I need a solution

We found that the Google Chrome was logged by SEPM Network Threat protection and Compliance Event. I would like to know if whether Google chrome does contain some malicious traffic or it was just SEPM mist-definite the traffic to trigger the alarm?

I need a solution

I am configuring email prevent with google mail for my company. Exchange was easy and we configured a load balancer correctly and got it to work right off the bat.

Our DCS group is now having issues configuring an F5 to forward the mail through our email prevent server. They say that our F5 cannot see the server and they believe that it is because of the port not being configured correctly on email prevent. The only port that I can think of is under configure and it says port 8100. I tried to set it to port 25 but it will not go that low. Also I have turned windows firewall off till we can figure this out.

 

Has anyone had any issues setting up an F5 as a load balancer to forward mail to the email prevent server? Did I miss and configurations?

I need a solution

 

 

Time Severity Event Type Description 2/5/2012 16:14 Warning LiveUpdate manual task failed LiveUpdate failed. 2/5/2012 16:14 Warning LiveUpdate All process failed to launch LiveUpdate encountered one or more errors. Return code = 4.

 Yesterday I was faced above live update issue but on that time I have got resolution but today I have still not recieve update and below event have generated on server. Pls help

LiveUpdate returned a non-critical error. Available content updates may have failed to install.

I need a solution

Hi,

I would like to know if there will be any problems by using the version 11.0.6300.803 on the SEPM and a newer/the newest version 11.0.7000.975 on the client side. The background for this configuration is that I will stay at 11 RU6 MP3 because of the direct upgrade path to version 12.1. The newest client version was shown up some times ago on the console and therewith I will push that version to all my clients.

 

Regards

Stefan

I do not need a solution (just sharing information)

Our clients use the Kofax Capture 9.0 software for scanning all types of paper.  Our main Kofax server onsite handles the administration functionality and routes the batches (documents) to the clients database so they can be used for retrieval.  Recently our IT department informed me they will be installing Symantec Endpoint Protection Suite Enterprise Edition 12.1 on our web server and main Kofax server.....This makes me worried.

This Kofax software is very sensitive. I was wondering if Symantec had any documentation/configuration guides that would have any important info regarding this (i.e.  Getting started guide, developer’s guide, etc…)?  

I did find this on Kofax's website. QAID 11948 lists some directories that should be excluded.    

http://knowledgebase.kofax.com/faqsearch/results.aspx?QAID=11948

I’m a little worried that when a batch passes through our KFXAC server, the antivirus software might think the batch is a virus and will block it.  I know when you install antivirus you can you can enable a feature called network intrusion prevention.  This basically acts like a firewall but it could potentially stop our Kofax client/server communication.  

If there is anyone out there that knows about this please let me know as we are installing this software soon.

I need a solution

We are experiencing some problems with SEP small business edition 12.1 (clients are running SEPM version 12.1.671.4971).

We receive a lot of emails regarding "Access denied SONAR" c:\windows\system32\svchost.exe" 

I have no idea which program may be the cause for this warning. We have no VPN client software running. Maybe it is the network driver, or other 3th party program...

The problem is you can only enable or disable the SONAR feature in the SMB edition. In the enterprise edition you can change the behavior when such risk as above listed is detected (see image below). We have to find the program that causes this or disable sonar completely to get rid of the warnings. 

 

I've created a case with symantec, to ask if there is a way to list the process id from the svchost.exe. After weeks of troubleshooting, they suggest to upgrade to enterprise edition. There is no way to log more information in the smb edition.

First symantec told that my policies are corrupt, they found some settings which should not be able to set in the SMB edition. This was a clean installation, no upgrade, so I don't understand this. Next step (  I had to this a few times) was to collect logs on both server and affected clients. Nothing was found. I had also to collect some process monitor logs. But a few days later, they told me I had to look in the logs by myself. Symantec doesn't support procmon, but they asked me to send it to them in the first place....

I need a solution

Hi,

 

I have SEPM ver 11.0.6005 and after update some clients to 12.1.1000 not take the latest definitions but all 11.0.6005 take the definitions without any problems, how to force the update to 12.1 clients?

 

Thank you

I need a solution

Hello,

I'm using Symantec Endpoint Protection 11.0.6 version in my enterprise, with 3000 active users on it.

So, i have a question about SEP's Antivirus solution, that it exist some kind of viruses in our LAN which Symantec doesn't see and doesn't know these files as viruses. We've found these files not in two or four users machine, they exists almost on half of Endpoint members.

In general, The case deals with the two virus files, they are: ACC1.exe and Worm.Win32.Generic.

