Scans and Client

November 2, 2018, 9:10 am

≫ Next: Quarantine Non-Compliant Endpoints using ITMS and SEP

≪ Previous: Desktop Email Encryption with Godaddy Mail Service

I do not need a solution (just sharing information)

So we've been using endpoint for over ten years now. For the past ten years the settings have been set to not allow the user to open the client and also for scans run in the management console to run silently on the client PC. For some reason now the standard user can go into the start menu and open the client and when I push out a scan to the PC it pops up on their computer. I can't find where these settings are on the manager and I don't remember where they were when we originally set this up. We are at the newest version of manager and client. Basically what I want is that when the user clicks on the endpoint shortcut it gives them a message saying only and admin can open it (not exact wording) and that when I push a scan out it doesn't pop up on their computer. Any help would be appreciated.

↧

Quarantine Non-Compliant Endpoints using ITMS and SEP

November 2, 2018, 10:15 am

≫ Next: Automated Vulnerability Remediation Using ITMS and Control Compliance Suite Vulnerability Manager

≪ Previous: Scans and Client

One of the innovative new features in Symantec IT Management Suite 8.5 allows you to block endpoints from the network that have failed a compliance scan through direct integration with SEP to help prevent the spread of endpoint vulnerabilities such as WannaCry.

To learn more about this:

Download the slides attached to this article
Watch video on this topic from our Technical Workshop (coming soon!)

Learn more about IT Management Suite 8.5

Download the slides and watch videos of the other sessions from our Technical Workshop in Chicago!

Endpoint Quarantine Using ITMS and SEP.pdf

network_switch

↧

Automated Vulnerability Remediation Using ITMS and Control Compliance Suite Vulnerability Manager

November 2, 2018, 10:30 am

≫ Next: Modern UI Workspaces in Symantec IT Management Suite 8.5

≪ Previous: Quarantine Non-Compliant Endpoints using ITMS and SEP

Another powerful innovation introduced in IT Management Suite 8.5 is the ability to automate the remediation of vulnerabilities using Symantec Control Compliance Suite Vulnerability Manager (CCSVM) and IT Management Suite together. CCSVM scans for vulnerabilities in your environment and the results are imported into IT Management Suite, which then kicks off the delivery of patches to the endpoints that need to be remediated. You can automate the delivery of these patches such as those considered critical or high risk.

To learn more about this:

Download the slides attached to this article
Watch video on this topic from our Technical Workshop (coming soon!)

Learn more about IT Management Suite 8.5

Download the slides and watch videos of the other sessions from our Technical Workshop in Chicago!

Automated Vulnerability Remedation Using ITMS and CCSVM.pdf

↧

Modern UI Workspaces in Symantec IT Management Suite 8.5

November 2, 2018, 10:40 am

≫ Next: Ghost Solution Suite 3.3 - New Web Console

≪ Previous: Automated Vulnerability Remediation Using ITMS and Control Compliance Suite Vulnerability Manager

Symantec IT Management Suite 8.5 introduces a new, modern UI for performing common daily tasks designed for simplicity and speed, allowing technicians with little or no experience to utilize the power of ITMS without special training. The Modern UI workspaces complement the full console and are simple to use with built-in wizards for common tasks such as delivering software.

To learn more about this:

Download the slides attached to this article
Watch video on this topic from our Technical Workshop (coming soon!)

Learn more about IT Management Suite 8.5

Download the slides and watch videos of the other sessions from our Technical Workshop in Chicago!

Modern UI Workspaces.pdf

↧

Ghost Solution Suite 3.3 - New Web Console

November 2, 2018, 10:56 am

≫ Next: Setting Up and Using the New Software Portal in Symantec IT Management Suite

≪ Previous: Modern UI Workspaces in Symantec IT Management Suite 8.5

Ghost Solution Suite 3.3 has a new web-based console designed specifically for technicians with minimal experience. It complements the full console and is simple to use with built-in wizards for common tasks such as Windows 10 migration and deploying images.

Using the wizards takes what can be complex processes and changes them into simple step-by-step flows that will make even the newest admin feel like a pro.

With the web console, frequently run jobs can be delegated to frontline technicians to optimize resources and reduce costs.

To learn more about this:

Download the slides attached to this article
Watch video on this topic from our Technical Workshop (coming soon!)

Learn more about Ghost Solution Suite 3.3

Download the slides and watch videos of the other sessions from our Technical Workshop in Chicago!

GSS 3.3_launch_v3.pdf

↧

Setting Up and Using the New Software Portal in Symantec IT Management Suite

November 2, 2018, 10:59 am

≫ Next: Symantec IT Management Suite 8.5 Architecture Best Practices

≪ Previous: Ghost Solution Suite 3.3 - New Web Console

Symantec IT Management Suite features a revamped software portal providing an “app store like” user experience for requesting and installing software with little or no administrator involvement. The software portal can be customized with your logo and brand and is accessible across all browsers. The software portal helps reduce help desk calls related to software requests by simplifying the process of delivering and installing software in a way that most users have grown accustomed to on their mobile devices. Access to the software portal is automatically installed on your client computers for convenient access with the Symantec management agent.

