Hello all,

In Symantec Brightmail Gateway is there any way to configure the solution to offer the possibility to download the attachment of a message in spam quarantine queue (at the moment i can access the body/headers, i can release or delete the message but the attachment is not a link - i can't download it to check it manually).

So can I make SBG store the attachment as downloadable in the spam queue (eg. all zip files), for manual check-up? Forwarding to an Exchange inbox before quarantine is not an option, it requires too much disk space.

I know how to create rules and all options on SBG - can't find this one (i have the documentation too). Any CLI trick?

A customer has some internal procedures that ask for this.

See attachment for snapshot.

Best regards,

Mihai D.

• Untitled.jpg

Hello.

I just set up a new PC yesterday and ever since I've been getting these alarming messages from my Semantec security software (yes, I installed security software before establishing any connections to the internet). There has been a total of 4 different logged incidences from the same IP address in the past 24 hours. The message in the log goes as follows: "Unsolicited incoming ARP reply detected, this is a kind of MAC spoofing that may consequently do harm to your computer. Packet data is shown in the right window." The IP address corresponding to each of these 4 logs is "76.179.16.1" I did a "whois" of this IP address and it says it is originating from Palo Alto, California; latitude 37.376 and longitude -122.183.

Does anyone know who this is and what specifically they are trying to do? Are they trying to hack into my computer to gain remote access? Why? How did they find me? What should I do? Is my Semantec going to protect me or are these logs an indication that I've already been hacked/hijacked?

I'm currently embarking on a large scale CCS roll out and was wondering if anyone else has been through the process.
I'd ideally like to know if there were any major considerations that escaped usual project scoping processes that came back to haunt the implementer.
I would, of course, be discrete about my sources.
Thanks in advance.

Hello,

I successfully deployed SEP 11.06 on severals computers. But I wanted to remove SEP on one of my clients computers. So I uninstall manually SEP on this computer and actually I have a message that indicates that for security, the settings are managed by a system administrator. I can't manage my settings so how can I do to uninstall completely and properly SEP ?

Etinewok

Hi,

 

I have been having some issues with BSOD on a few workstations that have been caused by SysPlant.sys on a regular basis. What exactly does SysPlant.sys do? Also, What risks or repercussions would I see if I disabled the sysplant driver in device manager. Are there any known issues with sysplant.sys and other software? Is this problem can be resolved by applying any policy.

 

Currently, we are running SEP 11.6005 (MR6) with & without application/device control enabled. 

Any info would be great. Thank you for the time.

 

Ashutosh

How does Symantec Endpoint Protection protect its own file?

hi all,

Now I have some problems with sending email to some domains (ex. yahoo.com; gmail.com.vn;...). Email is stuck in Message Queues with following errors:
421 4.4.0 [internal] no MXs for this domain could be reached at this time
450 4.4.1 [internal] Connection Timed Out
Client host rejected: IP address greylist check, be patient.
451 4.4.2 [internal] connection closed by remote host
451 4.4.2 [internal] no BODY response
451 4.4.2 [internal] no HELO/EHLO response

From the Control Center, I still can ping, tracert, or telnet to those domains.
I've tried some searching but still cannot fix that problems.
Pls someone helps! (sorry for my bad En.)
Thanks in advanced

Hi I would like to find out if its possible to do this as I understand that the firewall will be turned on for USB blocking to be enabled too. Need to do this as my organization already have GPOs applied to the local machine firewall settings and I do not wish to chage this if possible. Kindly advise.

Thanks

Our server has an existing application which uses Sybase's ASA 7. I see the SEP manager installs the newer version (non longer called ASA). Will there be a conflict if both are installed and running on the same machine?

4446981 1283714397

hi
my name is amir

What's the best software server 2008

small business 12 ver?

There are several hundred nodes connected to my company SIM environment.
Is there any built-in capability to monitor which nodes stopped sending me events?
(for me it means that the node is alive or not).
Can I create an incident when the node stops sending me events after a certain amount of time?
Will appreciate your help.

I am evaluating the Protection Suite for Small Business.  The network is some 75 users with Exchange email.  We have Windows 2000, XP, and Windows 7.  A mix of service packs.  Also have about 50 non email users - these pc's have no internet access, the others do.  In my one pc test with XP, I can see that just preparing the clients for installing the protection client will be daunting in itself (I've yet to be able to push a client install sucessfully on the one pc I'm using in my test/evaluation.)

