Can anyone confirm that if a firewall policy has no rules there is an implied 'default deny' action? (v12.1 RU2)
I was trying to use a firewall policy only for the purpose of "automatically block an attackers IP address" option. But found that my Win7 client workstation couldn't even ping the defafult gateway. The firewall policy initially had no rules. After I added a single 'allow all' rule the client workstation is functioning normally.
Currently we have windows Servers with Only AV/Malware protection. We use a application called ImageRight, it's used for printing.
Also Servers are at SEP 11. RU 1. In process of upgrading to SEP 11 RU 3 then to 12.1.2 in near future.
Now with my question?
Has anyone seen this type of error before? It's in the Event Logs as a Warning.
There is a Windows KB Article ID: 947238 which kinda relates.
DETAIL -
2 user registry handles leaked from \Registry\User\S-1-5-21-1390108520-675970526-1691616715-84626:
Process 376 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1390108520-675970526-1691616715-84626\Printers\DevModePerUser
Process 2068 (\Device\HarddiskVolume1\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe) has opened key \REGISTRY\USER\S-1-5-21-1390108520-675970526-1691616715-84626\Software\Symantec\Symantec Endpoint Protection\AV\Custom Tasks
It is currently believed that SEP is causing this issue, but from my point of view I think this is a false positive. Almost makes me wonder if this is a Rootkit. I have never seen this error before and and we currently have intermitent error occuring.
Any suggestions, would be helpful.
I hope I read this wrong
Condensing this TID to the essence it says:
1. If a push install fails for a computer see if UAC is on.
2. Turn UAC off.
Lets imagine this in a large enterprise: 500 pc's or more and wanting to upgrade to prevent a vulnerability. UAC should ALWAYS BE ON.
So my reading of this is that through one fashion or another I have to turn off UAC for the 500 computers to allow my push install to work.
That seems to totally destroy the concept of a push installation. If I have to touch via remote or otherwise 500 computers, what efficiencies do I lose since I can't install via PUSH if UAC is on.
If I have to turn off UAC what labor savings have I lost and how much more time will I burn on what used to be a fairly painless installation.
Please tell me I read the above article wrong.
PGP Desktop 10.3.0 (Symantec Encryption desktop) AND JA Fully compatible with Windows 8?
Because symantec decided to abandon the name in PGP Desktop version 10.3.0?
PGP is a name known worldwide. Why change now to Symantec Encryption Desktop?
Hi everyone!
Every tab that I wanna to access, I have this certificate error all the time.
Hi,
We're using a brand new Apple Mac Book Pro running 10.8.2 Mountain Lion and tryng to encrypt the entire drive. As per the October press-releases, we're using PGP 10.2.1 MP4 but after restarting, the grey-screen apple logo turns into a circle with a slash thru it and becomes unresponsive.
Should this work as a simple install?
Thanks in advance,
Jason
Windows Backup has been failing consistently. I would occasionally recieve an error message in my application logs on Windows 7:
Faulting application name: svchost.exe_SDRSVC, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: PGPsdk.dll_unloaded, version: 0.0.0.0, time stamp: 0x4f6c30d9
Exception code: 0xc0000005
Fault offset: 0x0000000059f0090c
Faulting process id: 0x151c
Faulting application start time: 0x01cdf293db4fec2c
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: PGPsdk.dll
It appears that Windows backup shadow copy was failing as it tried to access files in the root of the drive..the C:\ and the backup fails. The files which seemed to be killing the backup were:
PGPWDE00
PGPWDE01
PGPWDE02
Telling windows to skip the root directory appears to have solved this problem.
Can someone tell me if on a 12.1. RU1 Manager if you can deploy a 12.1 RU2 installation package from it? Or can you only deploy the RU2 package from an RU2 manager??
I'm basically looking to get RU2 on a few Windows 8 users but trying to see if I can do it without having to upgrade the SEPM to RU2.
Hi, folks.
Previously I have been told to look at PGP Shredder as a potential piece of software which is capable of secure data deletion. By “secure data deletion” I mean functionality which is responsible for secure destruction of data on an entire hard disk drive, individual partitions, individual files, etc. We all know that via utilizing specialized equipment, it is possible to recover even repeatedly overwritten information. I’m willing to avoid such a situation, especially with confidential data.
Based on what I’ve read in the corresponding User Guide, PGP is likely to answer my requirements. Nevertheless, I’m eager to understand in details how this software works? I’m willing to find as much as possible about used algorithm since it’s the case of the confidential data.
In the existent UG there is nothing but the following statement:
The PGP Shredder feature works by overwriting your data with random text. It repeats this multiple times, or passes.
Can somebody provide link to the document with full description of the process or give specific explanation regarding it?
Thanks in advance.
Kind regards,
Alexei.
