Device does not comply with security policy for: Device Protection

August 30, 2018, 12:37 pm

≫ Next: Fix Now button

≪ Previous: Pls help for application error 512

$

0

0

I need a solution

So I got a few machines that have the error "Device does not comply with security policy for: Device Protection​",  I created a new group and new Security policy with everything turned off.  Move one of the machines with error to the group and the error goes away.  I edit the Security policy ​ and turn on real time scanning and the error "Device does not comply with security policy for: Device Protection​"​ is back. 

How do I remotely turn on real time scanning?  Is there a command I can run on the machine?

 

0

---

Fix Now button

August 30, 2018, 12:43 pm

≫ Next: Getting way more alerts- A high-risk intrusion was detected on Web server

≪ Previous: Device does not comply with security policy for: Device Protection

$

0

0

I need a solution

The fix now button does not work.  Did not fix: "Device license has expired"  Did not fix: "Device does not comply with security policy for: Device Protection​"

The fix now button always says The operation can't be completed. An unexpected error occurred (error code: undefined)

Please fix.

0

Getting way more alerts- A high-risk intrusion was detected on Web server

August 30, 2018, 1:52 pm

≫ Next: Incremental EDM

≪ Previous: Fix Now button

$

0

0

I need a solution

Went from a few a week  to hundreds in a week- see below- A high-risk intrusion was detected- on www Server Similar to below- many different exploits in attack sig- Has something changed with the Symantec software in the past couple of weeks that may have caused this? Is there a way to limit the alerts?

PS Alert Name
Attack: an intrusion attempt was blocked.

Status
Blocked

Attack Signature
Attack: D-Link DSL 2750B Arbitrary Command Execution

Targeted Application
SYSTEM

Targeted IP
192.168.0.x

Targeted Port Number
80

 

0

Incremental EDM

August 30, 2018, 4:46 pm

≫ Next: Mac book Authentication issue

≪ Previous: Getting way more alerts- A high-risk intrusion was detected on Web server

$

0

0

I need a solution

HI folks, 

i am trying to work on solution for EDM for DLP 15.1

the data source that client is using teradata db here client requiement is to perform incremental indexing of EDM data.

is there a way where on periodic duration only the delta (incremental) data is extracted from DB and only that relavant data is indexed.

But for detection it should be able to detect leak for entire set of data.

kindly suggest solution for this.

regards

sam

0

Mac book Authentication issue

August 30, 2018, 11:44 pm

≫ Next: Problem with Policy Exceptions

≪ Previous: Incremental EDM

$

0

0

I need a solution

Hi,

I have mac laptop and i want to increase surrogate timeout for 1 users will it be possible.

User is not in domain. Also frequently we are seeing prompt for that users

0

1535700111

Problem with Policy Exceptions

August 31, 2018, 5:14 am

≫ Next: Hardware requiremnet for Bluecoat Proxy VA100

≪ Previous: Mac book Authentication issue

$

0

0

I need a solution

I've a problem with a Policy Exceptions.

Example:
I created a Policy that search for the keywords: aaa, bbb, ccc. I have a textfile with aaa, bbb, ccc. If I scan with this policy I got an Incident with 3 matches.

I enlarged the policy with with an exception for the keyword ccc. If I scan the textfile I didn't get an Incident. It seems that my scan scanned for the exception first and if this matched the scan skipped the file.

I'm looking for a solution that scan the whole file, count all matches minus the "exception matches". How can I achieve this?

0

Hardware requiremnet for Bluecoat Proxy VA100

August 31, 2018, 6:11 am

≫ Next: DLP offline incident report identity

≪ Previous: Problem with Policy Exceptions

$

0

0

I need a solution

Hi,

Can you please let me know hardware requirement for Bluecoat Proxy VA100, 2500 users?

CPU

Memory (RAM)

Diskspace

I have searched in portal and suggested below hardware please confirm if this is ok or not?

CPU/Core:8

Memory:16GB

Disk space: 250GB*2 =500GB

Thanks

Somnath

0

DLP offline incident report identity

August 31, 2018, 6:22 am

≫ Next: Symantec touching files even with exclusions set?

