Im using the console to first find my windows 7 machine. I used the computer name. After searching, I see two Unknown Computers. One is the computer name the other is the ip of the same computer. so I have two listings for the same computer. Ok.

On the windows 7 client made sure that the domain settings in network and sharing had file and print sharing turned on. I'm I missing something on the client? Normally when I do this with xp machines they come up as unmanged computers and am able to push client package. Typically if I forget to check file and print sharing on the xp computer it will show up as unknown computer. I think I'm missing something on the Windows 7 box to let it talk to the SEP console. Any help would be appreciated.

Hi All

I;ve recently started setting up my firewall policy within SEP, I wish to lock down the firewall quite substanially but i need to know which ports to allow for network shares and all domain functions to work properly.

I have searched through google countless times and come up with nothing solid, can anyone help ?

Hi everybody,

I have a problem to install a program (activation key by internet).
The message told me to desactivate my firewall just for few minutes. The Windows firewall is already off so I guess the problem come from Symantec Endpoint.
So I go to the following page: 

And I try to go to Network Threat Protection to desactivate the firewall or to made a exception for my software I try to install but from this page I could not access to the settings ...
I am on Windows XP, I am the administrator of my laptop but I have no idea how to fix this problem? 
Have you some advices? 

SIncerely

Hollow

I asked this question before but I don't think I got an answer.

I have the latest SEP installed here with the Antivirus and Antispyware and the Proactive Threat Protection installed. The definitions are up-to date and Auto-Protect is enabled. But it's been happening a little to often lately where clients are getting this "Antivius XP Pro" malware taking over their system. Earlier this year I've had a few similar problems with "Virus Shield" doing this same thing. Why isn't SEP catching this? Is it not designed to catch malware? Am I missing a configuration somewhere? Is there another SEP app I don't have installed?

Please help with some advice. Thanks.

Hi

One of our customer wants to install Symantec™ Endpoint Protection for Windows® XP Embedded 5.1 in their new office network
The network comprises of One Server and 25 Thinclients. Is it possible to install and deploy Symantec™ Endpoint Protection for Windows® XP Embedded 5.1 in this scenario

Regards

Rahul Krishnan

The SEP 11.0.5002.333 client is installed on a new SBS 2008 server and all of the clients on the domain. They use Sage Ver 11.01 on several PCs and the data is stored on a shared folder on the server. Sage runs unacceptably slowly unless I disable the SEP Client on the server. It makes no difference whether or not the SEP client is activated or even installed on the individual PCs. I have tried excluding all of the Sage folders from the virus check. Oplocks are enabled and SMB signing is disabled. Is this a problem with SEP 11.0.5002.333 client? IT was never this bad with previous versions.

 

Hello All,

I need some advice on how to troubleshoot a problem that has started to occur recently with our SEPM installation.  We are currently using SEPM 11.0.2000.1567, which I am sure many will note is an old old version.  We did look at upgrading to the latest MR some time ago, but I believe it was to MR3 which from memory required more work then it was worth (recollection of having to upgrade to MR2 first the MR3 with some database related procedure needing following too), as we where having no problems (until the fabled New Year virus definitions bug that occurred) it did not seem that the effort required would return a tangible benefit.

Alas now we have a problem, which before I upgrade to MR5 (I believe it is the current version) I need to identify the cause of the problem and validate that MR5 will resolve the issue.

The issue is as follows, on a daily basis we open up the SEPM console to perform various management tasks, after entering the username and password to connect to the SEPM console, the progress bar is shown and it states it is loading, but it never proceeds further then a third of the way, no matter how long we leave it.  To resolve this the Symantec Endpoint Protection Manager service needs restarted and also the Symantec Embedded Database service needs restarted.  However when restarting the Symantec Embedded Database service it does not stop therefore the dbsrv9.exe process needs killed to force the restart of the embedded database service.

As a test I left the SEPM console for a week in the hung state to determine if it effects client computers, it does they fail to retrive the daily virus definition updates so it is not just the console application that is failing when this issue occurs, it appears to be the whole SEP environment.

My question is, how do I trace the cause of this, I know the SEP environment creates log files for various functions but reading them (as they appear to be in Java/Tomcat speak) is something that is above my level of knowledge?  Also I dont know which log file of the many thier is I should be looking at (I looked at all of them and some do have errors reported) Can anybody help?

