Hi There,

I have few major enquiries on the SEPM and the Endpoint Client Security. Please find below :-

1)I just wonder why my network environment becomes slower upon the implementation of Endpoint Client Security to all my desktops in my environment.I frequently noticed a notifications stating an internal and external IP try to attack (Anyway It was denied by Symantec Protection) and when checked in the Logs section, there are lot of attacks in a seconds or two.

2)This is a major setback that i have encountered with Symantec Protection, in such cases whereby a pc was infected with particular virus (mostly are worms and trojan) and was scanned with Symantec unable to detedct & clean but i have tested scanned with another Anti-Virus party able to detect and cleaned it permanently.Why this is happening?

3)SEPM do have full comprenhensive report on the SEPM interface such 'Home' and 'Reports', whereby giving the notifications pc's that effected with graph's and figures but the end of the day, SEPM giving a partially information of a host trying to attack and spread malicious code.

Please assist me on this please, as I have contacted the Helpdesk of Symantec Endpoint on this matter but it was not resolved.

Thanking in advance,
mk

we use embeded data base in our site but its fails many times log file is attached here for any needfull idea

regards

• dblogs.doc.doc

• South Florida Security & Compliance User Group

we use embeded data base in our site but its fails many times log file is attached here for any needfull idea

regards

• dblogs.doc.doc

• South Florida Security & Compliance User Group

we use embeded data base in our site but its fails many times log file is attached here for any needfull idea

regards

• dblogs.doc.doc

• South Florida Security & Compliance User Group

on my site Sepm embeded data base fails log file is attached

any advise that need full for me

<Try using the correct forum and then specify product version, platform, and any other information leading up to the error.

• dblogs.doc

on my site Sepm embeded data base fails log file is attached

any advise that need full for me

<Try posting in the correct forum!>

• dblogs.doc

Hi all,

Whether SEP aunthnetication can be integrated with our exisiting Active Directory Windows Login (Domain Login) aunthentication.
Currently we are using separate User ID/Password to authenticate to SEP console, than our Domain Login credentials. We would like to have same login credentials, to authenticate to SEP. Let us know the possibility and implcations, if this is to be implemented, effectively

All antivirus scan mass storage devices automatically but, Symantec couldn’t.
Symantec AV have any plan for same next release?
 
 

Hi All,
 
I need upgrade SEPM MR5 to MR6A. I am using SQL2005 for database.
What is best way to perform this activity?

LiveUpdate Server get the update in a large size. It consumes all the bandwidth in my office. Is there anyway to perform the QoS on the LiveUpdate Server?

I tried the Windows QoS but it does not work.

I would like to install End Point Protection on a group of servers for anti virus protection. How should I configure End Point on the servers so that I don't cause any productivity/performance issues? The various servers are:
2003 Small Business Server with Exchange and SQL,
64 Bit Database Server with SQL 2008,
2008 Small Business Server.

One of the laptops I manage which has Symantec End Point Protection, now issues warnings it blocked an IP address and TidServ Request was detected.  Also when I power up I get this error; Rundll missing module: dddbba.dll.  I have run Sybot, MalwareBytes and the Symantec visrus scan - all come back clean.. The computer operates normally except for the Symantec warnings.  I suspect there is a problem in my registry - have run "registry programs" they indicate errors - but not registered the sofware - not sure if this is the right solution.

Anyone can help me?? please let me know - Mike

So, like many others, I am having an issue re-installing SEPM on my ADC.
Server 2003.
Definitions decided not to load today.  This was the only machine out of dat definitions.
So, I decided, uninstall -> Reinstall.  No big deal, done it many times before.
*******
Add/remove Symantec, plug-in password for uninstall...  After a while, I get: "Fatal error..."
Nice, Symantec won't start.
Can't be upgraded.
Service running, but no task in the task manager.
No more icon in the tray.
********
Like any one else would, Clean Wipe time.

That was a mistake.  Something else went horribly wrong there.
Upon reboot, the machine no longer had any network communications.

Command Prompt: IPCONFIG
"Windows IP configuration"

No big deal.  Went over to the machine, logged on locally
NETSH INT IP RESET LOG.TXT
reboot
Re-enter IP information (no DHCP)
Machine lives again.

Tragedy averted.
******************
Reinstall Symantec time:

Event ID: 11708 MsiInstaller
Product Symantec Endpoint Protection -- Installation Operation failed.

Unfortunately, login here is setup to "flush" the temp folders on login.
The temp folders are used for deploying software and can add up to a lot of information quickly.
So no sep-install logs as of yet.
Gonna have to wait a few minutes for those.

I'm currently having an installation issue with Symantec CSP version 5.2. When installing management server the following certificates are not issued agent-cert.ssl, server-cert.ssl, and ui-cert.ssl. I have started a completely fresh installation of Windows Server 2003 Enterprise Edition on a test server. After installing Server 2003 the first application I installed was SQL Server 2005 SP1 following the Symantec CSP installation guide (create a new instance, configure to use mixed mode, set the sa password, register the instance of SQL, and verified NamedPipes and TCP/IP are enabled). After SQL was installed I went ahead and installed CSP. When no error messages popped up or appeared in the application event log I assumed it installed correctly. I went to check the symantec/critical system protection/server folder for the certificates and noticed that they were not issued. I have also verified the test server meets the necessary hardware requirements.  I also removed the current security policy, checked folder permission, verified necessary services are running, and disabled GPO's applied to the test server. I have not installed any patches or hot fixes on the test server either.  

Does anyone know of a step that I may have missed in the installation process or does anyone know how to manually create these three certificates: agent-cert.ssl, server-cert.ssl, and ui-cert.ssl? Any help would be greatly appreciated.

So I normally accessed the SEPM from my machine instead of logging on to the actual server.  Ever since I removed LUA, I am getting the following error.

This program cannot display the webpage 4276661 1280431803

When I was testing SEPv11 RU5 I remember the email notifications showing the SEPM console login name @servername.com. (i.e. Admin@SEPSERVER.com

When we upgraded to RU6/RU6a all of the notifications began to show the following address in the To: field - servername$@servername.com (i.e. SEPSERVER$@SEPSERVER.com

Is there anyway to change the To: email address or name being used?

Has anyone seen DNS requests for usb.mizitike.info be correlated to malware activity?

I have inherited a SAV 10 environment with a Netware Primary Server and no SSC.

I have installed SSC on a new machine. I can see the server group, but the password is undocumented (and it's not the default).

The iForgot.exe tool says to consult the knowledge base when dealing with Netware Primary Servers, but I cannot locate any info.

Can someone please point me in the right direction?

Hi,
This is a brand new installation - first laptop to be tested. I've got the client installed on a Win XP SP3 machine. When I go in to the SEE User Client and I click on Check In Now it starts searching for the SEE Management Server and it never finds it. Not seeing any events in the event log. The encryption process has not completed at this time - still running.
Thanks.

I am currently looking at the possiblilty of replacing our CSA 5.2 deployment with the functionality of the SEP11 components. I have created application control rules and also used the System Lockdown feature with Fingerprint lists.

However what I need to avoid is the Windows errors recieved when trying to launch a blocked application.  For example with Wordpad blocked in System Lockdown and using the run command to launch wordpad.exe the following error is recieved from a Windows popup window:  "The Handle is invalid".

This occurs with every application that is blocked. CSA does not cause windows errors it just blocks it and you get a notification from CSA that the application is blocked which is what I would like to achieve from Symantec rather than an ugly Windows error.

Anyone ?

• error.JPG