Dear ALL,

I'm using SEP Manager 11.0.5. My problem is SEP client cannot update from the server (policy, definitions).
I've checked Communication between Server and client, it seems OK.
On SEP Manager, some clients display computer icon with green dot, others are not. But from the client (which display computer icon with green dot), SEP icon dont have green dot.
When I go to Troubleshooting..., the server status is Offline, and it belongs to wrong group (even i already update Sylink.xml with SylinkDrop tool).
I dont know what happened.

Thanks

4459161 1283931603

Hello, 

I am active duty AF and there we were authorized to install SEP 11 on our home computer through the home use agreement. I am having issues installing it on my computer.

HP Pavilion Notebook
AMD Turion II Dual-core M500 2.20GHz
4.00 GB RAM
228 of 284 GB remaining
Window 7 Home Premium (64-bit)

I have attempted to install it 7 or 8 times with no luck. I have tried to install Live Update, restart and then install SEP...still no luck. See attachment for more info.

MSI (s) (04:60) [22:01:04:261]: Executing op: ActionStart(Name=InstallLiveUpdate_RB.479D9157_6569_48B2_97C9_6F35A45064AC,,)

Action 22:01:04: InstallLiveUpdate_RB.479D9157_6569_48B2_97C9_6F35A45064AC.  MSI (s) (04:60) [22:01:04:266]: Executing op: CustomActionSchedule(Action=InstallLiveUpdate_RB.479D9157_6569_48B2_97C9_6F35A45064AC,ActionType=3329,Source=BinaryData,Target=UnInstallLiveUpdate,CustomActionData=C:\Users\Shanna\AppData\Local\Temp\IWEGYTAJ\LiveUpdate\lucheck.exe) MSI (s) (04:60) [22:01:04:270]: Executing op: ActionStart(Name=InstallLiveUpdate.479D9157_6569_48B2_97C9_6F35A45064AC,,) Action 22:01:04: InstallLiveUpdate.479D9157_6569_48B2_97C9_6F35A45064AC.  MSI (s) (04:60) [22:01:04:274]: Executing op: CustomActionSchedule(Action=InstallLiveUpdate.479D9157_6569_48B2_97C9_6F35A45064AC,ActionType=3073,Source=BinaryData,Target=InstallLiveUpdate,CustomActionData=C:\Users\Shanna\AppData\Local\Temp\IWEGYTAJ\LiveUpdate\lucheck.exe) MSI (s) (04:5C) [22:01:04:278]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIA189.tmp, Entrypoint: InstallLiveUpdate LUCA: InstallLiveUpdate enter. LUCA: C:\Users\Shanna\AppData\Local\Temp\IWEGYTAJ\LiveUpdate\lucheck.exe LUCA: InstallLiveUpdate : CreateProcessAndWait( LUCHECK.EXE ) returned 206 CustomAction InstallLiveUpdate.479D9157_6569_48B2_97C9_6F35A45064AC returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox) Action ended 22:01:35: InstallFinalize. Return value 3.

We have few Mac OSX 10.6.4 clients on which we installed SEP 11 RU6 managed client. Installation goes without any issue but client is never registered in MC and if I check under "Management" in SEP client, it says it's disconnected even though the server name is correct.

We don't have much experience with SEP on MACs and there's no SYLINK.XML to check, like on Windows boxes, so any pointers are much appreciated. I don't know if this is an issue or known no-no with SEP on MACs, but our SEPM listens on non-standard port; Windows boxes have no problem but I figured I'd mention it in case MACs do.
Thanks in advance!

Perhaps I don't have it set correctly - but I've had a reoccuring problem with one of my users with the Zefarch virus.  It's listed as an easy infection to cure but it kept reoccuring on this workstation and recreating Registry entrys and loaded xtene2.dll in the startup menu.  I've run Symantec virus scans repeatedly and it dissapears for a day or two then pops back up.

I've also run AVG, Malwarebytes,  Avast (both boot and safemode) without success - I happened to run an old version of Advanced System Protector with an updated malware/adware engine and it found several problems including registry entries and an .exe file.  Here are outtakes from the quarantine log.

