Hi Guys,

This is the for the first time i am installing Symantec End point and have loads of problem configuring it.. Please help me..

This is a proof of concept before installing it in a client place, so it is kind of trail and error for me

1.   I have installed Win2K8 R2 evaluation version as a domain controller and have one client desktop joined to domain which WinXP Pro SP3
2.   Then installed SQL Server 2008 R2 evaluation
3.   Then installed Symantec Endpoint Manager ( includes ....Database bkp & restore , Mgmt Server Conf Wizard ,  Migration and deployment wizard , Symantec Endpoint Protection manager console)

Now i have no idea how to connect to client XP machine and and deploy Antivirus client on Xp desktop.

Please let me know the steps to do that....

I have also installed embedded DB which comes with Endpoint which was not necessary i guess, especialy whn i have SQL installed.

Thanks in advance.

My manager is RU6a. I have several clients with MR4.
When i tried to upgrade to RU6a over MR4 the SEP Client fails to update and run properly.

When i upgrade directly from MR4 to RU6a MP1 SEP Client work perfect.

But i saw that Symantec do not recommend upgrading from MR4 / 5 directly to RU6a MP1. (on Manager)
it this applies to SEP Client too?

Thanks. Nir.

4432331 1283431593

Hi all,

Although I created a Application and Device Control Policy about the webcam, SEP RU6 still disables the webcam internal mic but the webcam can work still !  
When using Office Communicator, webcam can be opened and  the sounds can be received but no sound can be sent at all. 
Known that the Application and Device Control may not block or enable the webcams but we all use Logitech Quickcam 3000 webcam and I had added the camera's Class Id = {4d36e96c-e325-11ce-bfc1-08002be10318} and hoped its correct.  Then I'd excluded this device in the App and Device Control Policy but the outgoing sound was still lost; incoming voices were good as needed. 

What can I do with the policy, is there any idea??

4433511 1283432654

Is there any type of product comparison matrix which we could post on our website?  A PDF would be ideal.  We are an internet marketing company and clients automatically assume that we are IT experts too.  We have a couretsy page on our website for people to get links for third party upgrades, products etc. related to their PC performance, protection, functionality.  Please look at the page linked below and make any recommendations on Symantec  virus/trojan protection software info that could be added.  (Any other suggestions are also welcome!)  Thank you!

Software and Program Upgrades

Hi Friends

I have configured a GUP in my SEPM. The PC Which I have configured for updates is getting updated properly, but the rest of the PCs of the group are not getting updated.

Please suggest me.

Thanks and regards

Arul Prakash.A

Hello,

I have a problem regarding this issue ;

1. Is there a problem when installing Symantec Endpoint Protection Manager with Symantec Backup Exec both co-allocated on the same physical server ?
2. Do I have to adjust the configuration for both of the clients of Symantec Endpoint Protection client and Backup Exec co-allocated together on the same physical client machine ?

Regards and Thanks..

The SAV Linux documentation seems to imply that, if you choose to use the Java LiveUpdate option, you need to pull the updates from a local live update server.  Is it possible to pull them from Symantec instead? If so, what do I enter in the liveupdate.conf file to use the Symantec Live Update server(s)?

If we can't do that, and have to build our own LiveUpdate server, is there any reason not to put it on a VM? 

Thanks,

Paul

I noticed today, that after deploying SEP to replace SAV, the SAV folder still remains on the computers that SEP is deployed to. I've browsed the computers services and there doesn't seem to be anything left that runs executables from the SAV folder. I do see services that run from the SEP folder. Is this a normal behavior? To still have a large portion of the SAV folder remaining after deploying to the machines? Is this perhaps the result of a specific method I used to upgrade these machines from SAV to SEP?

Thanks in advance.

Customer server runnig SEP V11. Exchange infected with virus that is sending thousands of emails per minute from the server. Scan has been running for 5 hours and not found anything. Virus defs up to date. Customer cannot send emails because of the infection. Server response degrading. What can be done to fix. Currently working remotely.

I have a Windows Server 2008 R2 Terminal server with Citrix XenApp 6 running on a virtual machine on Windows Server 2008 R2 HyperV. I had SEP 11.0.5002.333 64-bit running on the server fine previously.

Yesterday the HyperV server crashed and rebooted so the virtual machine did not shut down properly. Now the SescLU.exe and Rtvscan.exe processes are crashing immediately upon starting. I tried uninstalling and re-installing. I downloaded the newest version of SEP (11.0.6100.645) and upgraded to that. I am still having the same issue. Here's the entries in the error logs:

Faulting application name: SescLU.exe, version: 11.0.6100.480, time stamp: 0x4c5b6596
Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp: 0x4ba9b29c
Exception code: 0xc0000005
Fault offset: 0x0002e9c0
Faulting process id: 0x1320
Faulting application start time: 0x01cb4a0e92415471
Faulting application path: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SescLU.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: cffa38a5-b601-11df-9851-00155d010102

Faulting application name: Rtvscan.exe, version: 11.0.6100.463, time stamp: 0x4c2d25af
Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp: 0x4ba9b29c
Exception code: 0xc0000005
Fault offset: 0x0002e733
Faulting process id: 0x14a8
Faulting application start time: 0x01cb4a0db1424d02
Faulting application path: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: eefcf732-b600-11df-9851-00155d010102

I ran system file checker on the specified ntdll.dll and it didn't find any problems. I also ran a chkdsk on the drives and it found a couple small errors and repaired them. I did the reinstalls after the chkdsk ran. Any help in getting SEP to run would be greatly appreciated. Thanks.