To learn more about this:

Download the slides attached to this article
Watch video on this topic from our Technical Workshop (coming soon!)

Learn more about IT Management Suite 8.5

Download the slides and watch videos of the other sessions from our Technical Workshop in Chicago!

Software Portal Setup and Use Cases.pdf

↧

Symantec IT Management Suite 8.5 Architecture Best Practices

November 2, 2018, 11:04 am

≫ Next: Symantec IT Management Suite 8.5 Troubleshooting

≪ Previous: Setting Up and Using the New Software Portal in Symantec IT Management Suite

Best practices for setting up your IT Management Suite architecture as covered in our Technical Workshop in Chicago.

To learn more about this:

Download the slides attached to this article
Watch video on this topic from our Technical Workshop (coming soon!)

Learn more about IT Management Suite 8.5

Download the slides and watch videos of the other sessions from our Technical Workshop in Chicago!

ITMS Architecture Best Practices & Review.pdf

↧

Symantec IT Management Suite 8.5 Troubleshooting

November 2, 2018, 11:12 am

≫ Next: ServiceDesk 8.5 custom data in incident ruleset

≪ Previous: Symantec IT Management Suite 8.5 Architecture Best Practices

Session from our Technical Workshop in Chicago discussing tips for troubleshooting with IT Management Suite.

To learn more about this:

Download the slides attached to this article
Watch video on this topic from our Technical Workshop (coming soon!)

Learn more about IT Management Suite 8.5

Download the slides and watch videos of the other sessions from our Technical Workshop in Chicago!

Diagnosing and Troubleshooting ITMS.pdf

↧

ServiceDesk 8.5 custom data in incident ruleset

November 2, 2018, 11:34 am

≫ Next: Exceptions for Veeam

≪ Previous: Symantec IT Management Suite 8.5 Troubleshooting

I need a solution

Hi,

I have an issue adding custom data to the incident rules within 8.5.

I'm using this article to add the custom integration library: https://www.symantec.com/connect/articles/how-add-custom-data-existing-processes-incident-management-change-management-etc

After uploading the integration library the logs fill with: Error Multiple Automation Libraries declare the Service ID INCIDENT-MGMT

Has the process changed for adding custom data or am I doing something wrong? This was working on 8.1

Cheers,

Rufus

↧

Exceptions for Veeam

November 2, 2018, 11:46 am

≫ Next: 8.1 Failure updating to RU7

≪ Previous: ServiceDesk 8.5 custom data in incident ruleset

I need a solution

Hello,

I need to do a exceptions form Veeam with Sep 14 and I have a doud about how to exclude this:

Folder on Guest OS for VSS:

C:\Windows\VeeamVssSupport
C:\Windows\VeeamLogShipper
\Device\HarddiskVolume*

Its possible to exclude \Device\HarddiskVolume* ?

↧

8.1 Failure updating to RU7

November 2, 2018, 8:52 pm

≫ Next: [Virus Help] Kept Having conhost.exe Detection From Different Locations

≪ Previous: Exceptions for Veeam

I need a solution

Good evening!

I am preparing to install updates to my existing 8.1 RU5 installtion in preparation for upgrading to 8.5.

The updates finished, but I had an error.

A critical error occurred:

Product failed to install. See log for details.

Configuration failed while attempting: Configure Symantec Virtual Machine Management 8.1 RU7...

Has anyone seen anything similar?

↧

[Virus Help] Kept Having conhost.exe Detection From Different Locations

November 2, 2018, 11:20 pm

≫ Next: Moving a NS 7.1 from one domain to another

≪ Previous: 8.1 Failure updating to RU7

I need a solution

Recently I've been getting repeated SONAR risk detections from SEP about conhost.exe, Risk type Trojan.Gen.2/SONAR.MalTraffic!gen1. The locations change with every detection as well, at first they come from c:\program files\system updates\windows driver system update\conhost.exe, then it started popping up from c:\programdata\performance tool\, which is really weird. Everytime I restart the trojan comes back, but full scans didn't reveal any problem.

For some reason, I couldn't run SEP in Safe Mode with Networking, the services are stopped and cannot be manually started. I've also been having problems with Symantec Network Access Control not running on start up despite tamper control turned on and the service's property set to automatic.

I restarted my computer just now and I'm staring at a fresh conhost.exe sitting in the performance tools folder, which I know isn't where conhost.exe is supposed to be, but for some reason running a scan on the folder returned nothing.

I am running SEP 14.0 MP1 build 2332 on my personal computer, hopefully I'm in the right place to ask this kind of question.

↧

Moving a NS 7.1 from one domain to another

November 3, 2018, 12:19 pm

≫ Next: Monitoring File Changes

≪ Previous: [Virus Help] Kept Having conhost.exe Detection From Different Locations

I need a solution

Good day!
Colleagues, tell me, please, what steps need to be performed when transferring a server (NS 7.1) from one domain to another.
What features need to be considered?

I will be glad to any instructions and recommendations.

↧

Monitoring File Changes

November 4, 2018, 10:31 pm

≫ Next: Unable to add new ICAP server.