Also we do run the SEPM console on the same server we have WSUS installed on, however the WSUS management website is using port 8531, the only WSUS related system running on port 80 is the virtual SelfUpdate directory (which has to be running on port 80 for end clients to be able to update to a new version of the Windows Update Agent when WSUS has a new version to deploy).  As this uses a specific URL path (http://windowsupdateserver.dns.name/SelfUpdate) I dont beleive running this virtual directory in the same website as the SEPM console has any effect?

Thanks.

Gary Hall.

Buenas.
Desde que actualice mi Symantec endpoind protection manager a RU5 tengo problemas con todosl los GUP.
Ningun GUP actualiza la base de firmas si esta ubicado en su sitio GUP con su politica y las maquinas no me cogen las actualizaciones ya que su GUP no actualiza.
Si al GUP le pongo la politica del servidor central, Actuliza las firmas ese servidor GUP, pero deja de ser servidor GUP.
Los clientes estoy testeandolos con la aplicacion sylinkmonitor y veo que me dejan unos errores como:

ERROR EN UN CLIENTE
03/10 11:07:04 [1372] ************CSN=10911
03/10 11:07:04 [1372] <MakeGetGlobalIndexUrl:>Request is: action=310&hostid=A766F124A9FE146601DB8F8E479CF1F6&chk=177B03CDDDB7AB3CA12D1C943E9CA1BC&ck=0277CCE06DECBA8A4C4A550657C88889&uchk=F0FA6E8C3D0F3564CB145D9AFCF534C0&uck=9ED90D09A6C255B770E58FBB03544362&groupid=E91E7C9EA9FE1466001978D44ACA9FE2&as=10911&cn=[hex]5A414D304E303032&lun=[hex]41646D696E6973747261646F72&udn=[hex]4C6F63616C436F6D7075746572
03/10 11:07:04 [1372] <GetGlobalIndex:>http://ANTIVIRUS:8014/secars/secars.dll?h=D4EECBA33ABC20BC9CEE518B3DD99B77B08C002AC3AB647C539F0147DA0B3E1A0155AE499E80A6512BF16B0566EE1C1C8B9E046CF850F72950998BEBC133A0F8B25844B22287E71C718419A083409133268A6B0C88CCA014DD4BCA818C7FD00644F9026EDE08ED3D065453A0D4AA29A6369CB076E048EB69F5D68ABC82C867720D1BE6A63B974E7DAE0267CFC2E4840B11FC6E03D2AEE1FB3891D680800E39C60AC339AD41132045BAB613A42658C396807F8CC7EE2AF572C73BB1BE3EC3A332C240AFD3112B5B3B6FE7BD547CE2ED11AEF24CBF59FB6A83B9EFEDFA564E8CF4CA818BB189B993861AE5D566923CB4280CC85D2AA23DEB30B4309B4B5A49FDA8C4692A5668FA0C74FF64BE2035A47ECEBB0CCDB5ED7BBDA13C55E8F34FA5F9B49CED66F07744D0F49CD032B07CF7C9AB2E6DF641A74D124C5FF1472DDD6508445DDF9B0D016DF4D4C6366E2E3E713620F790905D102EB19104D9F883959BAD81
03/10 11:07:04 [1372] <GetGlobalIndex:>SMS return=500
03/10 11:07:04 [1372] <ParseHTTPStatusCode:>500=>500 INTERNAL SERVER ERROR
03/10 11:07:04 [1372] HTTP returns status code=500
03/10 11:07:04 [1372] Content:
03/10 11:07:04 [1372] <GetGlobalIndex:>RECEIVE STAGE COMPLETED

