although automated actions can be scripted for specific detections. The user interface lacks guided investigation tips or contextual information, which makes it difficult to use for mainstream buyers. EDR and SEP are different management consoles.
What are these blocking rules?
Thanks.
0
↧
Client will not install when cmd line switches used
I need a solution
I have generated a new client to push manually to several systems. Our companies requirements dictate that this be a completely silent install, which with /QN should not be an issue.
We have done it plenty of times in the past. But with this newest client, no matter what command line options I use, for example, Setup.exe /qn /L*V C:\log.txt
Nothing happens. Ever. But if I just type setup.exe poof it is off and running with minimal gui. I have tried all manner of the command line switches, alone and in groups.. it never runs on any test boxes, with any of them.
What am I doing wrong?
0
↧
↧
TCP proxy with Detect protcol and SSL interception enabled: URL filtering behavior?
I do not need a solution (just sharing information)
Hi,
according to Symantec KB, a "TCP Tunnel" service with Detect protocol enabled should be equivalent to "SSL Proxy" service when encountering SSL traffic:
https://support.symantec.com/us/en/article.tech245661.html
Yet the behavior is confusing in the following scenario:
- SSL intercept on exception is enabled (the default)
- TCP Tunnel on port 443 with Detect protocol enabled
- Category "Technology/Internet" is set to Deny in web access policy (this is just an example)
- web site https://veracompadria.com is categorized as "Technology/Internet" and its IP adress has the same category, too.
When accessing the web site, the proxy manages to perform intercept on exception and return HTTP response 403 (denied) to the client, which is expected.
However, the exception template returned is not the HTML data for HTTP traffic but rather the exception text used for all protocols: "$(exception.id): $(exception.details)". This is a very basic message omitting any HTML code we usually return to the user. So, the proxy performs full interception and is able to return HTTP(S) response to the client, but it incorrectly uses the exception template for all protocols (without the html).
Furthermore, if the site above were not categorized as "Technology/Internet" for its *IP address* (but was categorized on url level), the proxy would have returned the full HTTP exception with HTML i.e. "$(exception.format)"
This is completely unexpected behavior. What should be done to get expected HTML exception for https traffic in such cases? I know that reverting to SSL Proxy instead of TCP tunnel would "solve" the problem, but that's not possible for this customer due to other apps not tolerating "SSL proxy" service only.
any insights appreciated.
Above is the expected exception with HTML, below is the unexpected exception.
0
↧
Why SPE Doesn't detect virus in Office files
I need a solution
Hi,
We as a user have a licensed version of SPE which we have installed in Windows Server 2012 Server.
We are using .Net Library of Symantec to send File for scanning. When we were testing out the solution we came to know that the Syamntec is not detecteing virus MS office files. We are using stand EICAR test files for the testing. Normal EICAR .txt files are dtected as a threat by syamntec and the ScanResult object gives out proper message.
But incase of EICAR MS Office files send to Symantec, server the responds as file not infected. The ScanResult object from Symantec says a proper connection to server is establised (ERR_CONN_SUCCESS) but just that file is not infected. The same file is flagged by my local laptop McAfee as infected.
Server Installed : Windows Server 2012
SPE Version : 8.0
In Symantec Console settings, set to scan all files & Bloodhound level is Medium
Could you please let us know what could be the possible issue over here and Could you also send out some Sample test file of all file types which can be tested.
It would be really great if you could respond ASAP, because our production deployment is waiting on this.
Thanks & Regads
Rahul S
0
↧
Symantec Endpoint Protection 14.2 RU2 MP1
I need a solution
Hello,
Following the update to Symantec Endpoint Protection 14.2 RU2 MP1 version, when I send my package in push mode on my non-administrator win 10 clients, once the client is updated, they get the window to be able to push the update or restart the set but no button is active, although it can be seen flashing.
The only way to make the window disappear is to go through windows, restart.
No worries in administrator mode!
Is this a bug?
Thanks for your feedback
0
↧