Hi,
We are using/evaluating PGP Universal + BES 5 + PGP Support Package
I want to send encrypted emails to a recipient from a PGP Universal organisation other than mine but I just keep getting this message when I send him emails.
You do not have a PGP key for the following recipient: user@domain.com
With the following options: Do not send - Remove from message - Send to server
Both of us do not have any problem to send/receive encrypted emails to recipients in our own a PGP Universal organisation.
I was on the impression that public keys were fetching automatically at mail send.
Is pushing our public keys to a public key server as keyserver.pgp.com our only option?
Someone has any suggestions on how to do this (any good reading on that topic)?
Thanks,
Symantec has introduced VShield integration feature with 12.1 but they do not have good guideline on troubleshooting and how it works (network level, ports etc.)
Recently I’ve installed 2 SVA and both of them are showing offline in SEPM console – I’m really not sure how to troubleshoot this and bring them online.
Please assist if anyone have gone through this type of issue?
Thanks.
wuts up bro i have problem i have newest retina macpro 10.8.2 2.6 and i even have windows oon there but i need this PGP ASAP plz and thx u i been reading your stuff how to do it but i dont know how to download it or how much it is plz get back to me asap ....and even now i cant even turn off my mac cuz always says put boot dick in and its gray and black and i have hold on alt op get it back
Trying to turn off the Mail Proxies as it reports on the "Reporting, Overview" page that it's on, yet we have no licence for it and it states on the Mail, Proxy tab that its disabled.
Yet since putting the 10.2.1 client on to a users machine (Universal Server is still 3.1.0 Build (860) its just the client pup file we uploaded to the server ) the user has reported they are getting e-mails from PGP with the following:
Subject: Undeliverable: FW: I'VE BLANKED THIS OUT FOR PRIVACY
Your message did not reach some or all of the intended recipients.
Subject: FW: I'VE BLANKED THIS OUT FOR PRIVACY
Sent: 16/01/2013 14:31:00
Message delivery failed. Please check PGP log for details.
The original message is embedded in this non-delivery report. Click Send Again to see the original text and have the opportunity to re-send the message. If the problem persists and you still receive another non-delivery report, please contact your administrator for details.
Looking at the clone I took before I put the patch on, nothing appears to have changed on the server, it's all the same as before I uploaded the pup. So I'm wondering if this is totally unrelated.
When I can get the log off their laptop for PGP I'll be able to post what that says as well.
Anyone any ideas about this? According the help file, if your licence doesn't cover mail proxies then its not enabled, yet as you can see, on the reporting page it says its enabled.
We need to update a filtering policy to have multiple conditions. We are currently blocking all executable files with a content filter rule that says:
Condition: If the attachment or body part is in the attachment list "Executable Files"
Action: Delete Message
We have some senders who should be able to send us executable files. We have created a dictionary which is a mixture of email address and domains. We want to use specific email addresses when possible to limit the number of addresses that can send us EXEs. The condition section that lets you filter by dictionary makes you choose between email addresses and domains so I haven't been able to build a complete filter that has both sub conditions
What I need to create is a condition that looks like:
If the attachment or body part is in the attachment list "Executable Files"
AND (
If text in Envelope sender part of the message header does not contain Domain name from dictionary "Active Content bypass"
OR
If text in Envelope sender part of the message header does not contain email address from dictionary "Active Content bypass"
)
Any thought on how I can achieve this?
Hi,
I have set-up Tiered dashboard update job that is failing when executing at scheduled times, manually running it works. The job status details says that password does not exist for user and that I should specify a password for scheduling jobs. However the user name reported is not my user name but the ccs service account user name which is strange because I created job under my account.
The problem here is that I can't log in to the server under service account (not allowed by the company policy) to open the console and update the password for the service account.
Does someone know how to fix this?
Hey,
I have a problem with SEP12 and terminal services where by the sessions started by users don't end after a user has closed the session. The TS session remains open. Has anyone come across anything like this before?
Thanks
J
Hello,
Our SEPMS are setup to forward events to SSIM and then they get distributed from there. There is now a requirement to be notified anytime an application is installed and removed on any workstation. Can this be setup via application and device control policies? if so any suggestion or guidance will be helpful.
Adam.
good
I have implemented SEP 12, my question is if I can set a policy that I check the md5 hash, ie if it is modified block
thank you very much
Hello,
We have several mail policys setup to automatically encrypt email if certain rules are fired...i.e. credit card or social number in the "body of the email". My question is when attachments are sent with this information (credit card or social #) and the email body does not contain these items, the eamil is sent unencrypted. I thought PGP would catch and encrypt these attachments. Is there a rule/policy I need to configure for this? Or do all attachments need to be PGP zipped before sending. Thanks, Caribou.
