Hi,
One of our client has SEP 12.1 running in their environment. All the SEP clients clients are password protected as well for uninstallation. Is there any script that we can use to uninstall the some dozens of password protected SEP clients?
Thanks.
(Agenda coming in early 2017.)
Hi I would ask about specific issue.This link is for update SEP
liveupdate.symantecliveupdate.com
I don't like when Symantec antivirus a lot time conect and update.
microdefsb.curdefs_symalllanguages_livetri.zip
Then I block this connection in hosts file .But for my concern was when SEP remove this line from Hosts file.
Behavior
SecurityRisk.URLRedir is a detection for suspicious entries added to the hosts file.
Why SEP is doing this .How I can stop connection on website.
liveupdate.symantecliveupdate.com
We have a patch management server that runs a daily discovery service at 8 a.m., and Symantec sees that as a port scan attack. I have put that IP into the exceptions list, but it appears those client machines still see it as an attack. Is there any way to prevent this besides killing the discovery service?
Hello there. Emails from our domain have recently been being blocked by many of our clients. The domain is cmginc.com and filter/block message is below:
The error that the other server returned was:
553-Message filtered. Refer to the Troubleshooting page at
553-http://www.symanteccloud.com/troubleshooting for more
553 information. (#5.7.1)
Does anyone know the commaind line option to turn it on?
Hi, could someone tell me if there's some sort of formula one can use to determine what number one should enter in the Client Log Settings screen to be 100% guaranteed that System Log, Security and Risk Logs, Traffic Log, Packet Log and Control Log are retained for 365 days?
The current o-o-b setting of 512 kb has been determined by our Auditors that a log of this size is way too small to retain the full 365 days worth of log data. We set it to 1024KB but can't guarantee that we will be able to retain a full year's data.
If we can't come up with a way that this is determined other than just putting in some arbitrary number, we will fail our PCI Compliance Audit.
I looked in the documentation for something that explains the foruma but couldn't find anything.
Thank you.
HI All,
I am try to monitor file or data which get upload through https://drive.google.com/drive/my-drive.but failed to achive it.
I have installed symanted endpoint dlp on client machine and for that i have enable agent configuration chanel like https for all browser but still facing same issue.
Also try Message Attachment or File Type Match ,Idm , dcm policy , endpoint protocol monitor.
Response rule tried Block Web Communication ,
Hi DLP 14.5 installed as Single Tier configuration with inline SMTP monitor and REFLECT configured.
EU_UK Solutions pack installed National Insurance number (wide detection) configured and added to Test_Group Policy (and active)
MTA configured to send all emails to Network Prevent server and listening on 10026 for returned email.
When I send an email that should violate the policy, the following appears in the SMTP logs on the Network Prevent Server. 08/Oct/16:22:08:29:275+0100 [INFO] (SMTP_CONNECTION.1201) Connection accepted (tid=31 cid=be00639d-b034-4a2d-be22-8f1e13824d9d local=y.y.y.y:10025 remote=x.x.x.x:49552)
08/Oct/16:22:08:29:278+0100 [INFO] (SMTP_CONNECTION.1203) Forward connection established (tid=31 cid=23b83abc-f970-4982-b8a7-92e7f7e41285 local=y.y.y.y:3605 remote=x.x.x.x:10026)
08/Oct/16:22:08:29:281+0100 [INFO] (SMTP_CONNECTION.1204) Forward connection closed (tid=31 cid=23b83abc-f970-4982-b8a7-92e7f7e41285 local=y.y.y.y:3605 remote=x.x.x.x:10026)
08/Oct/16:22:08:29:282+0100 [INFO] (SMTP_CONNECTION.1205) Service connection closed (tid=31 cid=be00639d-b034-4a2d-be22-8f1e13824d9d local=y.y.y.y:10025 remote=x.x.x.x:49552 messages=0 time=0.01s)
So it seems to at least be accepting and reflecting the emails, however I get no incidents generated. I guess i am missing something simple. What further fault finding can I do. Is there somewhere to check the result of the email scan?
Thanks
Dear all,
I need to know that can we disable/block users to run Net commands with Symantec Endpoint Protection. Examples of some net commands are below. Your support is highly appreciated in this regard. Thanks
NET START [service]
NET STOP [service]
NET PAUSE [service]
NET CONTINUE [service]
For Linux environments that use Systemd, you may encounter issues with the ITMS Linux Agent on boot.
The reason for this is that ITMS installs '/etc/init.d/altiris' as the control script for the Agent.
This control script is not aware of Systemd dependency mechanisms.
In the event that the Local file system is not mounted, particularly '/opt', the 'altiris' service will fail to start.
