Quantcast
Channel: Symantec Connect - Products - Discussions
Viewing all 6827 articles
Browse latest View live

Microsoft Outlook Auto-Protect: Is it worthwhile?

January 5, 2017, 10:55 am
$
0
0
I need a solution

I'm trying to figure out if the outlook protection function under virus protection policy->email scans is worth using.  Here’s all I see in manual regarding the outlook add-in. Downloads incoming Microsoft Outlook email attachments and scans for viruses and security risks when the user reads the message and opens the attachment. Based on this definition this seems to duplicate the file system AV functionality but it will catch a malicious file before the user opens it.  So it is worth it?

We tested it and had some compatibility issues with users who like to modify message subject lines in shared/group mailboxes and have disabled this feature.

Comments?  Thanks.  Paul

0

Search

SEP Found trojan on it own folder

January 5, 2017, 7:36 pm
$
0
0
I need a solution

Hi Guys,

Just purchased SEP and configured the policy. While testing on my PC, i found very weird notification from SEP. It found trojan on it's own folder.

Below are the copy paste from the pop up that i'm getting.

----

Scan type: Auto-Protect Scan

Event: Risk Found!

Security risk detected: Trojan Horse

File: C:\ProgramData\Symantec\DefWatch.DWH\dwh3545.exe

Location: C:\ProgramData\Symantec\DefWatch.DWH

----

hope someone can help me to ensure that it's not actually a trojan and a way to resolve it. i do not want to exclude any folder as a solution.

thank you

Z

0
1483676818

User Policy based on Active Directory

January 5, 2017, 8:34 pm
$
0
0
I need a solution

Hi there,

I have a unique (maybe not) requirement for my users.
i'm blocking most of USB drive from the client PC however, some PC will be shared with some people which are allowed to use USB drive. 

i'm thinking to create a group of users which allowed to use USB drive and link it with SEP. Can it be done?. Or anyone can suggestion another solution.

thank you

Z

0

Email Notifications

January 6, 2017, 2:16 am
$
0
0
I need a solution

So I had an issue the other day,

Some bright spark thought it would be fun to install McAfee VirusScan (with Agent) on my SEPM server.

I've managed to get McAfee removed and the Symantec client reinstalled but I think since then, it has stopped emailing alert notifications.

The test email works fine but I've not had any alerts, I've been using an EICAR file on the SEPM server and it is displaying the pop-up alert and it is being logged in the SEPM but I don't get an alert email.

I assumed that the SEPM would see EICAR as a Risk Event and trigger the Single Risk Event condition.

Is that wrong?

0

use device ids query

January 7, 2017, 3:24 am
$
0
0
I need a solution

HI

We enable the only device ids which we use and rest everything is disabeled. But at times the devices never work!

Does the device id for a device remain the same or can it change? I see it changing at times!

Does the device id change from pc to pc?

At times for USB Internet Dongles, there are upto 4 device ids from different areas like: CDROM, STORAGE, MODEM. Do i have to enable all of them?

We use deviewer to note the device id before enabling it in the policy.

Our hardware list of device IDs is now huuuuuuge. And there is no way to export it and is a nightmare!

How do you deal with device IDs in your environment?

Thanks

0

Lan Enforcer not connected to Policy Manager & reflected Offline at SEPM

January 8, 2017, 7:13 pm
$
0
0
I need a solution

Hi All,

    I am cuurrently runnning SEPM v12.1.4 and my Lan Enforcer is also on v12.1.4 .

    I need to change Policy Manager IP from the original SEPM to another SEPM of Servers. When i run configure spm ip <ipaddress> group <group> HTTPS <port:8014> keyhash <kcs>, then reboot my Enforcer and see  it's coming from my SEPM on Servers tab after, and after that i run "show status" command, it reflected

Policy Manager Connected : NO

Enforcer Status :Online

    Although the Enforcer appeared on my SEPM's Servers tab, it reflected "Offline".

    On the Enforcer CLI I entered "capture start",I didn't see any response from the SEPM.

    Both my Lan Enforcer and SEPM are able to ping each other, and I have tried reboting my Lan Enforcer. Seems like their's status still the same.

Please help!

Thanks!

0

Unable to start SEPM service

January 9, 2017, 1:28 am
$
0
0
I need a solution

Hi All,

We are using SEPM 12.1 RU6 MP5 on Windows Server 2008 R2. Till today it was working fine but all of sudden SEPm service got stopped and received below message in Event Viewer.