As for ACC1.exe i have submitted this file in the symantec security response team a long time ago - in december 2011, but no results.

I've used also a site virustotal.com to scan these two files and to unsure they known as viruses. Symantec's fields in both cases are blank. Outcome is the following:

• ACC1.exe_.png
• Untitled29.08.11.png

I need a solution

Hi

I want a list of old product versions that exist in the network.

I am getting this report in the monitor tab the same as following way.

but the report is empty.

After getting many different reports i added  "  \* " in group section and it gave me about 6 clients that have older versions.

I mean like the following        "    My Company\Clients\*          ".

but when i check in Clients tab -->Double Click on client-->Client tab -->

I found about 100 clients that have older version procucts like MR6Mp3 - MR5-Mr4Mp2 and ....

Can you please help me to solve this problem please?

Is my reporting wrong or there is a problem?

Thanks

I need a solution

Hello,

We have DLP with Network Discover and Endpoint Prevent modules for 500 node. I need the sizing and long-term retention (archiving) guidlines, as well as database maintenance guidlines to use in our environment - especially that we've recently purchased additional 3500 licenses and are very concerned about storage and data retention needs. For our 500 users, the DB size is approaching 150 GB for a period of about only 6 months!!

 

Any KB article or user manual will be absolutely appreciated.

Thanks.

 

- Moh

• PartnerNet Group

I need a solution

I have a configuration where by 90% of it will be in Site A, with 10% devices in Site B, and a further 2 x network devices in Site C.

Site A and B are in the same country. C is in a different one.

How does this impact the number of Base SSIM Servers required? Will I need a base SSIM server per location, of per region?

I need a solution

Hello guys!  Could you please advise a solution\workaround of the following issue:

I've created a Group and assigned some policies to it. Inside the Group i've imported OU from Active Directory and copied a few clients to the Group. When i'd copied the clients they were shown online in the Group and offline in the imported OU. But after some time (about a day) some of the clients became offline in the Group and online in OU. If i delete them from the group and copy from the OU again - they are online in the Group but afted a few hour they fall back again into the imported OU. How could i solve this strange issue because it's not good to check 2 places to be sure that all of the clients are ok?

Thank you in advance!

PS i've already tried to replace sylink file with SylinkDrop utility - nothing changed((

I do not need a solution (just sharing information)

Hello.

Please, help me to understand the difference between Network Discover Scanners (installation of SharePoint2007Scanner_windows_xx.exe) and Network Discover Scans ( installation Symantec_DLP_Solution.exe)?

For which tasks this packages? Which is more prefer in what situations?

Thank you

I need a solution

hello frndz..

I have given a range IP's  for Symantec client installation in SEPM console. In that, same computer name havig three different ip's. When i was pinging  the same computer name, ping request  shows different ip. What could the problem. And one more problem is i have installed Symantec package remotely in reported PC's. It gets successful message also. But not reporting to SEPM console. Find the attachments for your reference.

• error1.JPG
• error.JPG

I need a solution

Hi,

I need a query to generate what are the changes done on Checkpoint firewall like what rule was enabled or disabled,or some changes done to the existing firewall rule or an new rule was added or not.

regards,

Atul

 

 

I need a solution

Hi,

One of the client PC whenever I do live update it gives error. Error is attached please give me suggestion on that.

6666761

• liveupdate error.JPG

1328522859

I need a solution

I am having a PC which installed SEP client with its self-managed. Now I would like this PC to be under manage of my SEPM without re-installation of client agent. How should I do it?  Anyone can help?

I need a solution

Hi. We have a problem with our SMG. there are some domains, from which we don't receive mail. As I looked at Message Audit logs in SMG I see message:

Rejected message by MTA,
RDNS record for connecting IP has no matching 'A' or 'MX' records

I added corresponding IP to Local Good Sender IP's list, tried nslookup - there is A-record for this IP.

but - the same error in SMG - Rejected message by MTA,
RDNS record for connecting IP has no matching 'A' or 'MX' records

 

How can I make SMG to trust this IP and this domain?

I need a solution

hi,

i migrated some clients from 11.0.6 to 11.0.7 also i moved "Disable USB" policy on new SEPM server...

i tried to test it on my own pc...

i moved my client pc from "Enable USB" to "Disable USB" group... i can still access the usb device...

also i checked that client has assigned new policy (i checked it with policy numbers).

any ideas?

• Disable USB.rar

I need a solution

Hi,

I blocked one USb and allowed other 2 devices in my SEP device control rule..but in security log allowed devices are Showing the log..but blocked devices..no logs? and also i set the notify user option..but that also not working..

But my USb is blocking? How to check?