We are receiving "Delivered to Symantec Security Reponse" on a few exes (via TruScan) that we recently deployed.

These messages seem to pop up about 1-2 times a day for our clients.  The EXEs are ok, and I assume some action they are performing is kicking off this message...

Is there a way to exclude these messages or at least supress the client side pop up notification?

We had SEP11.0.4 and old server not enough disk space to upgrade console. Installed new 11.0.6 console on new server and pushed out. 3 servers are good, but 3 have issues. On 2 of the servers I am trying to manuallu uninstall the SEP client and I get this error.

Error Service Symantec Management Client (SmcService) could not be deleted. Verify that you have suffienct privileges to remove system services.

- I verified that I am connecting as Domain Admin
- I installed VNC so I could connect remotely instead of connecting using RDP
- I looked for Windows Cleanup Utility, but it looks like MS has removed from their site.
- I tried restarting server during maintenance window, but did not clear up

Any other suggestions for getting the old SEP client removed so I can push newer one fresh?

Dear Team,

Please let me know if there is a SIM Collector for Exchange 2010,  can the collector for Exchange 2007 avaiable in SSIM 4.7 used for  Microsoft Exchange 2010.

Regards,
DMK

We seem to be getting more Trojan downloader risks slipping by Endpoint and most of these appear to be some type of java. Almost all of these are detected in the \Application Data\Sun\Java\Deployment\cache\6.0\ folders. Symantec is able to delete most of these.

Is anyone else seeing this problem? Is there anything I can do to eliminate theses completely?

I have a zip file in C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\data\replication\outbox\92F73DFCAC10111B00F4FC9FC8CDE3A5

From October 2009 and it's 4.6GB in size. Do I need this anymore? Can it be deleted?

4428301 1283364508

VER. 11.0.5002.333

I am attempting to configure GUP on our domain. We have 12 remote sites each with a server (2003) and about 10-20 computers (XP). I have installed SEPM on at one site and have added (tried) 4 GUPs (8 more will be coming once I get these first few working properly). The problem I am having is that randomly the SEPM server will get some major bandwidth spikes. Response times normally sit around 7-20MS but since the addition of SEPM and GUP I am getting response times of 250-300ms at random intervals. They last about 3-4 minutes each then the goes back to normal for about 5 minutes.

Steps taken so far:

Created locations for each site
Imported computers from AD.
In the default (shared) Live Update Policy that is applied to all locations
 -only use the default management server and use a GUP are selected
  -Selected multiple GUP
 -added the GUP IP addresses all under one rule set

All the clients are getting their updates but I do not know from where. I've tried to run sylink monitor but all I am getting is blank screens. Logging has been turned on in IIS and on the client that I'm testing from.

When I run SEP_Content_Distmonitor my GUP servers show up and appear to be working fine.

From the client, under Help and Support > Troubleshooting, what server should show up? The SEPM or the GUP? All are currently showing the SEPM.

I've taken over this network recently and trying to fix the mess that was left for me. Originally, SEPM was installed on every server and replicating to every server. It was an absolute mess. I've removed all of the SEPMs and installed in on a central server. To get the clients to look at the correct server I have been using sylinkreplacer. Would doing this make all the clients pull updates directly from the SEPM and bypass the GUP?

I can provide more details if necessary.

4428021 1283371156

My SEPM has newer defs than what Symantec has released. Is this possible?

Greetings,

I have RU5 installed on my servers and my clients are on MR4. Is it true that the severs have to be upgraded to RU6 first before I can upgrade the clients to RU6? If there is link that provides this information that would be great!

Thanks.

Good Morning! 
I am looking for more information or looking to connect with someone who has experience using SEP 11.0 to block USB devices, such as jump/flash drives.  Here are a few questions that we have concerning this:

- Can we allow read access, but not write access?  For example if a vendor send me information on a USB flash drive can I view contents, but not write to it?
- What about mice, keyboards, printers, etc.  Is it an all or nothing deal to block? 
- Can we allow certain USB flash/jump drives? (Company Approved)  

In the city A I have a SEPM. In others cities I have about 17000 SEP clients. Recently, I've installed in the city B about 300 SEP clients with their own LU Server.

After that, the network has been saturated because the SEP clients of the city B are consulting continually the SEPM in the city A. How can resolve this problem?