I need to move a client that is in an AD defined group to SEP group.  I am NOT going to restructure my AD in order to accommodate SEP.  I should be able to move clients into a SEP group that will allow me to apply different policies to these specific SEP groups’ machines. 

Hello,
I was wondering if there's a way to scan my entire network (about 200 pc's) and get a resolt on how may computers DON'T have symantec installed on them? (I know there's an option for unmanaged computers, but what about computers with no symantec at all?)

Thanks all!

Hello everyone,

we've got a problem here - one of our desktop PCs has recently refused to connect to the server. The green dot simply disappeared for no reason and we can't do anything about that. Things we've tried:
1. Reinstalling remotely: via find unmanaged clients, via exporting an install package, via local installation and SyLink.xml drop - didn't work. Installs perfectly, no errors or warnings in the logs, still fails to connect to the server.
2. SEPtool doesn't find any errors or warnings.
3. Disabling the "Enable secure communications between the manahement server and ..." checkbox in Clients -> policies -> Security settings didn't help.
4. Tried different versions of SyLink.xml (from different groups, default one, etc.) - didn't work.
5. No firewalls or other similar things are blocking the connection - checked 2 thousand times.
6. We use the latest available versions of SMC and client.
7. There are no any network related issues or any other errors/warnings on the problem PC - everything works perfect except SEP client does want to connect to the server.
8. The log from SyLinkMonitor (latetst version) is attached here.

Any advice is greatly appreciated except those looking like "reinstall the operating system". If we wanted to solve the problem that way - wewould have already done that. The key point here is solve the issue without reinstalling the system. Thank's in advance!

• 11.txt

Hi
We have a network with 10 computers (laptops / desktops).  We use Symantec Antivrus version 9. Since last week we have problems with the laptops (HP Elitebook workstation) in the network.  After a live update and reboot of the system, the screen resolution chages to 640x480 16 colors and some services failed to start.  After removing symantec antivirus, everythink worked fine.
Any idea who we can solve this problem ?
Kind regarts

1. Is there a way to configure disable notification of IPS port scanning on clients?
2. How can I know that branch office clients getting LU from Branch office GUP server? Just I want to make sure branch office client will get LU from GUP which I configure on each Branch office.
3. How to configure dedicated Group Update Provider to distribute content to its one branch office only clients?
4. Is there a way in console client tab to view more than 1000 user?
5. I have schedule scan on weekly base on 12 noon Monday, if client is switched off on Monday and client is switched on Wednesday does schedule scan will run when client is up. Is it going to wait for coming Monday to start the scanning?
6. In SAV 10 schedule can show status of scanning on the client side. But in SEP 11 how I can configure to show scan status on the client side?
7. When I click on LiveUpdate on client PC it shows Initializing...Connecting to liveupdate.symantecliveupdate.com...so this means it is downloading from syamntecliveupdate Server instance of SEPM server. Is there a way to define to connect only to manage SEPM server when I click on LiveUpdate tab on client. I don’t want to disable manual LiveUpdate in LiveUpdate policy.

How to take SEPM back safely.Am running sepm & sql in same machine.In future may be planning to migrate new upgraded hardware set up.

Dear All,

I've problem with my symantec endpoint manager, i just can install packages from symantec endpoint manager to win xp only, whereas win vista and win 7 couldn't. Please share to me how to solve this problem

Thank you in advance,
Ardi ( Indonesia )
 

Hi

I have a SMS 8240 that reports, "Minimum queue disk bytes free limit reached, queue inbound free 454MB limit 500MB" 
Is there a way that i can change the limit of the queue, as a short time solution?

Yesterday we startet having problems with mail taking long time to gett inn and out from us, afther some checking i fond that the queue had reached its 500MB free diskspace limit.
In our appliance there are 37 GB disks, in the Local Host hardware Status, Disk Usage is shown in red and says 22.6 GB.

Any Suggestions?

Regards
CT

Hi,

we're experiencing a strange issue with SEP (ver. 11) here. We've got two servers to monitor the other servers but somehow these two servers never seem to show the correct amount of machines they're supposed to monitore. Refreshing won't help unless we delete the files in the 'inbox' and 'outbox' folders. Then it will show the correct number (nearly 1000) but over the next days this number declines until it is at around 600 or even 400. Replication is set to auto, we tried to change it to manual but that didn't solve it. Any ideas?

