We are unable to update virus definitions on our Email servers through Live Update. This has happened after the version upgrade to 8.0.5 for AIX.
Sometime it updates the definition while most of the time the session terminates with the error "Unknown Error".
We have AIX 64Bit , Domino Server 64Bit , SMS DOM 64bit. 
Once we already remove SMS DOM and re install and it work for a day or so but again its not working.

Can any one help me out this regards.

Regards
Saqib Alam | Sr.Sytems Engineer

Hi in our client server antivirus definition are not getting update.we are using SEP MR4.i download the manual update definition from symantec site.but its not getting update..

Hello All,

I have been having a bit a trouble (just like all of us on this forum...).

I have installed SEPM on 7 servers.... (Let's call them Server1, Server2, etc...)

Server1, 2, and 3 actually replicate. Server4, 5, 6, and 7 do not.

Server1 is my main server. It's the one that connects to the internet to get the LiveUpdates.

On Server4-7 I have noticed there is no SEMP Service in the Services snap-in
When I try forcing a replication from Server1, I get error code 0x80020000
When I try to log into Server4-7 locally onto the console I get a 'Failed to connect to server' message. I'm assuming this is because there is no SEPM service.

When installing SEPM on all the servers, I cannot exactly recall which ones I have installed with the recommended website settings and which ones with the default website.

I have tried googling for days.... weeks even, but still no luck. Can someone help shed some light on this issue?
This has been dragging out for way too long and there are computers in the company that are not protected!!!

Thank you all in advance

Hello All,

I have been having a bit a trouble (just like all of us on this forum...).

I have installed SEPM on 7 servers.... (Let's call them Server1, Server2, etc...)

Server1, 2, and 3 actually replicate. Server4, 5, 6, and 7 do not.

Server1 is my main server. It's the one that connects to the internet to get the LiveUpdates.

On Server4-7 I have noticed there is no SEMP Service in the Services snap-in
When I try forcing a replication from Server1, I get error code 0x80020000
When I try to log into Server4-7 locally onto the console I get a 'Failed to connect to server' message. I'm assuming this is because there is no SEPM service.

When installing SEPM on all the servers, I cannot exactly recall which ones I have installed with the recommended website settings and which ones with the default website.

I have tried googling for days.... weeks even, but still no luck. Can someone help shed some light on this issue?
This has been dragging out for way too long and there are computers in the company that are not protected!!!

Thank you all in advance.

Dear all,

I have a question about the strip attachment action with the compliance policy.

I have created the compliance policy for stripping the attachment of the exe extension.

I have gotten the results like below message body, recipient side.

Some parts of this message were removed because they violated your mail server's policies.
putty.exe was removed from the message because it violates your mail server's policy.

I want to remove this comment from the message body.
How can I remove this?

* My compliance policy is:
1. condition
    If the file metadata is in the attachment list ".exe file delete"
2. Action
    Strip attachments in list ".exe file delete"
3. Group
    one group
4. Direction 
    Outbound 

Thank you.

Best regards,
Fossil

I have 2 management servers, one of them is acting as the SQL Server too (primary server - Win2000 Server). Both servers also run SEP clients. When I was upgrading (SEP11 RU4 to RU6), I stopped both SEPM service in the two servers and during the upgrade of the primary server, the installation stopped and it said that LiveUpdate was running. So I further stopped all other Symantec services on both servers.

When I was upgrading of the primary server finished, I finished the installation without checking the check boxes to start the SEPM service and SEP client and continued with the upgrade of the second server (Win 2003). Near the end of finish screen just before enabling the SEPM service and client on the second server, I switched back to main server and restarted the machine. Back to second server and finished installation after the main server is on and then also rebooted the second server.

The installation on the main server was a success, however, whenever I use the SEPM console on the second server I got the following error: See pictures attached... (Picture 1 is later followed by picture 2 after several seconds.)

I'm not sure if the upgrade sequence causes the error and have tried using Repair on the second server but to no avail. Any idea how I can fix it?

Thanks

 

I organized my start menu.  I put many shortcuts in a System Tools area including the Endpoint shortcut.  Now, it constantly tries to reinstall itself.  I found the same question here http://www.symantec.com/connect/forums/remove-start-menu-shortcut, but the answer does not work for me as I don't even know what he means by "go to Admin".  What are the client install settings?  I am a client and when I installed it, there was no option like this.  How can I just disable this "feature"?