ERROR EN OTRO CLIENTE
<mfn_LiveUpdate> EVENT_LU_REQUIRE_STATUS returned ERROR_SYSTEM_UNKNOWN - Ignore LU content. Moniker: {1CD85198-26C6-4bac-8C72-5D34B025DE35} Seq:100308057
03/09 13:52:56 [3104] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
03/09 13:52:56 [3104] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=1
03/09 13:52:56 [3104] <mfn_LiveUpdate> EVENT_LU_REQUIRE_STATUS returned ERROR_SYSTEM_UNKNOWN - Ignore LU content. Moniker: {42B17E5E-4E9D-4157-88CB-966FB4985928} Seq:100301001
03/09 13:52:56 [3104] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
03/09 13:52:56 [3104] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=1
03/09 13:52:56 [3104] <mfn_LiveUpdate> EVENT_LU_REQUIRE_STATUS returned ERROR_SYSTEM_UNKNOWN - Ignore LU content. Moniker: {D3769926-05B7-4ad1-9DCF-23051EEE78E3} Seq:100301001
03/09 13:52:56 [3104] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
03/09 13:52:56 [3104] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=20
03/09 13:52:56 [3104] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
03/09 13:52:56 [3104] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=20
03/09 13:52:56 [3104] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
03/09 13:52:56 [3104] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=20
03/09 13:52:56 [3104] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
03/09 13:52:56 [3104] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=1
03/09 13:52:56 [3104] <mfn_LiveUpdate> EVENT_LU_REQUIRE_STATUS returned ERROR_SYSTEM_UNKNOWN - Ignore LU content. Moniker: {DB206823-FFD2-440a-9B89-CCFD45F3F1CD} Seq:80820001
03/09 13:52:56 [3104] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
03/09 13:52:56 [3104] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=20
03/09 13:52:56 [3104] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
03/09 13:52:57 [3104] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=0
03/09 13:52:57 [3104] <mfn_LiveUpdate:> Agent returned closest matching seq: <None>
03/09 13:52:57 [3104] <Add2LUFileList:>Adding LU Info to LU Download File List: {4F889C4A-784D-40de-8539-6A29BAA43139}91111048
03/09 13:52:57 [3104] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
03/09 13:52:57 [3104] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=1
03/09 13:52:57 [3104] <mfn_LiveUpdate> EVENT_LU_REQUIRE_STATUS returned ERROR_SYSTEM_UNKNOWN - Ignore LU content. Moniker: {CC40C428-1830-44ef-B8B2-920A0B761793} Seq:100308020
03/09 13:52:57 [3104] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
03/09 13:52:57 [3104] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=0
03/09 13:52:57 [3104] <mfn_LiveUpdate:> Agent returned closest matching seq: <None>
03/09 13:52:57 [3104] <Add2LUFileList:>Adding LU Info to LU Download File List: {812CD25E-1049-4086-9DDD-A4FAE649FBDF}100308020
03/09 13:52:57 [3104] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
03/09 13:52:57 [3104] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=1
03/09 13:52:57 [3104] <mfn_LiveUpdate> EVENT_LU_REQUIRE_STATUS returned ERROR_SYSTEM_UNKNOWN - Ignore LU content. Moniker: {E1A6B4FF-6873-4200-B6F6-04C13BF38CF3} Seq:100308020
03/09 13:52:57 [3104] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
03/09 13:52:57 [3104] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=0

Alguien podria ayudarme.???
Gracias

• CLIENTE.txt
• CLIENTE2.txt

We have purchased the licence for installing Symantec End point 11.0
I have succesfully register the product and I received my account username and password.
Also I have succesfully download the software using the "fileconnect" service.

So I got two compressed folders:

Symantec_Endpoint_Protection_11.0.5_AllWin_EN_CD1.zip
Symantec_Endpoint_Protection_11.0.5_AllWin_EN_CD2.zip

what is exactly each folder is related to?

I have opened the first folder and proceed the installation from there

It doesn't ask me for the license file (.slf)  which i have received??

Do I have to copy the licence file to a specific location within Symantec folder directory?

I tried to search about this every where and I come to the conclusion
 that it doesn't required activation with the license key.

Am I right, if that is true why symantec is providing the key file?

Thanking you all in advance.

Khalid
 

3692101

Hi support ,

If my office PC run WinXP SP3 and 2 x harddisk ( disk mirror ) , so May I install SEE RS client ( framework + removable storage) in that PC ?
Any limitation about array setting in client side ?

Regards
SEEuser

Hi All,

We have about 700 clients connecting to one SEPM server and they are in the same LAN.  For virus definition (as well as other content) updates, we use the option "Use the default management server (recommended)"and do not use LiveUpdate for the clients.  However, we have found that the update schedule of the clients varied greatly. 

For instance, the SEPM server retrieved the update-to-date virus defintion at 08:00am, when the clients were started at 09:00am, only some of them retrieved virus definition updates from the management server immediately.  For other clients, some of them retrieved the updates at 01:00pm and some of them at 05:00pm.  The update time is consistent, that means clients retrieving updates at 01:00pm will always retrieve them at around the same time, no matter the server is busy or not.  Also, we have checked that the server is not busy all the time.

So, may I ask what's the update interval and schedule when using the options "Use the default management server (recommended)"?  Also, are there any ways to speed up the virus definition update?

Thanks a lot!

Dennis

Ok - So I had a failed SEPM server and the DB was screwed.

I managed to get it up and running again and convert it to a SQL DB. The secondary server was so out of date as it hadn't been replicating that it was useless.

