I'm using SEP sort of like wireshark one some computers to try to nail down what's hammering our network - I'm looking to see if it's anything between SEP on clients and the SEPM servers that's doing it.
I go to the console, made a test group, changed that group to mixed control
I create a firewall rule at the top for that group only that is set to all/everything, and write to packet log.
Back on the server, I open SEP, then choose view logs, then NTP logs, packet log.
Usually it shows up blank. Then I switch between local view and source view, and then it will populate the screen. If I hit refresh, the log may appear empty until I toggle between local and source, or hit refresh again.
When it IS showing all the packets, then I should be able to highlight a packet and see what's in it in the lower panes in the log view, much like wireshark does. And it usually does, then I'll click another line and it will show nothing below.
I click several lines, it shows nothing. Then I hit refresh again or toggle between local and source, and then I can click and line and see the content once again, or, it might do worse and present me with an empty log screen!!
Anyone know what's up?
And - what the difference between local and source view in these logs? Looks like it gives the same info?.....................

SEPM and SEP RU6a on clean new 2008 R2 64bit VMWare servers.

This sort of logging works perfectly on clients I'm doing it on, no issues.

Hi,

I'm having a problem with SEPM on SQL 2008 Express R2 on a remote machine, my SEPM was runing on SQL 2008 r2 dabase locally and I decide to move the database to another machine to have the dabase remote and after create an Failover with another SEPM, but the problem started after i desatached the database from de the local machine and attach on the remote machine, on my understand after I attach the database on another machine I need to create on the SEPM a SystemDsn path and than run the run the Server Manager Configuration Wizard again. However when i did that on the Server Manager Configuration I put the all details of the server database and the user sem5 and pass but when i click to create i was getting an error "unable to add the server" and on the log events i was getting an error java-1 also. After hours trying I decide to unistall the console and than install all again but using an existenting sql database worked but my console is taking to long to log in and the first three buttons do not work like home, monitors only appears a black page I've seen some kb that says to create the systemdsn and run again the Server manager configuration wizard to sort out this problem but for me did not work also. I don't know if the problem is the SQL because is the r2 and is 64bit but was working locally.
The SEP I'm using is the RU5

Does anyone have any clue to give a hand.... thanks

Hi,

We're using Kerio Connect mailserver that integrates with Outlook through Kerio Outlook Connector that is a piece of software that is installed on all our computers. This connector caches all mails, calendars and contacs in a database file called STORE.FDB and it's located in a folder in the users profile.

I would like to exclude this file or the whole directory that it's located in from scanning and I would of course prefer to create this exclusion from SEPM so that I don't have to walk around to all computers and create this exception for all users on the computers!

The challenge is that the file is stored in (on Windows 7) C:\Users\[username]\AppData\Local\Kerio\Outlook Connector\[some random numer\STORE.FDB. Can I specify something like %USERPROFILE%\AppData.... in the exception? If not then how do I do this?

We're running SEP 11.05.

Regards,
René Frej Nielsen

Hello, first time posting here.

I have a W7 64-bit Ultimate and got a copy of unmanaged SEP11 from my school. It all worked out fine until few days ago. The LiveUpdate stop working with error messages and could not obatin updates at all. After tried repair option in the installation, still no luck of getting it to work. So I uninstalled them (both SEP and LiveUpdate) from Control Panel and rebooted the computer. Was hoping the reinstallation will fix the problem but somehoe it's not going good at all.

During the reinstallation, at first it went really fast and well (i7 CPU, 4gb RAM), but toward the very end when it almost finished the installtion, the whole process retracted itself. I saw the process green bar from 100% droped to 0% in seconds!

So I thought I must did something wrong during the uninstallation, I download the Cleanwipe tool and went through the whole process. Rebooted the computer afterward and performed reinstallation again.

Same thing happened again.

If anyone has a fix or know what's going on, please reply. Your help is deeply appreciated.