We recently upgraded to RU5 (I know wer are behind the curve) and ran into the problem with the RU5 client (11.0.5002.0) and Power Builder apps.  Thanksfully we were able to get the 11.0.6000.550 client version in a relatively short timeframe and were able to upgrade quickly.  However, if that option wasn't availible how would we go about rolling back the version to one that worked for us?  Similar to rolling back DATs but for the client itself.

Thanks...

Hello,

For security reasons our company locks down the "Program Files" directories related to symantec. (Program Files\SAV, Program Files\Symantec, etc) The permissions are Administrators and System Full control and Users get Special access (Traverse Folder/Execute file, List Folder/Read Data, Read Attributes, Read Extended Attributes, Write Attributes,. Write extended Attributes, Read Permissions). This has worked wonderfully with SAV 10 and below.  Now, we have been testing the use of SEP 11 on our servers and have noticed a lot of Failed object access and writes.  I think its web server related.  It seems that now that IUSR needs the ability to write to the SEP directories.  I can't seem to disallow the use of Anonymous access via IIS because the SEP Management tool breaks.  Is there a listing of directories that the web server needs write access to?  That way we can open only what is necessary to run the web based administration tool.  The other more preferred method would be able to manage clients and such with an MMC(non-web based) like previous versions. 

Any help would be greatly appreciated.

Chris

I have built a SEPM server to upgrade our SAV9 system to SEP 11.  I wanted to use the SEPprep tool to remove all other AVs and install SEP11.  I have copied and pasted the SEPprep.exe and SEPprep.ini files to the install package I want installed.  The name of the setup.exe has been renamed to SEPsetup.exe and the SEP setup file has been renamed to setup.exe.  The ini setting are as follows:

[Settings]
ShowGUI=y
ShowMessageBox=N
MessageBoxText=Prepairing your system for Symantec Endpoint Protection 11.0.  During this process other antivirus products will be removed.\n\nIf you are prompted please fully remove these products.
AutoRunAfterUILoads=Y
AskBeforeRemoval=Y
SilentMSIInstaller=Y
RemoveSymantec=Y
CheckDiskSpace=Y
ResumeAfterReboot=Y
EnableLogging=N
LogPath=
MSIExtraParameters=PASSWORD="symantec"
RunBeforeRemoval=
RunAfterRemoval=SEPsetup.exe

When I use the Migration & Deploymant wizard to push this package out, it starts to uninstall the SAV9 client but asks for the uninstall password.  This is the first problem.  According to the SEPprep documentation, this entry (MSIExtraParameters=PASSWORD="symantec") should automatically enter the uninstall password.  Once I manually enter the uninstall password, it uninstalls SAV9 without any issues.  The PC then reboots.  Here is the 2nd problem.  After the PC reboots, it never installs the SEP 11 Client.  Even though I have this entry (ResumeAfterReboot=Y) in the ini file. 

Does anyone know if I am doing something wrong in the INI file?  Are there any other entries that can help me with what I am doing?  The install does not resume once the PC is rebooted.  The the uninstall password isn't being automatically entered.  Any help would be appreciated.  Thanks.

Greg

Is there a list of each registry setting and what it corresponds to published anywhere for the public to see?

Hi All,

     I have to control this virus in my network ........Could you plaes advise .......

       It is creating new instance of iexplorer .exe and then machine gets dead slow ........

Chetan

Dear all,

I have used the SBG 8.0.3-11.

I have found the following error in the logs on Control Center console.
And the graph in the dashboard doesn't update.

1. Brightmail Client            Unable to open new connection to Brightmail server [127.0.0.1:41000 ID:0].
2. Brightmail Client            Generic message: Could not connect to server.
3. Brightmail Client            Generic message: There is no free connection in pool and no server is ready for connection.
4. MTA                                   bmiInitmessage Failed: 83886082

Is there anybody to explain these logs?
And also what is the effectiveness?

Thank you,

Best regards,
Fossil

I was first having problems where the AntiVirus part wasn't working with SEP and it was causing my computer to have a BSOD, I disabled all of Symantec then restarted, uninstalled, then restarted and tried to reinstall.  An error message is coming up saying it was interrupted before the installation could complete. In the error message it says something about making sure the Internet Information Services World Wide Web Publishing Service is installed and running. I'm not really computer savvy so when trying to help you may have to dumb it down a little for me to understand.