≪ Previous: Moving a NS 7.1 from one domain to another

I need a solution

I have a requirement to try and monitor changes to a file. The file in this instance is the "HOSTS" file for any machine on the network (this is c:\windows\system2\drivers\etc\hosts). This is to simulate a bad actor modifying a HOSTS file to redirect traffic elsewhere. Symantec A&DC has a pre-built rule that works fine if the file is done from the local machine. As I discovered today if a bad actor modified a file from a remote location (for example accessing the UNC path of a device on the network) this doesn't work. Is there a way to detect this? It seems a little short sighted to monitor a file but not being able to monitor the file if the change was done remotely. To illustrate this point a bit clearer

Workstation 1 has a monitored file (HOSTS) ==> Local Admin logged into (or running administratively) on Workstation 1 and modifies HOSTS file ==> SEP A&DC will detect and log this event

Workstation 1 has a monitor file (HOSTS) ==> Administrator on Workstation X or Server X (using administrator privileges accesses UNC path of Workstation 1 and modifies HOSTS file ==> SEP A&DC does not detect or log this event.

Is this something that is able to be worked around or should this be configured through something like File Integrity?

↧

Unable to add new ICAP server.

November 4, 2018, 11:19 pm

≫ Next: DLP Storage: Scan MS SQL database failed

≪ Previous: Monitoring File Changes

I need a solution

Hi Team,

We are having trouble to adding new ICAP session on the ProxySG. We could not get config from the new ICAP server after clicking “Sense settings”.

Please find the attached Error whicle click sense setting.

Thanks,

Ram.

ICAP-Error.JPG

↧

DLP Storage: Scan MS SQL database failed

November 5, 2018, 12:09 am

≫ Next: SEPM 14 RU2 MP1 reports wrong data from Reports -> Computer Status report

≪ Previous: Unable to add new ICAP server.

I need a solution

Error as below:

Failed to read sqlserver://IP:1433/DLP_Poc;instance=hostname; error: Unable to create a database connection: Unable to create connection: jdbc:jtds:sqlserver://IP:1433/DLP_Poc;instance=hostname Reason: Login failed for user 'hostname\Administrator'..

What id/access do DLP actually need to scan a database?

We've tried to adjust the syntax @ credentials....but keep failed... hmm

↧

SEPM 14 RU2 MP1 reports wrong data from Reports -> Computer Status report

November 5, 2018, 1:05 am

≫ Next: Fail to call web interface by url ( not found task server )

≪ Previous: DLP Storage: Scan MS SQL database failed

I need a solution

Hi All,

Just FYI

There is again issue with the Computer status report in SEPM 14 RU2 MP1 as we had in previous SEP 14 release:

https://www.symantec.com/connect/forums/scheduled-...

It is the same story, the machines which are showing 0 under Sequence number in Computer Status log are not appearing in the Computer Status report.

@ Symantec - any news? Are you aware of this? Should we use the same workaround as before with the replacement of the php file?

↧

Fail to call web interface by url ( not found task server )

November 5, 2018, 2:09 am

≫ Next: iPXE slow on Lenovo X270

≪ Previous: SEPM 14 RU2 MP1 reports wrong data from Reports -> Computer Status report

I need a solution

I installed the Symantec Management Console(windows server 2008 R2), and downloaded the agent installation file from the console and installed the agent on virtual machine. (windows 8)

However, I did not have a software update plug-in installed on the symantec management agent ui, so I tried to insstall it using the policy.

However, the agent does not communicate withe the server.

<event date='11/05/2018 18:24:13.2300000 +09:00' severity='2' hostName='symantec' source='Client Task Agent' module='client task agent.dll' process='AeXNSAgent.exe' pid='2956' thread='2804' tickCount='5221977'>
<![CDATA[Failed to call web interface by url [http://<system_name>:80/Altiris/ClientTaskServer/Register.aspx?lastResort=true&resourceGuid=25fdf4e2-70c2-40a3-8be2-e7e57bf57480&crc=0008000100001609], error [0x80072AF9, no such host is known.].]]>
</event>

...

...

It looks like it could not even find a server. Am I right?

And there is another questionable part.

When called the web interface by url, I thought could be accessed it by ip address, but it accessed the system name.

And I don't know why 401 error also comes out..

Please help me..

↧

iPXE slow on Lenovo X270

November 5, 2018, 2:54 am

≫ Next: Dial up modem problem

≪ Previous: Fail to call web interface by url ( not found task server )

I need a solution

Hi All

Is there any that have the same issue that Lenovo ThinkPad x270 is very slow to download PXE image via iPXE.

Is there a wat to add/Change drivers in iPXE?

Kind Regds

Steen

↧

Dial up modem problem

November 3, 2018, 10:00 pm

≫ Next: Management Center With Hyper-v

≪ Previous: iPXE slow on Lenovo X270

I need a solution

Hi everyone I have sep on windows7 and i use dial up modem. But modem is disable and never enable when click anable button in device manager setting. This problem is in windows services but i can not fix it. Please help me.

↧