Action ended 12:08:25: LaunchConditions. Return value 3.
MSI (c) (C0:CC) [12:08:25:005]: Doing action: SetupCompleteError
Action 12:08:25: SetupCompleteError.
Action start 12:08:25: SetupCompleteError.
Info 2898.For TahomaBold10 textstyle, the system created a 'Tahoma' font, in 0 character set.
Action 12:08:25: SetupCompleteError. Dialog created
MSI (c) (C0:E0) [12:08:25:052]: Note: 1: 2731 2: 0
Action ended 12:08:26: SetupCompleteError. Return value 2.
Action ended 12:08:26: INSTALL. Return value 3.
MSI (c) (C0:CC) [12:08:26:334]: Destroying RemoteAPI object.
MSI (c) (C0:E4) [12:08:26:334]: Custom Action Manager thread ending.MSI (c) (C0:CC) [12:04:21:544]: Doing action: preLaunchCond.87654321_4321_4321_4321_210987654321
Action 12:04:21: preLaunchCond.87654321_4321_4321_4321_210987654321. Examining launch condtions
Action start 12:04:21: preLaunchCond.87654321_4321_4321_4321_210987654321.
MSI (c) (C0:64) [12:04:21:544]: Invoking remote custom action. DLL: C:\WINNT\Profiles\installer\LOCALS~1\Temp\1\MSI5.tmp, Entrypoint: preLaunchCond
IDCCA:  preLaunchCond - Launch condition '(null)' with condition 'To continue the installation, make sure that the Internet Information Services (IIS) World Wide Web Publishing Service (W3SVC) is installed and running. On computers that run IIS 7.0 or later, the following IIS role services must also be installed: ASP.NET, CGI, and IIS 6.0 Management Compatibility.' failed
MSI (c) (C0!F8) [12:04:21:607]: Note: 1: 2731 2: 0
IDCCA: Unable to determine feature state: 1606
MSI (c) (C0!F8) [12:04:21:607]: Note: 1: 2731 2: 0
IDCCA: Unable to determine feature state: 1606
MSI (c) (C0!F8) [12:04:21:607]: Note: 1: 2731 2: 0
IDCCA: Unable to determine feature state: 1606
MSI (c) (C0!F8) [12:04:21:607]: Note: 1: 2731 2: 0
IDCCA: Unable to determine feature state: 1606
MSI (c) (C0!F8) [12:04:21:607]: Note: 1: 2731 2: 0
IDCCA: Unable to determine feature state: 1606
MSI (c) (C0!F8) [12:04:21:607]: Note: 1: 2731 2: 0
IDCCA: Unable to determine feature state: 1606
MSI (c) (C0!F8) [12:04:21:607]: Note: 1: 2731 2: 0
IDCCA: Unable to determine feature state: 1606
MSI (c) (C0!F8) [12:04:21:607]: Note: 1: 2731 2: 0
IDCCA: Unable to determine feature state: 1606
MSI (c) (C0!F8) [12:04:21:607]: Note: 1: 2731 2: 0
IDCCA: Unable to determine feature state: 1606
IDCCA: preLaunchCond - LaunchCondions were not met, sending data
IDCCA: createXML Machine ID: 6098278f28d8e48599871853a8b9f4c07fd8a0
IDCCA: HttpQueryInfo: 0  12002
IDCCA: Logout failure: 0  12002
Action ended 12:05:45: preLaunchCond.87654321_4321_4321_4321_210987654321. Return value 1.
MSI (c) (C0:CC) [12:05:45:709]: Doing action: IsRebootRequiredOSAutoUpdate.B754A361_3344_430B_92FF_8F9A227A6B90
Action 12:05:45: IsRebootRequiredOSAutoUpdate.B754A361_3344_430B_92FF_8F9A227A6B90.
Action start 12:05:45: IsRebootRequiredOSAutoUpdate.B754A361_3344_430B_92FF_8F9A227A6B90.
MSI (c) (C0:CC) [12:05:45:724]: Invoking remote custom action. DLL: C:\WINNT\Profiles\installer\LOCALS~1\Temp\1\MSI6.tmp, Entrypoint: IsRebootRequiredOSAutoUpdate
Action ended 12:05:45: IsRebootRequiredOSAutoUpdate.B754A361_3344_430B_92FF_8F9A227A6B90. Return value 1.
MSI (c) (C0:CC) [12:05:45:771]: Doing action: LaunchConditions
Action 12:05:45: LaunchConditions. Evaluating launch conditions
Action start 12:05:45: LaunchConditions.
Info 2898.For Tahoma8 textstyle, the system created a 'Tahoma' font, in 0 character set.
Info 2835.The control ErrorIcon was not found on dialog SetupError.
To continue the installation, make sure that the Internet Information Services (IIS) World Wide Web Publishing Service (W3SVC) is installed and running. On computers that run IIS 7.0 or later, the following IIS role services must also be installed: ASP.NET, CGI, and IIS 6.0 Management Compatibility.
MSI (c) (C0:CC) [12:08:25:005]: Product: Symantec Endpoint Protection Manager -- To continue the installation, make sure that the Internet Information Services (IIS) World Wide Web Publishing Service (W3SVC) is installed and running. On computers that run IIS 7.0 or later, the following IIS role services must also be installed: ASP.NET, CGI, and IIS 6.0 Management Compatibility.

hy,
i saw the problems whit RU6 and RU6a in english language ...
so ...
i'm dowloading RU6 in italian language .... is in this file RU6 and RU6a ? will RU6a (in italian language) be released in some days ?
thanks for a reply.

3997491

Hi Guys,

I have an interesting issue I am trying to work around with locations. We currently have about 5 sites that are all setup with locations vi the subnet they are in. these all have different policies for each site.

I want to creat a new location the is a "Off the network" location which locks down the client with the firewall and only allows them to connect to VPN. I have setup the firewall and tested it and it is working fine.

My issue is the best way to make that policy come in to effect.