I encounter a problem when updating Symantec Endpoint Protection 11.0.5XXX.333 client using Intelligent Updater. The virus definition does not updated. Intelligent Updater prompt a message said the updating is successful but when I check, the virus definition still show outdated. Definition I used is from Symantec Website. The executable file name is "20100906-024-v5i32.exe". and the log message that I get in "Log.IntelligentUpdater.txt" after executing Intelligent Updater are:

Tue Sep 07 13:05:04 2010 : ******************************************************************

Tue Sep 07 13:05:05 2010 : Starting Intelligent Updater - Version 5.1.0.9 Tue Sep 07 13:05:05 2010 : ****************************************************************** Tue Sep 07 13:05:05 2010 : AUTH SYMSIGNED BEGIN: Started. Tue Sep 07 13:05:05 2010 : AUTH SYMSIGNED CLASS3 BEGIN: Entering CriticalSection Initialization . Tue Sep 07 13:05:05 2010 : AUTH SYMSIGNED CLASS3: Succeeded find the class 3 ID, returning TRUE. Tue Sep 07 13:05:05 2010 : AUTH SYMSIGNED END: Finished processing. Returns TRUE Tue Sep 07 13:05:05 2010 : IU RES SYMSIGNED SUCCESS: Successfully verified Symantec Signature for the iuResource.dll Tue Sep 07 13:05:05 2010 : IU RES LOAD: Successfully loaded the resource file.. Tue Sep 07 13:05:05 2010 : IU MODE: IU is running is FULL mode. Tue Sep 07 13:05:07 2010 : CONFIG LOAD SUCCESS: Successfully loaded the configuration file: iuConfig.xml. Tue Sep 07 13:05:07 2010 : IU INFO: File-name : 20100906-024-v5i32.EXE Tue Sep 07 13:05:07 2010 : IU INFO: Creation-date : 20100906 Tue Sep 07 13:05:07 2010 : PROCESSING ENTRY: VIRSCAN.zip - Virus Definitions Tue Sep 07 13:05:07 2010 : Entry details: Tue Sep 07 13:05:07 2010 : Update-File: VIRSCAN.zip Tue Sep 07 13:05:07 2010 : Update-Desc: Virus Definitions Tue Sep 07 13:05:07 2010 : Auth DLL Name: SAVIUAuth Tue Sep 07 13:05:07 2010 : Auth DLL Location: local Tue Sep 07 13:05:07 2010 : Auth Content-Type: virus definitions x32 Tue Sep 07 13:05:07 2010 : Deploy Content-Type: virus definitions x32 Tue Sep 07 13:05:07 2010 : Deplo DLL Name: SAVIUDeploy Tue Sep 07 13:05:07 2010 : Deploy DLL Location: local Tue Sep 07 13:05:07 2010 : AUTH DLL LOCATION: IU will read the DLL location from registry - SAVIUAuth Tue Sep 07 13:05:07 2010 : REG SUCCESS: Success while opening key  Tue Sep 07 13:05:07 2010 : REG SUCCESS: Success while fetching the path for DLL : C:\Program Files\Symantec\Symantec Endpoint Protection\IU\LuAuth.dll Tue Sep 07 13:05:07 2010 : DEPLOY DLL LOCATION: IU will read the DLL location from registry - SAVIUDeploy Tue Sep 07 13:05:07 2010 : REG SUCCESS: Success while opening key  Tue Sep 07 13:05:07 2010 : REG SUCCESS: Success while fetching the path for DLL : C:\Program Files\Symantec\Symantec Endpoint Protection\IU\DefUDply.dll Tue Sep 07 13:05:07 2010 : AUTH SYMSIGNED BEGIN: Started. Tue Sep 07 13:05:07 2010 : AUTH SYMSIGNED CLASS3 BEGIN: Entering CriticalSection Initialization . Tue Sep 07 13:05:07 2010 : AUTH SYMSIGNED CLASS3: Succeeded find the class 3 ID, returning TRUE. Tue Sep 07 13:05:07 2010 : AUTH SYMSIGNED END: Finished processing. Returns TRUE Tue Sep 07 13:05:07 2010 : AUTH SYMSIGNED SUCCESS: Successfully verified Symantec Signature for the authorization dll C:\Program Files\Symantec\Symantec Endpoint Protection\IU\LuAuth.dll Tue Sep 07 13:05:07 2010 : AUTH LOAD SUCCESS: Successfully loaded the authorization dll - C:\Program Files\Symantec\Symantec Endpoint Protection\IU\LuAuth.dll Tue Sep 07 13:05:07 2010 : AUTH SYMSIGNED BEGIN: Started. Tue Sep 07 13:05:07 2010 : AUTH SYMSIGNED CLASS3 BEGIN: Entering CriticalSection Initialization . Tue Sep 07 13:05:07 2010 : AUTH SYMSIGNED CLASS3: Succeeded find the class 3 ID, returning TRUE. Tue Sep 07 13:05:07 2010 : AUTH SYMSIGNED END: Finished processing. Returns TRUE Tue Sep 07 13:05:07 2010 : DEPLOY SYMSIGNED SUCCESS: Successfully verified Symantec Signature for the deployment dll C:\Program Files\Symantec\Symantec Endpoint Protection\IU\DefUDply.dll Tue Sep 07 13:05:07 2010 : DEPLOY LOAD SUCCESS: Successfully loaded the deployment dll - C:\Program Files\Symantec\Symantec Endpoint Protection\IU\DefUDply.dll Tue Sep 07 13:05:07 2010 : AUTHORIZATION SUCCESSFUL: VIRSCAN.zip is successfully authorized for deployment. Tue Sep 07 13:05:07 2010 : DEPLOY PATH SUCCESS: VIRSCAN.zip will be deployed at location C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\tmp7bbf.tmp Tue Sep 07 13:05:07 2010 : AUTH SYMSIGNED BEGIN: Started. Tue Sep 07 13:05:07 2010 : AUTH SYMSIGNED CLASS3 BEGIN: Entering CriticalSection Initialization . Tue Sep 07 13:05:07 2010 : AUTH SYMSIGNED CLASS3: Succeeded find the class 3 ID, returning TRUE. Tue Sep 07 13:05:07 2010 : AUTH SYMSIGNED END: Finished processing. Returns TRUE Tue Sep 07 13:05:07 2010 : UNRAR LOAD SUCCESS: Successfully loaded the UNRAR DLL. Tue Sep 07 13:05:07 2010 : UNRAR OPEN SUCCESS: Success opening RAR file VIRSCAN.zip Tue Sep 07 13:05:14 2010 : UNRAR EXTRACT SUCCESS: Succesfully extracted VIRSCAN.zip to C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\tmp7bbf.tmp Tue Sep 07 13:05:16 2010 : POST PROCESS SUCCESS: Successfully performed post processing for VIRSCAN.zip Tue Sep 07 13:05:16 2010 : Calling ReleaseInstance() on the object of IIntelligentUpdaterDeploymentManager2. Tue Sep 07 13:05:16 2010 : PROCESSING ENTRY: VIRSCAN.zip - Virus Definitions Tue Sep 07 13:05:16 2010 : Entry details: Tue Sep 07 13:05:16 2010 : Update-File: VIRSCAN.zip Tue Sep 07 13:05:16 2010 : Update-Desc: Virus Definitions Tue Sep 07 13:05:16 2010 : Auth DLL Name: ISAuthDLL Tue Sep 07 13:05:16 2010 : Auth DLL Location: local Tue Sep 07 13:05:16 2010 : Auth Content-Type: virus definitions x32 Tue Sep 07 13:05:16 2010 : Deploy Content-Type: virus definitions x32 Tue Sep 07 13:05:16 2010 : Deplo DLL Name: ISDeployDLL Tue Sep 07 13:05:16 2010 : Deploy DLL Location: local Tue Sep 07 13:05:16 2010 : AUTH DLL LOCATION: IU will read the DLL location from registry - ISAuthDLL Tue Sep 07 13:05:16 2010 : REG SUCCESS: Success while opening key  Tue Sep 07 13:05:16 2010 : REG FAILURE: Failed while reading the value for key named  Tue Sep 07 13:05:16 2010 : DEPLOY DLL LOCATION: IU will read the DLL location from registry - ISDeployDLL Tue Sep 07 13:05:16 2010 : REG SUCCESS: Success while opening key  Tue Sep 07 13:05:16 2010 : REG FAILURE: Failed while reading the value for key named  Tue Sep 07 13:05:16 2010 : IGNORE ENTRY: Ignoring entry for VIRSCAN.zip because of registry read failure. Error occurred while reading the path for the Authorization DLL from the registry. Tue Sep 07 13:05:16 2010 : IU failed while deploying V because a compatible product could not be found on the system. Please make sure that a compatible Symantec product is installed on the system.   Already try on few client machine and getting the same log.