Hi everyone.  I've spent some time reading up on controlling USB devices with SEP and the testing has been going well.  However our environment is in computer mode and from what I have read this needs to change to user mode.   When changing to user mode for selected users, the blocking doesn't quite work as I expected.  I've selected a couple of my test machines and moved them to user mode but this results in still two computers that have the same user name but can reside in different groups and so can have separate policys, when what I was expected was just one username which only has one setting applied to it. 

I understand that you can import your AD into SEP, but this would be quite a big change as our AD is quite granular.  I've also read that you should install clients as user mode.  Does this mean any client installed in Computer mode need to be reinstalled or is the mode change setting all that is required on each client?

Any pointers or advice would be much appreaciated.

Cheers

Sam

I have a SEP 11 group on the console targeting several computers with the same set of policies and policy enheritance is turned off.  There is no SEP Firewall policy in this group.  All the 32 bit computers are using the Windows Firewall.  All the 64 bit computers display a message that the firewall settings are being controlled by SEP11.  ("These settings are being managed by vendor application Symantec Endpoint Protection".)  At present my only 64 bit computers are "Windows 7" and "Windows Server 2008 R2 Web Edition".

The Windows 7 workstation is running SEP 11.0.5002.333 and the Windows Server 2008 R2 Web Edition is running SEP 11.0.6005.562.

Is there an additional setting I need to use on the console to disable the SEP firewall on 64 bit computers and let the computer use the Windows Firewall?

Thanks!

Was curious regarding actions taken on risks:

My first action is set to "delete" second action is "clean"

I'm finding on some machines, the risk has been cleaned. I'm just curious as to why it wasn't deleted as I would prefer that but I suppose something is not allowing that to happen.

Any thoughts?

I upgraded from SEP 11.0.5002.333 to 11.0.6005.562 last week.  I connect to the SEPM server from a Win 7 PC using the Java client.  I’ve beenusing JRE 6u7, because later versions don’t display SEPM properly.
 
Once I upgraded to 6005.562, I uninstalled SEPM from the Win 7 box, and I went to :9090">http://<sepserver>:9090 to reinstall the Java client.  When I did this, I saw that it now wanted to use JRE 6u14.  (Hey, progress!)  However, when I try to connect using JRE 6u14, I get:
 
“Failed to connect to the server.
Make sure that the server is running and your session has not timed out.
If you can reach the server but cannot log on, make sure that you provided the correct parameters.
If you are experiencing network issues, contact your system administrator.”
 
Here’s the catch: I can still logon if the client PC has JRE 6u7, but can’t logon with 6u14.  I’ve tried both versions several times on multiple PCs and the behavior is consistent.  I am not clear how to begin troubleshooting this, and need some guidance.  I’d like to connect using JRE 6u14

Hi.

  We're running CSP v. 5.2.0.519.  Can it be configured to detect USB devices attached to the system?  If so, how?

Thanks,

    Geoff.

Hi,

My company deployed SEP device and application blocking six months ago, and I've noticed thousands of log entries for the same device ID (integrated web camera).  The device is repeatedly enabled, then disabled almost constantly, which is causing a non-stop notification popup for the user.  Now our company blocks imaging devices, like web cameras, so if I can't just exclude the device ID for all of the T410 laptops in our enterprise.  However, I can't keep filling up my logs with enabled and disabled messages either.  I also noticed that the class ID comes back as USB, but the device ID USB\Vid_17 is common for imaging devices, which I thought was strange. 

So I need to find a way to continue blocking imaging devices (web cameras), but avoid this constant enable and disable problem.  The client version is 11.5002.333

Any help would be appreciated, thanks

 

Device Manager Message The device was disabled successfully.   [name]:USB Composite Device   [class]:Universal Serial Bus controllers   [guid]:(null)   [deviceID]:USB\VID_17EF&PID_480D\6&32FEB3AB&0&6 Device Manager Message The device was enabled successfully.   [name]:USB Composite Device   [class]:Universal Serial Bus controllers   [guid]:36fc9e60-c465-11cf-8056-444553540000   [deviceID]:USB\VID_17EF&PID_480D\6&32FEB3AB&0&6