Quantcast
Channel: Symantec Connect - Products - Discussions
Viewing all 21603 articles
Browse latest View live

Move SEP 11 to new server and then upgrade to SEP 12.1

January 2, 2013, 5:06 am
$
0
0
I need a solution

Hello and Happy New Year to all.

I want to move to new server running Win2008R2 and upgrade my SEPM to the latest version.

According to the following article, the version installed to the new server must be the same version as on the old server.

http://www.symantec.com/business/support/index?page=content&id=TECH104389

 

The running SEPM is the version 11.0.5002.333 and when i go to Symmantec connect and add the serial, it gives me the option to download version 11.0.7300. There will be a problem if the new server has version 11.0.7300 and the old one version 11.0.5002.333 or i must update the old server to 11.0.7300 first and then follow steps of the article?

 

Thank you

Search

SEPM 12.1 upgrade

January 2, 2013, 5:10 am
$
0
0
I need a solution

Hello all,

Happy Newyear to all of you.

I have a question about automatically upgrading clients to the latest version of SEP from the SEPM.
I recently upgrade to the latest version of SEPM 12.1 RU2, and im attaching the new clients to some of my groups to test the functionalty of the new SEP clients 12.1.2015.2015.

Strange thing is some of the clients upgrade to the newest client and some don't even after a few weeks they still didnt upgrade to the client i attachted to this group.
Does anyone know why this behaviour is happening?

Thanks,

LEVD

Presentation

January 2, 2013, 5:24 am
$
0
0
I need a solution

I have to represent the following things to our clients. please help me with power point documents or any other documents ( slide show,screenshot etc) . Please............

 

  • Current infrastructure for SEP (both H/W and VM)
  • Dependency/Challenge with existing infrastructure
  • SEP Migration for version up gradation (from 11.x to 12.x)
  • Any challenge from SEP end for endpoint that are under VM environment
  • Minimum recommended server configuration for SEP (need clear proof/reference document from Symantec)
  • Support matrix (with detail workflow diagram mentioning activity escalation flow to Symantec)
  • AOB

latest version of SEP

January 2, 2013, 6:35 am
$
0
0
I do not need a solution (just sharing information)

good

When would be ready the latest version of SEP is currently in version 12.1

thank you very much

Response Rule - character limitations

January 2, 2013, 6:45 am
$
0
0
I need a solution

In the 'Endpoint Prevent: User Cancel' response rule, how many characters can you enter into the 'Display Alert Box with this message:' field in the 'Endpoint Notification Content' section? 

Going from Symantec Endpoint Unmanaged to Using SEP Management Console

January 2, 2013, 6:51 am
$
0
0
I need a solution

We currently have Symantec installed on each workstation unmanaged and would like to purchase, install, implement Symantec Mangement Console.  What would be the best way to accomplish this? Can we simply install the management console and have the existing client converted to being managed?

SWG works perfectly, except that no webdestination is show

January 2, 2013, 7:02 am
$
0
0
I need a solution

Hi everyone,

I have installed and configured SWG in span/tap mode.

Application control works, I can see that users use instant messaging, etc... But what I can't understand is that the web destinations page is not populating at all. If i go on the custom reports page, I can clearly see that images are downloaded on websites, that applications are filtered too and which protocol are used, but still no web destinations.

I have configured my internal network and my default policy, which is set on monitor all.

Does anyone have an idea where my problem could be?

Thanks in advance,

 

Math

What's everyone using SEP fw for?

January 2, 2013, 7:34 am
$
0
0
I do not need a solution (just sharing information)

I'm curious if anyone can share what they're using the SEP firewall for? The default rules are pretty basic and relaxed in 12.1. In testing, I've added a "Deny_all" rule as the last rule and a lot is blocked and my machine is bascially unable to function on a domain network.

Was wondering if anyone can share some thoughts or ideas on using the fw to lock down an environment yet still be able to function properly.

Thanks for reading. Any feedback is greatly appreciated.