The Apache service named  reported the following error:
>>> AH00558: httpd.exe: Could not reliably determine the server's fully qualified domain name, using xx.xx.xx.xx. Set the 'ServerName' directive globally to suppress this message.
Source: Apache Service
Envent ID: 3299

The SEPM service is getting stopped automatically even if I restart it.

0

SEPM sur serveur Sharepoint/RDS

January 9, 2017, 2:08 am
$
0
0
I need a solution

Bonjour,

J'ai actuellement un vieux serveur W2003 pour faire tourner SEPM 12.1 RU5. Je souhaite migrer vers SEPM 14, je dois donc changer de serveur. J'ai un autre serveur W2008R2 qui est utilisé comme RDS et également comme serveur Sharepoint. J'ai de la RAM disponible (50%), le processeur n'est pas trop sollicité et j'ai 400 Go d'espace disponibles. Puis-je installer SEPM sur ce serveur sans risquer un problème avec mon Sharepoint et RDS ? Merci beaucoup. Aymeric

0
Search

Component is malfunctioning/disabled

January 9, 2017, 3:54 am
$
0
0
I need a solution

Having an issue on workstation farm whereby PC/Laptop are showing as component is malfunctioning /disabled.

Security Team has advised that in these type of issues, same need to be cleanwiped and SEP12.1.6  package re-installed. However, this is very time consuming as there are a lot of workstation with Win7/8/10 having this issue.

Is there any way to address this issue in a simpler  even if it is from SEPM ?

Many Thanks

0

Domain computers showing up in default group

January 9, 2017, 1:22 pm
$
0
0
I need a solution

I have AD sync turned on, and for the most part its working just fine.

However, I have about 25+ computers that are on the domain (Windows computers) that are showing up in Default Group and I cannot move them to the correct AD group because you can't move to AD groups.

0
1483999330

Application & Device Control - Blocking Apps Running From Smartphone Storage

January 9, 2017, 3:09 pm
$
0
0
I need a solution

I'm trying to block apps from running on removable drives. I've got it working for USB drives, but can't get it working for smartphones.

Using the default application control rule set, I can block USB drives by matching USBSTOR\* The default rule of USBSTOR* doesn't work by the way. You have to put the \ before the wildcard *

USBstor.JPG

But when I try something similar for smartphones it doesn't work. I've tried using wildcards at various positions in the id string, and even using the dev id specific to the phone I'm testing with as reported in DevViewer doesn't work.

USBVID.JPG

Does anyone have any tips or ideas as to how I can block apps from running from smartphone storage?

0

SEP scan took unreasonably long time, stuck at some simple files

January 9, 2017, 7:01 pm
$
0
0
I need a solution

This problem occcurred on many of our servers of Windows 2012 or 2012R2.

The installed SEP versions are 12.1.6 or 12.1.7.

A full scan can take 2 to 3 days while it only took at most 10 hours with older versions of SEP.

And from the scan progress, we usually see the scan stuck at scanning some very simple files. It can stuck for 1 or 2 hours on 1 single file. Below screenshot is one of the examples. It's stuck at a shortcut .lnk file for 30 minutes already.

Is this a bug? Or what's SEP doing? Is it trying to do some cloud thing? e.g. Upload/download files through Internet and got jammed by bad Internet traffic?

SEP.jpg

0

Upgrade Process of SEPM

January 9, 2017, 10:05 pm
$
0
0
I need a solution

I need to upgrade my SEPM server from SEPM 12.1.6 (12.1 RU6 MR4) SEPM 14. Please tell me the proper upgradation prcess without any data loss.

OS: Windows Server 2008 R2 Enterprise

0

Upgrade Process of SEPM 14

January 9, 2017, 10:09 pm
$
0
0
I need a solution

I need to upgrade my SEPM server from SEPM 12.1.6 (12.1 RU6 MR4) to SEPM 14. Please tell me the proper upgradation prcess without any data loss.

0

BSOD on win 7 64bit after upgrading to SEP v14

January 9, 2017, 5:37 pm
$
0
0
I need a solution

Hi All

I posted last year regarding an issue we got on our win 7 64bit computers after upgrading from SEP v12 to v14 in that whenever we run our corporate software the computer would crash with a BSOD (mup). Our windows 7 32 bit, windows 8 64bit and windows 10 64bit computers run fine.

I opened a case with Symantec and got this today:

We have found that Microsoft has released a hotfix for Windows 7, that appears to be related to the BSOD issues we have been seeing with customers upgrading to SEP 14. The hotfix can be found here:  https://support.microsoft.com/en-us/kb/3015999

They said that they had had positive results with other customers but unfortunately our windows 7 64 bit computers still get BSOD, has anyone else tried this fix?