RogueProgram.WinAntiVirus-Pro-2006 (Rogue Antispyware Program)
Status : Quarantined

Infected registry keys/values detected

hkey_classes_root\*\shellex\contextmenuhandlers\shellextension hkey_classes_root\directory\shellex\contextmenuhandlers\shellextension hkey_classes_root\drive\shellex\contextmenuhandlers\shellextension hkey_local_machine\software\classes\*\shellex\contextmenuhandlers\shellextension hkey_local_machine\software\classes\directory\shellex\contextmenuhandlers\shellextension hkey_local_machine\software\classes\drive\shellex\contextmenuhandlers\shellextension

RogueProgram.MS-Antispyware-2009 (Rogue Antispyware Program)
Status : Quarantined

Infected registry keys/values detected

hkey_current_user\software\microsoft\windows\currentversion\drivers hkey_current_user\software\microsoft\windows\currentversion\drivers\video hkey_current_user\software\microsoft\windows\currentversion\drivers\video\options   Malware (General Components) (Generic Malware )
Status : Quarantined

Infected registry keys/values detected

hkey_current_user\software\microsoft\security center\antivirusdisablenotify hkey_current_user\software\microsoft\security center\updatesdisablenotify hkey_current_user\software\wget   pup.mcgruff-safeguard.3-19-1 (Potentially Unwanted Application)
Status : Ignored

Infected files detected

FileName: c:\windows\$ntservicepackuninstall$\dhcpcsvc.dll
MD5: ef545e1a4b043da4c84e230dd471c55f (111616 Bytes)
Signature: be944b1f73437950593346c408e48737   Trojan-Downloader.murlo.dlu (Trojan-Downloader)
Status : Quarantined

Infected files detected

FileName: c:\windows\system32\spool\drivers\w32x86\3\zuninst.exe
MD5: 195b6c9b8d0bf96181e69ce053219f24 (147456 Bytes)
Signature: FileName: c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_lad566\zuninst.exe
MD5: 195b6c9b8d0bf96181e69ce053219f24 (147456 Bytes)

Am I missing something?

Is anyone using the LAN Gateway appliance in an evironment with 25-30,000 users?  We are being told that the Gateway enforcer appliances are sized to accommodate 25,000 IP addresses per physical enforcer.  There seems to be some confusion on what we actually measure but the number is indeed 25,000 IP addresses per enforcer.   Does anyone know how many sessions per IP an enforcer can support?  So can one enforcer handle 25,000 ip addreses and x number of sessions per ip?

Any feedback on this would be most helpful!

Thank you.

 

I installed the management console, and have a test platform of 3 clients (1, Windows 2000, 1 XP, 1  Win 7).  Those that have internet access go to the web, those that do not get the error LU1814.  None of the pc's are supposed to go to the web as the box "Allow Liveupdate to run on the client" is not checked.  The only files I have found so far (#2007110813315548) seems to suggest that the Microsoft service WSUS is required.  Can anyone confirm this?  As far as I can tell, this service is not on the server, hence the failed updates to the clients.

Thanks.
Craig

I am new to Endpoint Encryption. I have a laptop with full system encryption that is coming up with a boot sector problem. This is a Windows 7 64bit laptop. Normally I would boot off the Windows 7 install cd and run the bootrec.exe to rebuild the boot sector on Windows 7 but since it is encrypted I can't. I have read that you can use the Endpoint Encryption recovery cd but the one that I have looks to be WinPE 1.0 (WinXP). Does anyone know how you can do this for this Windows 7 PC?

It seems we've been hit with a nasty trojan and now my desktop icons, my start bar, and even my explorer.exe are gone. I have to use the task manager to access anything and that access is limited. I tried a system restore but unfortunately, it only offered a restore date that included the problems. I am in NO way computer savvy and would greatly appreciate any help. I've been able to update my Norton protection, but my it regularly reports that it is blocking intrusions. I looked in the security history and found that since August 31st there have been several quarantines. I will list them.

m7931o.dll (Trojan,Gen) on September 07, 2010
s3ei93179.sys (Hacktool.Rootkit) September 04, 2010
rbj.exe (Trojan.FakeAV!gen29) September 02,2010
g1iq31ce (Suspicious.Cloud) August 31,2010 10:49PM
mrnaosxecw.tmp (Downloader) August 31, 2010 10:48 PM
hlp.dat (Trojan.Bamital) Augusy 31, 2010 8:49PM
temp.tmp (Trojan.Bamital!inf) August 31, 2010 8:48PM
winlogon.exe (Trojan.Bamital!inf) August 31, 2010 8:27PM
Suspicious.Mystic August 31, 2010 8:26PM

I appreciate any guidance or help anyone would care to offer. Thank you!

System : Dell with Windows Xp Pro

We have a lot of remote users with laptops that are rarely connected to the corporate network. When logging into one of these laptops it takes between 30sec and 2min before the little SEP shield appears in the system tray. If users try to launch other applications before the SEP shield appears they complain that their system locks up, likely because SEP is still loading and they're trying to do too much at once.