Anyway, since setting the server back up I've got only a handful of clients contacting the SEPM server - no one else has, we're talking like 2000, no green dot or anything.

I've tried importing the communication settings with the sylinkdrop tool, but it doesn't work, still no green dot.

I reset the server certificate as documented when I rebuilt the server....so I don't understand.

What can I do to re-establish communication with the SEP clients?

cheers

I recieved a notification from my machine today and would like your analysis on it. please see attached

• notification.doc

Hi,

Is there any way to delete seleted incidents from the database? Not only the old ones, but for example, only the false positives before some date.
Can in be directly done with sql commands??

Thank you.

Dear ALL,

We have the following (RMS With Bv-control For Exchange Server only), can i query for File and registry if yes can you help me i try all the query but i did not find any ?

or Can i Query for The Status of Protocol i.e. (SMTP, HTTP)

Thanks
Samir

Our setup here has a sepm server, sav server, and mail security for exchange on our exchange servers. Our outbound connections are low bandwidth and high latency. SO in an effort to consolidate we are trying to migrate everything to pull from a single liveupdate administrator server.

The lua server is set up and trying to work, however it has issues downloading any kind of larger file. The behavior of the sepm server of breaking any kind of download into smaller 3.something meg chucks allowed it to work flawlessly, is there any way for lua to duplicate that behavior?

Dear Team,
 
Kindly let us know that can we block the Print Screen button or any keyboard function (i.e. Scroll Lock, Num Lock, Delete, Pause, Break) which is available on keyboard through Symantec Policy?
 
Waiting for your kind reply.

Regards,
Tech Guy

What will happen if number of mailboxes exceed the license?

It still protect all users, protect only some users or fail to protect?

This is possibly a one-off and its not at all certain whether Symantec Mail Security is even at fault, however I had an issue this morning on our Exchange 2007 server that has caused me a little grief, so I thought I should document it here and ask others to comment.

My environment:
Windows Server 2003 64-bit and Exchange 2007 with all the latest SPs and patches

Recently I had cause to install/configure NFS on this server, which does triple duty as both a mail server, file server and domain controller, so that we could store files from off our VMware servers.  It was all working swimmingly until this morning.  Sequence of events as best I can piece it together:

24 FEB ... upgraded from v6.0.9 to v6.0.10 of Symantec Mail Security for MS Exchange
26 FEB ... Windows Updates installed, including .NET Framework 3.0 SP2
01 MAR ... server was rebooted
05 MAR ... minor changes made to Default Domain Policy (reverting from customised back to default password values) resulting in many domain users needing to undergo a password change
10 MAR EARLY MORNING ... server stopped sending email

People reported mail being stuck in their Outlook Outbox.  This error was in the logs:

The execution time of agent 'SMSMSESMTPAgent' exceeded 300000 (milliseconds) while handling event 'OnEndOfData'. This is an unusual amount of time for an agent to process a single event. However, Transport will continue processing this message.

I then tried manually stopping all the Exchange services, however the Information Store process would not stop.  After waiting about 15 minutes, I eventually had to reboot the server.  After the reboot, Exchange was working fine again ... but ... it started throwing Event ID 4004 errors relating to "Server for NFS" service. 

NFS services would not start.  As we are not using NFS much now, I have uninstalled it, so not much harm done, but I am at a loss to understand what happened to the server which triggered this issue.

I couldn't find many specific matches on the error messages when I Googled, however one of the suggestions made was that the NFS problems might be related to RPC issues (e.g. RPC finding itself on the 'wrong port' which makes NFS get confused).  I am pretty sure that Symantec Mail Security for Exchange utilises RPC in some way.  But there's a 2 week gap and a lot of activity between the upgrade of Symantec Mail Security and the issues which hit this morning.

So am wondering whether there have been any updates released recently which have caused anyone else any grief with Exchange 2007 or with NFS.

I have a client from a previous post that is still having problems with their install of SMSMSE 6.10.295 not stopping test EICAR virus files.  I most recently went to:

http://tools.declude.com/

I am going to the 'Virus Tools' and 'Test Messages' section, entering the email address in and choosing 'eicarencodedzip - To test if encoded ZIP files are blocked' from the dropdown.

When I send this, they receive this file, which is getting passed their 3rd-party anti-virus, anti-spam provider (MailMax) and then gets passed SMSMSE.

Can anyone let me know how to fix this or how to re-configure SMSMSE to stop and block this virus test?

Thank you!

Michael

• Declude Website.JPG