I'm almost certain that you cannot add an AD group to a role within DLP but just want confirmation. Can I add an AD group to a security role? Reason there is a lot of turnover when it comes from people who may be looking at the DLP Incidents.
Thanks
Configuring DLP 12.0 and ran into a bit of a confusion. In the past for attributes populated through LDAP or another script they were always created under System -> Incident Data -> Attributes and then the tab "Custom Attributes"
In DLP 12.0 there is that and also System -> Users - User Custom Attributes
If you look at the context sensitive help it says "You can create custom attributes to improve relevance while filtering and working with user risk summary reports. Useful custom attributes might include employment status, the name of the user's manager, the user's job function, and other information that might be stored in your enterprise resource planning system or additional user data source."
So is this where I put the attributes to be populated via LDAP?
Typically I populate First Name, Last Name, Department, Location and then they were populated by LDAP (AD)
I seem to have a "file system auto protect is not functioning properly" msg. I can't seem to find what that means or how to fix it. Any ideas?
Thanks.
I'm working on creating some Application and Device Control policies that can monitor the USB drives that are plugged into machines. I'm hoping that I may be able to record the Device IDs of the USB Drives so that if necessary I can add blocks to the Application and Device Control Policy. However I'm currently having an issue with testing in terms of locating where this information is saved. So for instance at the moment I have a policy in place to block a specific USB Device and it appears to be working. I can check the SEP Client Logs and under Security Log - Client Management Logs I actually see the event of the USB Device being blocked. What I'm interested in now is locating these entries in the SEPM. I think I've checked all of the Monitors -> Logs with no luck. Is anyone familiar with where this is located? Also is it possible to record the Device IDs for all plugged in devices? It would be nice for management of restricting infected devices.
Thanks,
Mike
Hello,
My SEP 12 support contract will be up for renewal soon (purchased directly from Symantec).
If I renew though a preferred reseller, will I be obligated to renew with them in the future?
It would be a decent cost savings.
Thanks.
Greetings Everyone,
I am Migrating from Win7 to Win8 useing SCCM 2007 .I have Symantec endpoint protection 12.1.2 version installed through out the organization from Symantec server.When I run the scripts the Symantec end point is stoping or blocking the Scripts .This is causing the trouble for me to successfully migrate from win7 to win8.The enterprize admin expecting solution or wor around for this with out stoping symantec protection service in organization.
I request any techinal expert to help me as I am a very new to sort out the issue and it will be a very big issue for me in my carrier starting if i cannot provide a solution .So I kindly request experts to help me out to resolve this issue.
Thanks and Regards
N.V.Srinivas,
+91-8985966259,
There is a bufferoverflow vulnerability in SEP 12 RU2 Management console and we have been advised to upgrade to RU3.
Where is documentation on how to do this?
Hi,
Recently we have deployed endpoint to a number of devices. The devices completed the install successfully but do not show up in the Manager. We have verified on a number of the devices that they are running the current version of endpoint and they even show that they are connected to our symantec server. We have tried exporting the communications settings XML file and manually importing it on some of the devices in questions. After a reboot they will show up in the manager but then after a short period of time the drop off again. When they do drop off we verified that the devices was still powered on and running endpoint.
Any ideas or suggests on what to do to fix this would be greatly appreciated. Thanks.
I want to be proactive here and I am doing this for another system that I administer so here goes.
I want to take a weekly back up of the SEPM structure so that I can preserve my entire database including sites, structure, GUP structure and exceptions. I want to be able to quickly recover this information if something goes awry. I am now using RU3 and I am going to start upgrading the clients who are primarily Windows 7 64 Bit operating systems, the server are a mix of Windows 2003 (32BIT)/Windows 2008 (64BIT) systems.
I also want to it it that when the database becomes too large that it can automatically be truncated this way I can preserve disk space. Aside from the database itself, where an I go to reduce filesize//foldersize when they become too large?
Thank you in advance.
Hi
I am being told my my Active Directory guy that we cannot just install SEP (and the SEPM) and have it run as SYSTEM or Domain Admin - They are telling me that we must use a service account. Which is fair enough, from a security stand point, I fully appreciate where they are coming from.
The problem is that I can find very little in relation to SEP and service accounts. Everything in the manuals and forums suggest that the services must run as SYSTEM and that you must use a Domain Admin account to install the software and use features such as remote push. As stated above, numerous people in my orgainsation (including me if I'm honest) aren't happy with that.
Is this correct? Can we not use service accounts?
Is there a best practice document or something that describes what accounts you must use.
Thanks in advance
D.
Greetings,
I'm a bit of a newbie here, but I was wondering if someone could recommend/explain the difference between Information Foundation Mail Security For MSE and Symantec Mail Security for Microsoft Exchange. I am running Symantic Protection Suite Small Business Edition 4.0 on Windows SBS 2011, and was wondering what's the best option.