These laptops are very high-end machines (2.4GHz, 4GB RAM, 80 Intel SSD hard drive) so I don't think it's a resource issue. It seems to me that SEP is trying to contact the management server and delays starting up until some timeout period is reached. Anyone know what is really causing this and how I can get the SEP client to load quicker on startup?

Again, this only seems to happen if the PC isn't connected to our network. 

We have a number of small clients using SEP SBE.
We purchase the annual license renewel and upgrade their installations.
With SEP the old license file ceased to exists. So two questions:

How can I tell when an installation is coming up for renewel?

And is the Downloaded software pinned to the specifica customer?

Basically in the old days I downloaded the software and used the same install CDs for all clients with their own license files.

Do we now need to download separate copies of the install software for each licensed customer?

We currently have alot of users that are not able to login to SEE and it tells them that it "Failed to communicate with the SEE Server". Also we have users in our enviornment that are currently running 7.0.3 and the server is running 7.0.5. Do we still need to upgrade the local computers to match the server version even though it was a minor upgrade? If so then can we do it remotely and is there a tool that if we need to go to each computer that we can run to upgrade them to the newest version?
 

Is it possible to have Endpoint reboot the system when its finished installing via a Push install? Right now I have been pushing a single Setup.exe out, but I would still like to use the Push client even if I have to use a MSI.

Thanks

4457111 1283892724

not having user/password for symantec server consol , try and run iFORGOT, Also check the registery for user name showing Administrator...try with all defult usr/pass too. not able to open the consol ....need help

Just the other day I created a new set up and sent it to my boss.  It appeared that what he had was having trouble updating, so I figured we'd re-deploy it. Plus, since we recently re-did the server which holds the management console, he has not been able to connect anyway.  The update worked in that it is now the latest version and appears to be downloading new AV files and everything, however, the little green dot that notes that it's connected to the management server has never appeared.  We have a VPN set up, and I just checked that and it is working just fine.  How do I troubleshoot this?

I am trying to download Symantec Antivirus Corporate Edition 10.2.4 International_English CD1 using fileconnect.  Our client is a non-profit so they purchased the software through techsoup, so noone wants to help me.  But, I can download disc 2 with NO PROBLEMS.  Disc 1 however, fails every time.  I have tried the HTTP AND Managed Downloads and the HTTP gets about 60MB in and fails.  The Managed download gets to 20% and just sits there for 12+ hours then fails as well.   I have tried this from multiple PCs and servers and always get the same result.  So, it is obvious that YOUR LINK TO DOWNLOAD CD1 IS BROKEN!!  All I need is CD1 so I can install this software which they bought!  Tech support has been no help and tells me I have to contact techsoup and purchase media!  This is outragious and should be easily downloadable from your site...not through them!  Please tell me you have an FTP setup, so I can just login to it and pull down the CD1 which I need.

Thank you in advance,
Frustrated user.

I posted this in the Endpoint Management > Helpdesk Solution Forum, posting it here now.

"I cannot create a file or folder exception. symantic keeps deleting an exe file that I need. first I open symantic endpoint protection, on the left I click on "change settings" then I click on "configure settings" for centralized exceptions. Once there I click on "add" and select securicy risk exceptions > file, but nothing happens."

"I just tried again and was able to add the exception but I cant edit it or create any more"

Just looking at my most recent signatures, my personal ones are over 24hrs old, dated 06/09/10

But this http://www.symantec.com/business/security_response/definitions.jsp

says under the ''learn more''

''LiveUpdate is the most trusted way of updating virus definitions. Each set is fully tested and certified by Quality Assurance. Certified Multiple Daily LiveUpdate is published several times a day and is the best protection from fast moving threats. ''

Are signatures for SEP always at least 24hrs old, are my expectations of daily revisions too much?

Thanks

I submitted system.exe because it is not being detected as a virus while other anti-malware vendors all do detect it as a Trojan virus.
The file has been send under Tracking #17177039 number.
It infects USB memory sticks.

How is SNAC diffrent from Windows NAC?

4456041 1283876891

I have gone through the motions of the following:

Check that the user is a member of SMSMSE Admins (user is)
Log off and back on
Restart IIS
Ruyn SecurityCheck.zip which is a Symantec tool for checking group membership (all was ok)
Restart Server
Uninstall and Reinstall SMSMSE

This is a brand new SBS 2008 server, fresh with only 1 domain admin as I have not even set users up yet. Have done the steps in the task pad with setting the server up. It is still in my testbed area waiting to be built, this is holding the install back.

Any ideas please?