Search

SEP 12.1 RU2 no definition reporting

January 2, 2013, 7:56 am
$
0
0
I need a solution

This is a clean installation of SEPM 12.1 RU2 on Windows 2008 R2 Standard Edition. All 25 test-clients including local SEP 12.1 RU2 installation fail to report to SEPM about their definition-status. There is no problem when I look on the SEP client itself, the definitions update through SEPM when in-house and through LiveUpdate when out-of-office. The SEP clients also fail to report last-scan status. All other reporting and communication seems to be ok though...

I have tried re-installing some clients and used sylink-drop on a few but neither helped.

 

Please help!

Micorosft TMG and DLP and Lookup script

January 4, 2013, 10:25 am
$
0
0
I need a solution

I have a Microsoft TMG server integrated with DLP Web Prevent and I am trying to use the authenticated proxy user to then do a LDAP lookup.

I have written a VB Script that is to pull in the values from the system and then parse the username info from a string that contains the username.

The DLP system has the following content for the sender-email variable.

sender-email=Negotiate ://DOMAIN\Username

 

Though for some reason when I bring in this data to the system there is a STDIN error and fails the validation:

04 Jan 2013 09:13:15,974- Thread: 42 FINE [com.vontu.lookup.script.ScriptUtility] Validating sender-email=Negotiate ://DOMAIN\Username  - false

 

After this happens the script or system truncates the variable to the following

sender-email=Negotiate

This obviously removes the data that I need.

For those who are good at VB script I have defined the input of the variables as:

Dim objArgs : Set objArgs = WScript.Arguments

Is this the possible problem?

 

Does anyone know how to do one of the following:

  1. Find a way to have the system keep the whole string?
  2. Modify the TMG server to not use the '\\' which is what I think is causing the STDIN error.
  3. Have gotten a script to work with the TMG proxy.

 

Symantec Endpoint Protection 12.1RU2, scans and finds threat in svchost.exe

January 4, 2013, 10:39 am
$
0
0
I need a solution

We are having problems with some of our computers and I am trying to track down the exact cause and in doing so I ran across some things in the event logs of several computers that should not be there.  We are running SEP server and clients 12.1.2, Server 2008 R2 and Windows 7 Enterprise 64Bit clients. 
Every since we upgraded to this version, one by one people have complained that Outlook keeps locking up on them and other strange thing have happened like the machines will not get past the log off screen when they shutdown.  One computer will not show the Username and password fields for about 10-20 minutes after CTRL-ALT-DLT.  PS..We also deployed SEE Device Control and Removable Storage at the same time. 

1st,  I found this:  Security Risk Found!Hosts File Change in File: c:\windows\system32\svchost.exe by: SONAR scan.  Action: Leave Alone succeeded.  Action Description: The file was left unchanged. (application logs)  
This is showing up on a lot of machines so I don't think it is a virus. 

2nd I found this(could be another application other than SEP):  The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 

{69B37063-2BB6-43B5-A109-60E69A77840F}
 and APPID 
{CD11FAB6-1C0E-45E1-BA31-5C6008EF2607}
 to the user domain/username SID (S-1-5-21-790525478-920026266-842925246-8650) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
I am not sure where this APPID is.  I went through all of them and could not find the one with this APPID or CLSID.  
 
Any info will be greatly appreciated. 
 
8157161
1357333967

How to install SEPclient via GPO without msi package?

January 4, 2013, 11:02 am
$
0
0
I need a solution

Hi everybody,

I've been searching for ways to install SEP clientes on almost 2000 desktops (XP and 7 mixed) in the past two weeks.
The problem here is that all these 2000 desktops have McAfee Enterprise installed, so I need to uninstall it before installing SEP.
This issue was solved by using SEPprep, exporting the package as multiple files, preparing sepprep.ini, renaming setup to sepsetup.exe and copy sepprep.exe over setup.exe. OK, it worked fine, but along all the desktops, at some branch offices many of them are turned off for weeks, maybe months and got ocasionally turned on by its users.