Cheers

0
Search

Unable to install SEP on a Server

January 10, 2017, 1:32 am
$
0
0
I need a solution

Hi,

I am trying to install SEP on a server,

SEP version: 12.1.RU6 MP5 (tried installating MP6 and still the same issue)

Type of installer: 1. Exported from SEPM, 2.Downloaded Unmanaged client from file connect

Features set: Basic Protection for servers, also, tried to install just the core files

OS: Windows Server 2008 R2 Standard (x64) with Sp1

Installation fails with the below error,

Capture.JPG

Is it some kind of permission issue ? I need your help to figure it out.

Because when I asked our Wintel team, they said that the account I use to install is a part of Administrators and Domain administrators and has enough permissions on that server.

I have attach the recent SEP_INST log. Unfortunately SIS_INST is not getting generated.

The server does not have SEP now but the it had RU3 some months back and it was uninstalled a while ago.

Tried running cleanwipe twice, Still no luck..

0

SEP 14 - RDP Access is Denied

January 10, 2017, 6:10 am
$
0
0
I need a solution

Need some help. Whenever I go to use RDP to a server, I have no issue what so ever connecting. Once the connection starts to load my desktop, I get "Access is Denied" for all users. If I disable Symantec, no one has any issues. All necessary users have permissions to remote in. I have made sure that 3389 is open on the firewall (even though we are making it past that point).

0

Notification Granularity - [Device Control]

January 10, 2017, 7:58 am
$
0
0
I need a solution

Good Morning,

        We are using Device Control policies to block USB Devices such as Mass Storage Devices and we have exclusions setup for Keyboard and Mice devices and other things that would show up as a usb device that are necessary for staff to get their job done. Staff members know that there is a policy against USB Devices such as Mass Storage Devices and so we also have notifications setup to email us whenever a usb device is plugged in to a computer so that we can contact that person to see what it is they are trying to accomplish.

The problem we are running into is that I can't seem to find a way to make it where just notifications for mass storage devices come through, instead we are getting notifications for anything that is trying to be blocked even things that are in the exclusion list.  Below are a couple examples.

Device control disabled deviceDefault
My Company\Desktop and Laptop Machines		XXXXXXXXXXXXWindows 7 Professional EditionDevice Manager Message Disabled the device. [name]:USB Optical Mouse [class]:Other devices [guid]:4d36e97e-e325-11ce-bfc1-08002be10318 [deviceID]:USB\VID_0461&PID_4E22\6&2B2F421&0&1
Device control disabled deviceDefault
My Company\Desktop and Laptop Machines		XXXXXXXXXXXXWindows 7 Professional EditionDevice Manager Message Disabled the device. [name]:Dell USB Entry Keyboard [class]:Other devices [guid]:4d36e97e-e325-11ce-bfc1-08002be10318 [deviceID]:USB\VID_413C&PID_2107\6&2B2F421&0&2

In the above examples you scan see that the Event Types "Device control disabled device" was logged and an email was sent out with this information.  In reality though these devices were in the exclusion list and were never actually blocked.  

Why do you think it was logged as such with the notification having been sent to me? 

0

Last scan date as old as 12/25/16

January 10, 2017, 8:45 am
$
0
0
I need a solution

i have been noticing more and more that a large group of our servers with the version 14 client are showing a last scan date voer a week old.  we have daily active scans that do essentially a quickscan and a weekly scan that does a full scan. the reason these are showing an outdated last scan date is because they are still running a scan.  what can i look at to determind why the client still feels it needs to be running a scan.

thanks

Ian

0

Sep 12 client turned itself off on a win 7 machine

January 10, 2017, 12:19 pm
$
0
0
I need a solution

someone in our call center stated that their AV client was showing as off in the Action center in windows.

in the action center under security, SEP was shoing as OFF for spyware and unwanted software procteciton and un virus protection.  see the screen shot.

my co-worker went to the machine and tried to open the sep client from the tray icon in the notification area, and it would not open the client.

his inly way to make it work again was to restart the client machine.

he also noticed that in the AV console, the client was showing as offline.

i have looked at the logs on the av console and windows logs on the machine (using a third party log server called splunk)

i can not find anything about the status of the av client from this machine. 

any suggestions on what else i can look at?

To my knowledge, this has happened only on other time. i did not look into when it previously occured so i can not tell you any specifics about that case.

thanks. let me know if you need any further informaiton.

Ian

0

Viewing all 6827 articles
Browse latest View live
Search