Appreciate if anyone can give me a suggestion or solution to this problem. Is it a bug on my client? or Is the Intelligent Updater bug? or Other unknown problem.

Thanks.

Does Symantec Mail Security for Domino 3.2 supports Lotus Notes (Solaris Sparc 10) ? I check the system requirements but I am not sure if it includes in this part Sun Solaris 8 or later thanks

I've seen several topics that hint about what my problem is and everything leads to me going into my "Symantec Endpoint Protection Manager Console" to add an exception; however, I do not have that, I have Symantec Endpoint Protection...no manager console.

What I'm trying to do is set up an exception for my ip address.  I went in: Network Threat Protection and added a firewall rule, but that didn't work, still keeps blocking the ip, 192.168.1.1..  Now the question is...is there two different versions...Symantec Endpoint Protection & Symantec Endpoint Protection Manager?

Thanks for helping a total idiot if you can...:)

Chris

I got a similar case as the following link.
https://www-secure.symantec.com/connect/forums/c-drive-running-out-disk-space-huge-folder-i2ldvptmp

But my case relate to install latest SEP 11.0.6.562 with Enterprise Vault 8.0 SP3 server.

I have W2k3 Standard 32 bits server and installed SAV 10.1.6 before. 
I found upgrade to SEP 11.0.6.562 version and found low space on drive C.

"C:\Documents and Settings\All Users\Application Data\Symantec\Symantec EndPoint Protection\I2_LDVP.TMP"
It have a lot file with attribute "O". it mean it is EV placeholder file.
File Name Start with msl-428-XXXX

I do exclude folders (Vault storage folder & Index folder) and *.DVS files, but it does not sort it out.

I can't delete them since it is placeholder files; even save mode, I can't delete them.  

I attempt to install EV FSA agent on EV server to delete these files. 

Would someone meet my case and found a way to sort it out completely ?

Any good practice setting of SEP on Enterprise Vault storage server and FSA agent client ? 

I have an unmanaged SEP RU5 client. Few days ago I noticed that a notification saying that my AV was turned off. I tried to log off and login again and the AV was turned on again.

Can anyone help me with this? I was very annoying to relogin every time the notification pops.

Thanks in Advance.

Has anyone had what I suspect as a "False Negative" with SCCM 2007?

We have recently installed SCCM 2007 (with all the latest service packs) onto a W2K8 R2 server however SEP has started reporting the following files as Trojan.gen:
tools.exe
changecache.exe
located "C:\Program Files (x86)\Microsoft Configuration Manager\AdminUI\XmlStorage\Tools"

We are running version 11.0.6000.550 with the latest update.

To mitigate the issue we have added a local exclusion but would be nice to not have to. Not a big issue as we are only running one instance of SCCM but I'm sure we aren't't the only organisation that use this product

Cheers.

Just installed SEP on a Dell Latitude D520 with the Intel Wireless and tried to connect to a NetGear Wireless Router. I was able to successfully to connect to it before installing the software. If I disable NTP, then I can connect to the router. Checking the Wireless Troubleshooting, I fail either on Association or Authentication when NTP is on. The laptop is running XP SP3. Obviously, I am missing a rule to allow access through the firewall, but what is it?

I have another 18 laptops to do with SEP and I need to know the solution before continuing with installing SEP.

I am running Symantec Endpoint Protection 11.0.6100.645 with the latest updates on Windows 7. 

I keep getting a message that "HTTP Nukesploit P4ck activity detected."

I wend to the attack signatures and have disabled system restore, updated the virus definitions and ran a full system scan.  No problems were found. 

I do not understand the "delete any values added to the registry" task and need some further explination. 

What else can I do to stop this issue.

Todd

All of a sudden I'm getting a notification that OpenDNS updater is a threat.  Is this a know issue?  See attached jpeg

• backdoor.IRC_.Bot_.jpg

Hi,
I have no access to Sepm server.
I need to update virus pattern included into Sep Installation package.
I've already read a previous discussion about this problem and the solution was to get the FULL.ZIP file from a SepM Server folder.
I can access to Sep 11.0.6005.562 clients or to a Liveupdate Administrator server.
Is there anuy way to update the installation package?
Everytime I install Ru6a, I need to download 90MB of updated... it too much and is very dangerous: I need to connect to the network a pc with the old definitions file to update them.

Paolo

Hi,

I've installed The SEPM, I already have a cluster of SQL 2008 and my DBA's configured a DB for me (do the database already exists). I let them know of the required file groups and special permissions mentioned in the documentation.
When I try to setup the SEPM, it fails with the "initialization of database error", I tryed looking for the log file the message mentioned in ...\tomcat\logs\install_log.err and the log file was empty.I thought there might be some sort of a problem with the file, so I deleted it and when I retry the process it does not create the log file at all.
I'm not certain what's wrong, but I think the permissions on the directory are O.K. - not certain what to do next?