So, I need three deployment options:

1. Deploy using Deployment wizard in the main office where the SEP Manager is installed on a local server using the SEPpreped package. Done!
2. Deploy using PushDeploymentWizard in the branch offices to eliminate traffic between WAN links due to client package transfer. Done!
3. Deploy on demand using GPO in branch offices where the computers are always turned off and often turned on by its users. Not done...

So, my problem now is GPO deploy. These were the methods I tried:

1. Software deployment using setup.MSI file inside the exported package. This worked fine but when you use the setup.msi, it won't call the sepprep, so it won't uninstall the McAfee AV before. Ended with two AV installed. Not a suitable solution.

2. Tried to write a batch script and use it as startup script.

This is the script:

echo off
IF %PROCESSOR_ARCHITECTURE% == x86 (
GOTO Bit32
) else (
GOTO Bit64
)
 
:Bit32
Echo "This is 32 Bit Operating system" >> c:\temp\install32.log
reg query "HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection"
if %errorlevel% == 0 ( goto exit )
\\fs1\netlogon\runas.exe -u domain\username -p password \\fs1\netlogon\32bits-SEPprep\setup.exe
goto exit
 
:Bit64
Echo "This is 64 Bit Operating System" >> c:\temp\install64.log
reg query "HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection"
if %errorlevel% == 0 ( goto exit )
\\fs1\netlogon\runas.exe -u domain\username -p password \\fs1\netlogon\64bits-SEPprep\setup.exe
:exit
 
echo END

FS1 is my ad server. This worked almost perfectly, besides the fact that I would have a security issue by having an admin password in plain text inside a wide open file share like netlogon. The runas is a runas alternative that allow storing password at command line, not the windows runas.

So, I went after other tools that could allow to encrypt passwords within the command line. None of them worked when called from a startup script via GPO. Tried CPAU, lsrunas, runasspc. I edited the script above to only execute setup.exe without runas thing, wrote a second script named callinstall.bat with these lines below and set it as startup script:

echo off
\\fs1\netlogon\cpau.exe -dec -file \\fs1\netlogon\instalasep.job -lwp **** (this job is configured to execute in c:\temp, that is mandatory when using UNC paths) ****
exit

This job file contains a command line that calls the main script (the one that executes setup.exe) with administrative credentials, so it has to work. But no.
This not worked as startup script, when the OS startup nothing happens. It shows the CTRL+ALT+DEL too early and after logon I can't see any setup.exe or msiexec.exe running at task manager.

So, If I go to \\fs1\netlogon\ myself and execute callinstall.bat it will them provide the admin credentials, call the main script, detect the architecture (32 or 64) and setup SEP pretty well. The desktop computers are in the correct OU inside the AD users and computers and the GPO is linked correctly to this OU. Its worth to say that this problem seems to be particular to Windows 7 desktops. Windows XP work fine even if I set main batch script without runas or cpau command.

Really don't know what to do. It's driving me crazy.
Please help.

 

Henrique
 

Is SEP causing this change in ping behavior?

January 4, 2013, 11:15 am
$
0
0
I need a solution

We updated from 12.1.14 or .11 to 12.1.2 about a month ago.  Maybe it was that or a recent update of another kind.

A simple ping is behaving differently.

Before I got...

Destination port unreachable.        after sending a ping to a machine that's not on.

 

Now/today I get...

Reply from (my local computer's ip address): Destination host unreachable.

 

Nothing with Windows updates.  We've figured that out.

Two computers without SEP on it behave the old/normal way

One comupter without SEP gives me the old/normal ping results from I ping from another comupter and the targe/non-SEP computer is off.  Weird.

 

All the computers are on our subnet.  I'm wondering what's changed recently.  We used to have 'dest port unreachable.'  I have read several pages online that say if it's on your subnet, it's only one hop, and the pinging computer knows the device isn't there and just displays 'dest host unreachable.'

 

It's a problem because I've got several batch files monitoring machines.  If it's on, it pings back and error level is 0.  Today if it's off, I get 'dest host unreach' and still the error level is 0.  The batch file responds as if it were on.  The old way gave me either a time out (which I read shouldn't happen, but it was and that's ok) or a 'dest port unreachable' with an error level of 1.  That was fine.  I used the error state, 0 or 1, to control whether alerts are sent out, etc. 