Any help would be greatly appreciated.
On my Mac I'm currently running Symantec Encryption Desktop version 10.3.0 Build 9153 which was easy enough to find out via the "about encryption desktop" option, however I need to find out if I have MP1 installed. How do I figure that out? I'm thinking it should either show up after the version number (which it doesn't), or that maybe the build number corresponds to the MP level? After some googling I can't seem to find a chart that correlates that though.
Also, if there is a command I can use to determine this that would be helpful as well.
Thanks
I've just accessed https://fileconnect.symantec.com/ to get the latest Endpoint Protection software. I have a stupid question.
Do I need Symantec_Endpoint_Protection_12.1.3_SEPM_EN.exe (1,309.9 MB) if I have downloaded the following two?
Symantec_Endpoint_Protection_12.1.3_Part1_Installation_EN.exe (1,574 MB)
Symantec_Endpoint_Protection_12.1.3_Part2_Tools_EN.exe (240.1 MB)
My current setup is Windows Server 2003 R2 32-bit with Endpoint Protection Manager + Endpoint Protection (server side) + Endpoint Protection (XP, 7). They are all version 11.0.5002. I'd like to upgrade all of them to the latest version.
Thanks.
Good Morning Community,
I would like to add a firewall rule to allow traffic on Port 9009 for a couple of clustered servers, just unsure of my network services settings that I need to have in place to allow an incoming connecttion on my client on port 9009. Entry from log
21/06/13 9:48:43 AM Blocked 15 Incoming TCP 172.16.2.157 00-1D-70-73-7C-80 3908 172.16.1.225 00-17-A4-77-0C-7C 9009 gdavies OESTRANS Default 1 21/06/13 9:47:41 AM 21/06/13 9:47:41 AM Block all other IP traffic and log
Thanks Matt
I forgot the password of a limited administrator account. Now I use another administrator ID to logon SEPM to reset password, but old password is required. How to reset the password without origional password?
I am currently using Symantec Encryption Desktop and I am having a small problem.
Environment:
-Two Desktop are running SED
-Both Desktops have their own Private keys created
-Each Desktop was given the others key
-These keys were installed and verified
-Each desktop can encrypt and decrypt files that are made on that specific desktop
ISSUE
-When i send a file from one desktop to the other and vice versa the file that i send to each desktop can't be opened on the other. I get "access is denied" I have installed and reinstalled the SED over and over again but this error seems to plague me. When i turn SED off all the files show as encrypted and when PGP is on I can read only the files that were created on that specific desktop.
hi,
i am running symantec enterprise manager v 10.0.
when i am installing esm agent on client it is giving below error: pls help if anybody has answers to it:
[13820] register: Args List: -r -v -m 10.X.X.X -p 5600 -t -N XYZ -u -E
[13820] register: Agent registration starting ......
[13820] register: Registering to Manager: 10.X.X.X
[13820] register: 2013/06/21 19:45:19:648: Mode NA2 DH1024 RV8
[13820] register: User is authorized to register agents with manager
[13820] register: Password is not expired
registering agent information
[13820] register: Registering agent information
loading agent information
adding 10.X.X.X to ESM manager access control file
exchanging authentication keys
Verifying Manager to Agent communication
Connection verification from the Manager to the Agent XYZ failed
Failed to continue with the registration process
[13820] register: Error: ESM_REG_23888, Error occured while opening connection to XYZ [13820] register: Error: ESM_REG_23673, Error occured while contacting agent XYZ
<AxStringCode Code=23872>Error occured while opening connection on port %1</AxStringCode> 1 5601
<AxStringCode Code=22363>hostname %1 not found: err=%2</AxStringCode> 2 XYZ 11004
We have a group of test machines we'd like to be able to disable notifications for risks found. Periodically I use test viruses but don't want this detected risk emailed to the whole team. Is there an easy way to exclude a group from notifications?
Thanks!
Hello,
After running the Virus Definitions Distribution report in my version 11 SEPM, I want to drill down ans find out the host names of the client computers that have out of date definitions, so I can fix the problems on those hosts. I've been clicking around for ages and now can't see the wood for the trees! 
I'm sure there's a way to do it, so thought I would put it out there to this forum.
Can anyone help?
Thank you,
Olly
I have a client that I just switched yesterday to 12.1.3 from Sophos 10.0. The enviroment has a Windows 2008 Stanard server with 8gb running Sage Mas90 4.3. Some PCs are XP and some are Windows 7. I excluded the drive mapping that has the drive mapping to the shared directory and the Mas90 executable. I am looking for advise on what I can do to speed this up.
Previously there was no antivirus client or virus managment on the server. Now there is. Should I remove the antivirus client from the server?
In Sophos I only had the on demand scanning set to read and another else. Should I change to just doing that?
Any sugesstions would be appreciated.