≪ Previous: Hardware requiremnet for Bluecoat Proxy VA100

$

0

0

I need a solution

Hi,

Whenever we deployed agent configuration enable mode for both corporate network and off network. How i will fetch the report separate or identified for on network incident and off network incident for user. Is there any way to identify user on network activity and off network activity (i.e outside intranet). Please suggest.

Thanks
Suraj.

0

---

Symantec touching files even with exclusions set?

August 31, 2018, 7:43 am

≫ Next: Symantec Desktop Encryption Stuck in Safe Mode

≪ Previous: DLP offline incident report identity

$

0

0

I need a solution

We have an exclusion set for F:\Imagenow and all subdirectories in Endpoint Protection.  I see the exclusion in HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Exclusions\ScanningEngines\Directory\Admin.   However, on the server we see ccSvcHst.exe (Symantec) touching a ton of files in the F:\Imagenow directory.  Our onsite Symantec support tells us that "Symantec touches the files anyway even though the exclusion is set".  It is using 4x the disk IO of our application!  Is this statement correct or have they configured the exclusion wrong?

0

Symantec Desktop Encryption Stuck in Safe Mode

August 31, 2018, 1:49 pm

≫ Next: UMC Timeout Configuration

≪ Previous: Symantec touching files even with exclusions set?

$

0

0

I need a solution

I have a customer who has chosen to enter safe mode using msconfig on their laptop with windows 7 and encrypted with Symantec Desktop Encryption. Once Windows has loaded the only profile listed is "Other User" where you msut enter a username and password. The customer claims to not have a password and does not remember his username. I have seen this issue on many computers before and have always been succesfful in removing it via the command prompt. However because this drive is encrypted I have no way of accessing the command prompt or getting a list of usernames. Is the drive totally hosed now? This is a person running a small financial advisory business so the drive has lots of information that NEEDS to be recovered but I have been left with no solutions for him. Does anyone here with some more experience with this software have a solution? With a little googling I have found others with the same issue but no solution.

0

UMC Timeout Configuration

August 31, 2018, 7:47 pm

≫ Next: Boot. Malmo Virus detected but no action

≪ Previous: Symantec Desktop Encryption Stuck in Safe Mode

$

0

0

I need a solution

Dear Forum Members,

Are we able to configure timeout setting on UMC on DCSSA 6.7.3?

Thanks & Best Regards,

Roland

0

Boot. Malmo Virus detected but no action

September 1, 2018, 1:39 am

≫ Next: SEP clients length of time to update Virus Definitions.

≪ Previous: UMC Timeout Configuration

$

0

0

I need a solution

Dear Team,

Boot.Malmo is detected but no action is taken by symantec ( left alone). Need your help please!!! Thanks in advance ...

0

SEP clients length of time to update Virus Definitions.

September 1, 2018, 11:38 am

≫ Next: Sync Config from Master to Backup ProxySG

≪ Previous: Boot. Malmo Virus detected but no action

$

0

0

I need a solution

Hi All,

I was wondering how long it generally takes for new clients to download content from Group Update Providers.

I have installed new clients and it has been around 4 days where the logs show that the client has been downloading new content successfully. However, I still have the error indicating that the Virus Definitions are out of date on the SEPM and on the Client, it indicates that the Virus definitions are missing or corrupted. As indicated there are new installs and has so far happened on a number of PCs.

Can anyone assist?

Corey. 

0

Sync Config from Master to Backup ProxySG

September 1, 2018, 11:01 pm

≫ Next: MAPI Proxy: Decryption failed with error: PGPError #-12562

≪ Previous: SEP clients length of time to update Virus Definitions.

$

0

0

I need a solution

- We have two proxySG Units A and B ( Master and Backup). Whenever we do changes on the Master (A) we do not replicate the config to Backup (B). Now i want to sync the config on both the units. Kindly let me know how to do it. 

0

MAPI Proxy: Decryption failed with error: PGPError #-12562

September 2, 2018, 12:00 am

≫ Next: Symantec blocking printer

≪ Previous: Sync Config from Master to Backup ProxySG

$

0

0

I need a solution

Hi,

getting this error message when trying to open one email - MAPI Proxy: Decryption failed with error: PGPError #-12562

why is the issue?