If you use any of the DNS lookup options and you have a WAN outage and your clients cant see a DNS server it puts them off the network.
If you use the WINS or DNS server address's Users with static IP addresses will not get the change of policy.
If you use management server connection and you have a WAN outage and your clients cant see a managment server it puts them off the network.

I hope you can see the issue but i thought someone must have overcome this before.

Thanks in advance for you help!

Bonjour;

j'ai une console SEPM 11.0.4 et je veut la migrer vers 11.0.5 puis 11.0.6  mais je ne sait pas comment ?????
j'aimerai bien si vous m'orientez vers des sites ou je vai trouver des procédure
de migration ou vous me donnez des documentations sur ça
a+

Hello,

we have a problem with accepting of Invitations.

I will try to explain the Flow.

Our emplyee sends an invitation via Outlook to an external partener.

The external partner accepts the invitations.

The "accepted" package will be blocked because auf  the Policy "unscannable for Virus/worm".

As you can see in the deatails there is a entry "Malformed MIME"

Verdict: Verdict Filter Policy Policy Group Details System allowed IP  static allow ip address  default  None  System allowed email address or domain  static allow email address  default  None  Unscannable  unscannable for virus/worm: hold message in spam qarantine  default  Malformed MIME Content Filtering violation: Sender whitelist  sender whitelist  default  None  Content Filtering violation: Deliver document files  deliver document files  default  None 

 
I have found in the support pages this:

http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2009022715580554

But this is for Releases:
BG 2007 7.6, BG 2007 7.6.1, BG 7.7, BG 8.0

We are running SBG 9.0.  Is there any way to allow such messages?

Thanks in Advance.

We have scripts that install various versions of SAV from 10.1.8.800 to 10.2.2.2000.
During the install the symantec antivrus & defwatch services are stopped then the grc.dat copied into place then services restarted.

At this point we'd like to to do a force update from our server, can it be done as the policy locks out liveupdate from gui?

Hello;
Please, I am a beginner in the use of the console (SEP symatec endpoint protection) and I'd like to know how to use the police and the console in general to eliminate vulnerabilities and system users : how to protect means the key Baden registry and how to prevent the user has installed in their OS or Uninstalled
S.V.P

I am a third line technical admin at a medium size business and have just taken over the support/admin of our Symantec Endpoint Protection setup. We have a single SEPM server with 20 group update providers, with the SEPM server being at the centre of our star network and the GUP's being at the opposite end of each of the star links.  From the support documentation left me by the previous analyst who supported the product the SEPM server performs the definition updates, supplies these to the GUP's and these supply the updates to the 3000 windows clients over all the 20 sites.  I recently updated the SEPM from MR5 to MR6, to resolve an issue with various clients. As the client update was required on over 50% of the PC's it was decided that we would update all to the latest version at the same time.

My question is can you configure the system in anyway to perform the client upgrades via the GUP's, as when we applied it to the setup above all the 3000 clients appeared to download the client upgrades from the SEPM server.  This resulted in all our wide area links being overloaded, and business critical websites being unusable.

Hi Guys,

I am new to SEP and have a question. I would like to know if there is anyway from the client or the SEPM that you tell what location the client is using? I have had a look on the forums but cant seem to find an answer.

Thanks in advance for your help!

3995871

Bonjour;
SVP je suis une débutante dans l'utilisation de la console de SEP (symatec endpoint protection )et j'aimerai bien savoir comment utiliser les policiers et la console en générale pour éliminer les vulnérabilités des utilisateurs et de système en générale : veut dire comment protéger les clés de la bade de registre et comment empécher les utilisateur a installé dans leur OS ou Désinstallé
SVP

When i install SEP RU5 client with installer package it shows above message.

https://www-secure.symantec.com/connect/forums/i-have-problem-when-install-symantec-endpoint-client-ver110
Base on above discussion, the problem can be resolved by deleting the below registry key but it does not exist

 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe\"Debugger" = "svchost.exe" 

after that i try to extract the installer package (setup.exe) then only install but can not extract Symndis.sys to the harddisk.

 

I have lately installed a new SEPM on my workstation. At the beginning the installation looks ok, but something does not work as normal. I followed the description (Solution 3).

Install new SEPM .Use one of the following method to connect the selected clients to connect new SEPM How to point Symantec Endpoint Protection(SEP) clients to a new Symantec Endpoint Protection Manager after you have either uninstalled, are going to decommission or replace the Existing Primary Symantec Endpoint Protection Manager (SEPM)

If I move a new jdb file to the incomming directory, the updates are downloaded to the client, but according to the SEPM console window the updates are not propogated to the client. The icon is a blue workstation (without a green icon).

Hope someone can give me some hints

Rgds
Geir

Hi Guys,

Good Morning.

I have installed A - SEPM with SQL 2005 SP3 and i am going to add site with SQL 2008 to A - SEPM. Will it be any problem using SQL 2005 and SQL 2008 during replication.

This setup already i have done. Initially once gave user name password i got error 'unable to connect reporting components'. But now SEPM it self not opening. Service again and again stoping. Please guide me.

Thank you..