This is because the default location of the install is '/opt' and there is no guarantee that this partition will be mounted before our service.
The following procedure will guarantee that the '/opt' partition is mounted.
1) Remove the symbolic link '/etc/init.d/altiris'. This prevents Systemd from generating a unit.
2) Create the file '/etc/systemd/system/altiris.service' with the following contents:
[Unit]
Description=ITMS Agent
After=local-fs.target
[Service]
ExecStart=/opt/altiris/notification/nsagent/etc/rc.d/altiris start
ExecStop=/opt/altiris/notification/nsagent/etc/rc.d/altiris stop
[Install]
WantedBy=multi-user.target
3) Run the command: systemctl enable altiris
4) Run the command: systemctl start altiris
5) Run the command: systemctl status altiris
Hi,
Need some assistance.
I have a single Tier Install, setup for inline SMTP. Usinig the EU-UK Solution Pack.
Trying to test email detection of National Insurance Numbers.(wide detection)
Have setup in Reflect mode. MTA is setup to forward ALL emails to Network Prevent Server.
When I send email, I can see the following in the Network Prevent server logs
08/Oct/16:22:08:29:275+0100 [INFO] (SMTP_CONNECTION.1201) Connection accepted (tid=31 cid=be00639d-b034-4a2d-be22-8f1e13824d9d local=yyy.yyy.yyy.yyy:10025 remote=xxx.xxx.xxx.xxx:49552)
08/Oct/16:22:08:29:278+0100 [INFO] (SMTP_CONNECTION.1203) Forward connection established (tid=31 cid=23b83abc-f970-4982-b8a7-92e7f7e41285 local=yyy.yyy.yyy.yyy:3605 remote=xxx.xxx.xxx.xxx:10026)
08/Oct/16:22:08:29:281+0100 [INFO] (SMTP_CONNECTION.1204) Forward connection closed (tid=31 cid=23b83abc-f970-4982-b8a7-92e7f7e41285 local=yyy.yyy.yyy.yyy:3605 remote=xxx.xxx.xxx.xxx:10026)
08/Oct/16:22:08:29:282+0100 [INFO] (SMTP_CONNECTION.1205) Service connection closed (tid=31 cid=be00639d-b034-4a2d-be22-8f1e13824d9d local=yyy.yyy.yyy.yyy:10025 remote=xxx.xxx.xxx.xxx:49552 messages=0 time=0.01s)
So it looks to me like the Prevent server is accepting the email and reflecting it back as expected, but I dont see any incidents created.
I guess its something simple I'm missing but I cant see it.
Is there anywhere I can see where its making the decision to trigger an event or not?
Thanks all
Currently there is client on our side that is MAC OS sierra 10.12. The system requirements for that OS is 12.1.6 MP6 but our SEPM console is 12.1.6 MP5. Does the SEPM with lower version can handle or communicate with the higher version SEP client?
Just a short query but important,
Can Symantec EP IPS received requests from Cisco sourcefires IDS?
Kind Regards
Request for Change / Addition
In order to allow inbound emails from external services such as SalesForce and others, we set a few "Local Good Senders - IPs"
The problem is that after some time it is virtually impossible to know/remember which IP or subnet is who.
Adding a comment column/field would greatly improve the ongoing administration
Hi all,
I would like to try VIP Service, but I don't know how can I use credential simulator.
At first i tried to download and use VIP acces desktop app and tried that credential, but get 'Token ID not found' message in the demo app.
I was wondering if there is a test credential ID available, and If yes, how do I get it.
Thanks,
Igor
Hello Symantec
What has happened to the Symantec Ghost single user license? I want to purchase Symante Ghost (not Norton Ghost) but it now comes with a minimum 5 licences for £160.
Software delivery is failing with following error message "Failed to execute policy - <Policy Name> - Install on resource - <Resource Guid>. Reason: The specified resource failed to obtain a Software Management Solution license. License count for Software Management solution has exceeded.:- Exception:Error in the application., Product:<Product Guid>"
I have tried to upload the new license file but found that, 'In Use' and 'Count' are displaying the same X licenses.
And further trying to install via 'Software Delivery Task' it displays message "No destination computers have been specified or these computers either don't have Software Management Solution Agent Plug-in installed or don't have a sufficient license for Software Management Solution" and fails to execute.
Can you please help us with a solution..
Thanks in advance.
I am running on Windows Server 2008 R2 - SEPM 12.1.RU6 MP5
A recent scan showed Process=SoftwareUpdate.exe on Protocol=UDP - Interface 127.0.0.1 - Ephemeral port.
It apparently does not run all the time because our Industrial Defender scan picked it up yesterday at 2am.
Can anyone tell me what that process is?