Thx,

Uri

0

---

Symantec blocking printer

September 2, 2018, 2:43 am

≫ Next: Clients not being added into the console and Agent icon not on workstation

≪ Previous: MAPI Proxy: Decryption failed with error: PGPError #-12562

$

0

0

I need a solution

When i try to print something from mac machine its not getting printed. And cheked the traffic log in Sepm it shows outbound connection is getting blocked by block all ip traffic... i have 70 printer servers i will not be able to add all 70printer serer ip adress as exclusion wat can i do other than creating exception and exclude host

0

Clients not being added into the console and Agent icon not on workstation

September 2, 2018, 4:07 am

≫ Next: DCS:AS - Allow RDP Connections by users

≪ Previous: Symantec blocking printer

$

0

0

I need a solution

Issue: The client workstation is not being added into the console and Agent icon not on workstation

Eval copy ghost solution suite 3.2 release 7 running on eval copy of windows server 2016.

I am able to use remote agent installer and push files succesfully to clients and the Dagent is running on windows 10 pro

On the server the agent icon shows on taskbar and under computer on console.

DAgent log

09/02/2018 13:54:48.842 3312 0] DsAgent.cpp:490 About to serialize objects

[09/02/2018 13:57:48.855 3312 0] bootstrap.cpp:1131 - Error reading input file.

[09/02/2018 13:57:49.023 3312 0] bootstrap.cpp:467 GetCfgFilename(): strName = C: 

[09/02/2018 13:58:10.051 3312 0] CDSAgent::ConnectToServer() - exception thrown while trying to connect to the DS.

File: common\ipc\TcpSocketIpc.cpp, Line: 71, Error Message: CTCPSocketIPC::Connect Failed to connect

[09/02/2018 13:58:10.051 3312 0] DsAgent.cpp:181 caught unhandled exception connecting to DS

common\ipc\TcpSocketIpc.cpp:71 CTCPSocketIPC::Connect Failed to connect e=0, s=10060

[09/02/2018 13:58:10.066 3312 0] bootstrap.cpp:677 unhandled exception thrown from startup code

common\ipc\TcpSocketIpc.cpp:71 - CTCPSocketIPC::Connect Failed to connect

Value=0, SystemError=0x0000274C

0

DCS:AS - Allow RDP Connections by users

September 3, 2018, 11:05 am

≫ Next: DLP 15.1 - Upgrading Enforce and Detection instances on the same server

≪ Previous: Clients not being added into the console and Agent icon not on workstation

$

0

0

I need a solution

Through DCS can I enforce policy prevention with rules to allow RDP access only to certain domain users on Windows Servers?

I can easily apply rules for detection of success and failure to log on via remote desktop, however I have no idea how to perform the block per user in prevention policies.

Could someone help me?

0

DLP 15.1 - Upgrading Enforce and Detection instances on the same server

September 3, 2018, 1:01 pm

≫ Next: Block all upload by user subnets

≪ Previous: DCS:AS - Allow RDP Connections by users

$

0

0

I need a solution

Hi, I'm trying to upgrade DLP from 15.0 MP1 to 15.1, I've got a two-tier setup that's a bit different from the example given in the Install Guide. We have a standalone database server, and then we have our server which is running the Enforce and Detection instances together.

I've run the Enforce upgrade to 15.1 (haven't migrated yet), but when I try to run the Detection Server install MSI, I get a pop-up saying "Symantec Data Loss Prevention 15.1 Enforce Server is already installed on the system. Symantec DLP 15.1 Detection Server can not be installed. To create a Single-Tier Server setup, please remove all existing Symantec DLP 15.1 server installations and install Symantec DLP..." (the message cuts off here, I'm presuming it's saying to run the Single Tier MSI)

Does installing Enforce on a server which has Detection installed automatically upgrade the Detection instance to 15.1 too, or would I need to run the Single Tier MSI and point it to the standalone database server?

Thanks!

0

Block all upload by user subnets

September 4, 2018, 12:20 am

≫ Next: Bypass preexisting PGP installations during sccm windows 10 in place upgrade

≪ Previous: DLP 15.1 - Upgrading Enforce and Detection instances on the same server

$

0

0

I need a solution

Hi Team,

1. Please let me know how ot block all kind of upload by user subnets to the internet.

2. Windows and Unix servers have SFTP connections to the Internet for file downloading. Can we make use of our bluecoat to proxy the SFTP connections? How we can configure the bluecoat to achieve this?.

Please advise on this.

Thanks,

Ram.

0