Can youone tell me if I can install a managed client directly from a licensed media?  The demo only allows me to install an unmanaged client.

Thanks you.

Craig

do you have  any technical document on process to migrate sepm from one server to another. latest version.

server 2003 to server 2008.

thanks.

Just update the SEPM to the latest version (almost - 11.06a is my version, not 11.06aMP1).  Starting to push out updates using the auto-upgrade.  Some clients are updating/upgrading just as they should, getting the new package and getting the latest defs.  Some clients seem to be refusing to get the latest NTP defs....  client GUI shows green but the NTP states "waiting for updates".

When on version 11.05, we were only using AV/AS and TruScan.  With the update, we have moved to AV/AS, TruScan, and NTP.  New policies created for the firewall (enabled and allowing everything) and IPS (pretty much the default policy).  Every client that gets the new package is receiving this feature set change, but the defs seem to be hanging up for NTP....

With the exception of a few servers that are not imported from AD, every single OU from AD is imported into SEPM.  Everyday, about 50 clients roam in and out of the "default group".  The clients act normally otherwise, they receive policies (as assigned to the "default group"), detect issues, update as expected, etc.  I just cannot figure out why they "roam" back and forth to the default group.  Not always the same exact clients do this....  I am saying that there is always about 50 clients in the default group when I would expect there would be none, as all these clients are legitimate members of a different OU.

I've tried modifying the group membership (in SEPM) by using the SYLINK, but it really has no effect - as I expect it wouldn't any way.  The AD OU's are synced to SEPM, so that should take control, right?  Am I missing something obvious on that issue?

I've read some links about deleting files on the client that will get automatically recreated upon sync, I've done that, but they still show up in the wrong SEPM group. 

On any one particular client, if I just wait (days, sometimes many days), the client does seem to eventually move to the right group, but by then, different clients are doing the default group shuffle......

Is this just a simple double click and agree process or do I have to "upgrade" the SEPM just as I have done in the past.  Example, when going from 11.04 to 11.05, it was a 30 - 45 minute upgrade process and the SEPM needed database changes to the schema, etc, etc.  If this is the usual upgrade process, then I assume I need a new dl (zipped DVD's) from fileconnect, right?

I have just upgraded our SEPM's from 11.05 to 11.06a and right now I am in the process of auto-upgrading all the clients, one group at a time (about 7000 clients, about 50 groups).

And, I've tried to find some documentation on "patching" in all of my past manuals, but all I can find is "upgrade" info.  To me, a patch is normally a click and agree process.....

Hi ,

I have attached one video that will help new SEP support persons to understand how to install Symantec End Point on Windows 2008 server.

Best of Luck

 

• SEP_Installation.wmv

I'm looking for best practices information for how to deploy SIM in my environment.  What things should I consider, in deploying SIM, I need anything and everything that could help me properly deploy SIM.  Thanks.

Hi

In one windows xp pc, I tried to install symantec endpoint protection client and it took a long time to cross the "Gathering required information" and after few hours it finished completely.

now i decided to uninstall and load the latest version but still it is the same symptom

Please figure out why it is taking so long time since we have to load the same in couple of pc's!

Swaminathan

Hi,

I have installed SSIM 4.7 on a machine and I was able to login to the web console successfully, but when I am trying to login to the Java console using SSIM Client.. Its showing me the following Error Message

Certificate error occured while trying to connect to the specified host.

avax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
 at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
 at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
 at com.symantec.sim.app.SimApplication.validateIP(SimApplication.java:907)
 at com.symantec.sim.app.SimApplication$2.construct(SimApplication.java:637)
 at com.symantec.sim.uilib.util.SwingWorker$2.run(SwingWorker.java:176)
 at java.lang.Thread.run(Unknown Source)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
 at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
 ... 11 more

I have gone through a process mentioned in the Connect article "Can't log into SSIM after 4.6.2 upgrade" and I have tried doing the same.. But still I am getting the same error..

I am trying to trouble shoot this issue since 2 days.. but No Luck.. Please help me in resolving this Issue.

Thanks in Anticipation...

Regards,
Naresh