 

 

Is anyone else using SEP having issues with pings not working 'normally?'

 

SWG SSL Certificate

January 4, 2013, 11:20 am
$
0
0
I need a solution

Hi Guys,

We need to implement SSL Deep Inspection on SWG 8450 boxes at client side. They want to use internal self signed SSL certificate in their Windows domain environment. Client has their own internal CA Authroity service running on MS PKI server. Client does not want to deploy SSL ceritifcate on each endpoint manually. They want to use their PKI server to establish trust for this self signed certificate so that when user browses any https website, they dont get certificate error.

We have done following steps to create key, certificate signing request (CSR) and certificate but when we browse https websites using SWG boxes, we get certificate verification error.

We create a key using openssl (for windows) by using following command.

openssl.exe genrsa -out abc430.key 2048

Then we generate a CSR using above key.

openssl.exe req -new -key abc430.key -out abc430.csr (CSR is attached).

Then we use the above CSR to generate SSL certificate through MS PKI service using Subordinate Certificate Authority template. (Certificate file is attached and below are provided screenshots).

Then we import this certificate into SWG and import is successful.

But when we browse the Internet and use any https website, we get certificate verification error. Although SWG logs show proper SSL Interception.

 

 

CCS 10.5.1 Custom Check

January 4, 2013, 11:40 am
$
0
0
I need a solution

Has anyone ever written a check to determine if ports are opn on a desktop machine?  

We are trying to write one that will let us know if Ports 5800 and Port 5900 are open on Windows 7 machines.  

Search

Dectecting Unmanaged Devices

January 4, 2013, 11:51 am
$
0
0
I need a solution

For my SEP 12.1 RU2 environment, I'm not getting any results in the Unknown Device list. I have followed Symantec documentation to enable a Managed Detector, and set up notifications. However, on the main SEP Manager console page, under details, I have yet to see any Unknown Devices. And I know there are at least a couple out there. Any suggestions on how to troubleshoot, or what I may be missing? Thanks! 

ips on server

January 4, 2013, 3:07 pm
$
0
0
I need a solution

Can we install ips on server?

sep components on server

January 4, 2013, 3:07 pm
$
0
0
I need a solution

Can we install all components on server?

SEP 12.x Client and Proxy Server

January 4, 2013, 4:50 pm
$
0
0
I need a solution

Is getting a SEP 12 client to work (unmanaged and goes through a Blue Coat proxy server) more of a challenge than with SEP 11?  Even with all of the proxy server URL exceptions specified in TECH162286, it appears every 12.x version I've tried thus far has difficulties downloading anything via LiveUpdate beyond the catalog listing.

For newer versions like the latest SEP 12.1.2, I usually first install an unmanaged client on a test VM to see how things go.  The 12.x client not being able to update its virus defs from the get-go is very disconcerting to me.  In contrast, unmanaged SEP 11 clients required no modifications on our proxy servers and worked straight off to get their virus defs.  Yah...I'm still running SEP 11.0.5 in our environment and was hoping to upgrade to 12.1.2 since it's supposedly compatible with Win8 but this issue just makes me lose confidence in going further.

If an unmanaged SEP 12.x client has difficulties getting its virus defs, I wonder if the SEPM server will do any better?  I would think many of you are running behind proxy servers for Internet access so figured I must be missing something in our environment.  Just can't figure out what.

removal tools for new and slightly older dell laptops

January 4, 2013, 11:36 pm
$
0
0
I need a solution

We got Symantec endpoint Small Business Edition 2013 and many of the dell laptops have dell embassy suite either hidden in programs and features or is a part of another package that is difficult to delete. I know one way, albeit a dangerous way, to remove traces of it through the registry but this takes alot of time and can not be very safe to do.

 

Are there any removal tools or any suggestions to get this software installed. It will not install and a pop up box appears stating this. This will not install until embassy suite by wave is removed first. I want to do this for sales reps and make it as simple as possible.

 

Thanks.

Viewing all 21603 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>